Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:27
my
0:29
first thousand , one
0:33
sixty nine hi
0:37
my name is series now and joining me
0:39
tonight as always mr
0:41
andrews tell it
0:43
good afternoon or evening or morning as
0:45
a case may be juri i'll reserve i
0:47
am fantastic are you
0:49
i'm good i'm good
0:50
it's so you're going on
0:52
today the some
0:55
we are
0:56
two months left summer
1:00
indeed but duel and
1:03
by fast can't believe it or i just the
1:05
a reminder the thoughts and
1:07
opinions we express on the show or
1:09
hours and do not represent those a of
1:12
our employers and by the way we are not
1:14
despite what some
1:16
marketing firms might want you to believe we are
1:18
not
1:19
who was sitting
1:21
for pay
1:23
yeah
1:24
that was a crazy story that team interested
1:27
them
1:27
the or flags out there are telling people
1:30
that there are certain amount of money that they
1:32
pay they can get them on our show
1:34
that was news to us
1:36
definitely news to us but hey
1:38
look let you know this be honest like
1:40
you come with a big enough check and
1:42
we could time
1:44
the same
1:46
everything in life is negotiable for not
1:48
ashamed to say we can be bought
1:50
that's right
1:51
for it might be expensive might be more than
1:54
the most people are willing to pay but certainly
1:56
not worth it that's for sure but don't yeah definitely
1:58
not worth it
1:59
but there it is
2:02
there's some interesting stories for the
2:04
sydney one quick follow up that i wanted
2:06
to mention from the last either lesser
2:09
than the one before that microsoft
2:11
has a reasonable macroblocking
2:13
so
2:14
they breed re-enabled
2:17
macroblocking
2:17
turn
2:23
off, turn on, zoom that somebody
2:26
maniacal laughing at a conference room
2:29
watch lists i dig the real answers
2:31
they got some feedback and the sperm something
2:33
important somewhere in l a go april back
2:35
on school fix added and roll back out i'm
2:38
quite certain to read about that
2:41
all right so the first
2:43
story or to night comes
2:45
from bleeping computer dot com
2:47
the title is cosmic
2:50
strained you yeah fi mil were found
2:52
in gigabyte
2:54
the aces motherboards we've
2:56
talked a bit about this in
2:58
the past but it is really
3:01
starting to become a thing now
3:03
story here is about a simple
3:05
year old piece of
3:08
mail where the impacts
3:10
motherboards which has been
3:12
seen most recently in an updated
3:14
formed impacting
3:17
apparently still old for motherboards
3:20
it's again we're starting
3:22
to see the worst case scenario here
3:24
because there is no easy
3:26
way who either detect
3:29
or clean a system that has
3:31
been compromised in this way know
3:33
that that particular piece of malware
3:36
here is here is a pretty rudimentary
3:39
what it does is it it uses
3:41
a vicious eight forces the
3:43
forces windows civically the
3:46
tax windows it forces windows into
3:48
a an older model oldest
3:50
older style model in
3:52
it injects kernel modules into
3:55
windows to maintain persistence if
3:58
you read through the article this actually
4:00
i wish i was not
4:02
really where
4:03
there's some significantly more advanced
4:06
this is of you yeah five
4:08
malware that are much much more
4:10
sophisticated they don't rely
4:13
on putting the boot
4:15
process into a legacy mode which
4:17
i presume will be easier to detect
4:19
and and i think maybe with
4:22
like windows eleven it me not
4:25
be possible anymore because i think
4:27
i think some of the new operating systems
4:30
actually rely on secure boot which
4:33
i don't think this the
4:35
specific piece of malware would work with some
4:38
of the others that are described player
4:40
and in the article actually would and
4:42
a again this is a centrist
4:44
thing they talk about
4:46
in from at it though
4:47
referenced articles about how the people
4:50
are realizing that they're in infected
4:52
with is because they're just they
4:54
suddenly see windows accounts created
4:58
and
4:59
re re occurs after a
5:02
fresh fresh reinstall
5:04
though it is again pretty pretty
5:07
much worse case scenario now is very
5:09
much
5:11
the unclear how this is actually happening
5:13
there's no indication of exactly
5:16
what mechanism is
5:18
been used to plant the the malware
5:20
into the motherboard but there's
5:22
and there's some other he
5:25
says of of similar
5:27
malware that are actually known to be
5:29
looking for vulnerabilities and us
5:32
you yeah probably
5:35
not far fetched thought that
5:37
this is also doing that
5:39
i'm not saying it was aliens what
5:42
it was a reads the now
5:44
this is an interesting was we danced around
5:46
this topic before
5:48
that
5:49
the real me detection and defense
5:51
mechanism here is the
5:53
detected downstream impacts of it whether
5:56
that's at the never clear whether that's and
5:58
the behavior of us doing things that should
5:59
do which
6:02
the as heck about the game to play
6:04
because of how still see the adversary
6:07
me want to be or could be
6:09
so it's a tough one i'm certainly
6:12
one of the manufacturers have done
6:14
things to make this harder to pull
6:17
off and harder to to offer a
6:19
different were but was to say the next
6:21
supply chains attack couldn't go after some the
6:23
firmware updates at the factory
6:26
the this the as the exact concerned
6:29
and you're right in this particular case
6:31
in a few like it
6:33
the reason that was detected was because they
6:35
were they were using the you if you
6:37
yeah fi the know
6:39
where to install more traditional
6:42
pay for me pay more traditional persistence
6:45
at the operating system level that
6:47
doesn't necessarily have to be the case
6:50
yeah it does make some sense because i don't think the u
6:52
e of i
6:54
memory space is huge to pry can
6:56
do much of his he'd worked
6:58
there but you can easily plants
7:00
and persistent back to worst that can load
7:02
more sophisticated malware very
7:04
true
7:05
it's interesting and we used to we say what's
7:07
hoses compromise you can never trust the less again
7:10
when you start seeing what's the hoses comprise you
7:12
can never trust the hardware again
7:15
i think in it's current
7:17
the incarnation i think that's becoming
7:20
crew
7:22
i suspected over time the
7:24
the hardware manufacturers are going
7:26
to start having to open things up a bit
7:28
so that they can be wiped her
7:31
or new types of detection and protection
7:33
mechanisms implemented that
7:35
i think is it exists today we
7:38
have very limited abilities to
7:40
every flash the the parts of the
7:42
system that are actually being impacted
7:44
here
7:46
and sixty one scary
7:49
but hopefully not terribly widespread
7:51
pardon me so same emir option is to go to
7:53
plot environment with has to work spaces that awfully
7:56
are susceptible to this is why been rebuilt
7:58
months and week
7:59
that's overkill
8:04
right the second story comes
8:06
offer from bleeping computer him in the title
8:08
here is hackers scan for vulnerabilities
8:11
within fifteen minutes of disclosure
8:14
we know
8:15
for a long time that
8:18
the amount of time from
8:20
winner of vulnerability is announced
8:22
to win
8:24
under active attack has been shrinking for
8:26
long periods time
8:28
this story here is about a
8:30
unit forty two report
8:33
that indicates in in their analysis
8:35
it takes about fifteen minutes on average from
8:38
a software vendor releasing details
8:41
about a vulnerability who
8:44
some number of actors don't
8:46
know that is a malicious or are
8:50
benign scanning the internet looking for those
8:52
on abilities and they point out a couple specific
8:54
examples one of the most recent five
8:57
a guy p vulnerabilities
8:59
and it
9:01
purposes the by the way i should say
9:04
backing up or so note
9:06
that necessarily these adversaries
9:08
are these actors are are exploiting
9:11
within fifteen minutes they're scanning
9:14
looking for systems looking
9:16
to identify systems that are are
9:18
connected to the internet that have that vulnerability
9:22
the and
9:24
power one assumption is that that
9:27
list of the own
9:29
affected systems provides an easy
9:31
said any the set of targets once seat
9:33
the adversaries have a list of
9:36
are you have a means the exploit
9:38
these new vulnerabilities
9:40
it's also interesting to that and deeper
9:42
in the report the talk about
9:45
what is most commonly exploited
9:47
which are things that are also heavily skyn
9:49
forks ah but are very old
9:53
exploits
9:56
so i i think we see a couple things
9:58
we see folks looking for new ones very
9:59
the
10:00
which who knows maybe they could do
10:02
something with it later in or sell access to
10:04
it or whatnot but at the same time will we see most often
10:07
the exploited or relatively
10:10
old patched vulnerabilities
10:13
which makes you wonder in some point
10:15
the
10:16
that patched folks are just on for the hid
10:18
war is there some self selection
10:20
heroes hey if they're not to date and patches
10:22
maybe they've got weaker security overall or
10:24
wheels turning mindset tweeters could investment
10:27
that makes him is that a leading indicator
10:29
the
10:31
the vulnerability overall of an organization
10:33
of them to go after that makes it a safe
10:35
for target
10:36
the tension and you want gaming out some psychology
10:38
or but makes you wonder if not it's
10:41
probably not an unreasonable thought they
10:43
did you point out that the exploitation
10:46
is a means of initial entry is only
10:49
exploitation of suffer vulnerabilities is
10:51
only a little less than a third
10:53
of the initial method of compromise
10:55
to the predominant
10:57
that it still remains fishing
10:59
and i suspect what
11:01
you said a lot of the more interesting companies
11:04
more sophisticated companies are probably
11:06
pretty good it addressing
11:08
most of the older vulnerabilities
11:12
but obviously it's pretty
11:14
pretty pervasive problem i think
11:16
that when you look at something like log for j
11:18
which they said the can is for
11:20
fourteen percent the
11:23
exploited flaws in the first half of twenty
11:25
twenty two that's gonna be here for a long time
11:27
we i think it was said those the
11:30
us department of homeland security recently
11:34
the indicated that they considering
11:36
log for j heard that the like for
11:38
show vulnerability says basically
11:41
endemic they're gonna be here with us for
11:43
a very long time the
11:46
just so many places
11:48
to we don't even realize anymore
11:51
yeah it's interesting idea
11:54
the also wonder about i
11:56
don't have any waited to stop this should
11:58
i think that the few
12:01
wanted to avoid the bad guys
12:03
for scanning for new vulnerabilities you'd have to be more
12:06
secretive about the gonna release are out there and been
12:08
patched and i don't was answers anybody
12:11
well so i think this is one of those the
12:13
negatives the come with the positives of widespread
12:17
notification that
12:20
is and exploits and problems that exist out
12:22
there but certainly we do inform the bad
12:24
guys when we patched us then i
12:26
don't know the move really gonna get away from
12:28
that tickets mourn for the more people be notified
12:31
and aware
12:32
then i don't know that any way you could
12:34
really up he skated couldn't be quickly defeated
12:36
any won't notice that is for sure
12:39
the only time that you really have
12:41
that is that we we see it working i
12:43
think
12:44
the we see it working relatively well
12:47
when
12:48
software manufacturers have an embargo
12:51
and they work with a set of of providers
12:53
and we see the
12:54
quite often and like with club provider
12:57
where they get it out to will idea where you
12:59
know
13:00
intel or microsoft or the
13:02
linux group will release like
13:04
this really gnarly vulnerability in the cloud
13:06
providers will all say today
13:08
and we're already patched and
13:10
in then everybody else's
13:13
is scrambling trying to
13:16
the save themselves
13:18
that's an interesting problem bread
13:20
or interesting
13:22
the the classes i'm around volubly
13:24
disclosure what you've also got
13:26
such concentration of risk and com runners i get
13:28
it and they so far
13:30
have an think leaked and the an adder
13:32
been
13:33
the unreliable in their embargo
13:36
of that information so
13:38
i don't know but it makes me a little leery or
13:40
little uncomfortable
13:42
yeah it's like you said
13:45
i don't think this is emily deceived a
13:47
great answer to this it's to stay at the
13:49
a problem insisted we have in
13:51
the industry
13:52
there enough
13:55
right the were story this was
13:57
one that i had been watching over
13:59
for a kind of
13:59
all over the course of the past
14:02
the two weeks
14:04
there's
14:05
the company in
14:08
india called pay to mall
14:11
i think it's called payton plus
14:13
peyton
14:14
the a y t m
14:16
the and
14:18
very recently a data
14:20
breach had been reported to
14:23
have i been toned
14:25
and another organization called firefox
14:28
monitor picked up the data breach from
14:31
have i been poland the
14:33
and is started warning your customers
14:35
of this paid him mall organization
14:39
paid a mall came out with their their fangs
14:43
we we say no this is a absolutely
14:45
false then at a time
14:47
i remember thinking gosh this is gonna
14:49
be interesting to watch unfold because we
14:51
seen as a lot of times in the past where
14:54
in organization is in denial that they were
14:56
in fact but what
14:59
appears to have happened here is that this
15:01
group is apparently right
15:03
the they were
15:05
hacked or really
15:08
they were it wasn't it wasn't the the result
15:10
of this what apparently happened was
15:13
some some actor in the
15:15
past i guess was movie about
15:17
two years ago apparently
15:19
cobbled together like girls data
15:22
of about three point four billion
15:24
the counts
15:26
and asserted that it was
15:28
from paid more
15:30
then reported it to have i been
15:33
poland to end it was off to the races
15:35
from there and in
15:37
anything it kind of points to some of the challenges
15:40
with
15:40
validating especially when the
15:42
allegedly breach organization isn't necessarily
15:45
super forthcoming by a would imagine
15:48
that it in organizations have i been poland
15:50
has to make some assumptions
15:52
otherwise they're like they're never
15:54
going to that they're never going to assert
15:56
that something is real
15:59
what is their verification requirement
16:02
there and to be be fair have i been
16:04
honed his been excellent
16:05
iran and organization and
16:08
a not disparaging them at all
16:10
trounced and a great job with and then there's
16:12
been very helpful very meaningful so we'll
16:15
things like this happens sometimes i'm sure the bad
16:17
guys like as thin as sounds
16:19
like what can happen here with enough
16:22
veracity to make it seem real
16:25
it it exactly and is good to
16:28
see that through some means obviously
16:30
that that there's no details
16:32
on the back and forth between eight
16:35
a mall and and to have i been
16:37
poland or firefox monitor the
16:40
not say they were able to work it out somehow the
16:42
rebel does it to establish that know intact
16:45
that wasn't then i assume
16:48
that the the legitimately
16:50
come to that conclusion in that wasn't the result of
16:52
crazy amounts of of legal
16:54
threats but how hard is it to prove a negative
16:57
item level of the sun like know we
16:59
really didn't get hacked so bit but at
17:01
the same time i think it is also or
17:04
is also interesting that
17:06
he the mall released a statement
17:08
that said something some effect
17:11
their customer data is absolutely
17:13
safe
17:15
it
17:17
the
17:18
now some is going to to go sir test and that
17:21
yeah i read a lot of somebody
17:23
i bet that
17:26
statement concerned me a little bit because
17:28
at that is asserting things that
17:30
they may not actually
17:32
they may not actually know but but regardless
17:35
it's interesting i have seen in
17:37
i have had personal experience by the way
17:40
the
17:40
malicious actors making
17:43
are unsubstantiated and
17:45
and actually false threats
17:47
ago teenagers do not count in the story
17:49
well this
17:51
true
17:52
they didn't super frustrating by the way
17:54
when that happens because the at the presumption
17:57
in the media these days is that
17:59
for right or wrong
18:01
the the the hackers are
18:04
right that they are they
18:07
whatever they say is correct
18:09
in has been interesting
18:11
hey because well
18:13
there by nature somewhat criminal
18:16
organization
18:17
in were in what will
18:19
typically trusting what they say interesting
18:21
stuff interesting did you think that think large
18:24
measure most of the time it's time
18:26
it's unfortunately there's a
18:28
just a
18:30
significant number of data breaches that
18:32
that happen all the time so
18:36
that saying that we we have to back
18:38
off trusting anything
18:40
like that because we know it's happening it
18:42
isn't interesting nuance
18:45
and i think as time goes on we're going to see
18:47
more of these because as easier if we think about
18:49
it if you're a militia sector looking the
18:51
make a name for yourself the let easier to
18:54
make into unfounded claims that you
18:56
affect somebody
18:57
the actually heck them
18:59
or you just want to disrupt some buddies operations
19:01
are their stock price or whatever exactly
19:03
as he i'd say that we see this
19:05
as well with ransom were realization starting
19:07
to posts to their victims
19:09
are to force them to comply and
19:12
it's not much of a stretch for them to start lying
19:14
about that hundred percent absolutely
19:17
so it's so simple it keeps it interesting
19:19
indeed lead is or that is the show
19:21
for today so little abbreviated
19:24
hope everyone is doing great the
19:26
summer or winter this year
19:29
on the other side of the planet
19:32
if with that we will catch up
19:34
with the next time nanny closing thoughts maybe
19:36
we'll talk about the next time but i was just
19:38
reading an article just before we started recording
19:40
that it wasn't prepared to really talked about buds
19:43
it was about all the hacktivismo it's a going
19:45
on against russia due to the ukraine conflict
19:47
and a massive amounts of data dumps that
19:50
are coming out of it
19:51
and whether or not something interesting or to
19:53
she's in air but the the people who are trying to
19:55
come through it or so overwhelmed by the
19:57
data they don't know what the heavier
19:59
retreating come to that he
20:02
added this i think there's
20:04
i hope i've seen some headlines about that there's
20:06
also been a recent revelation
20:09
that the us federal court
20:11
system was apparently breached
20:13
the u n and not well
20:15
publicized that i'm
20:18
looking do is looking forward to
20:20
how that unfolds and we should by the way because
20:23
if a government agency we should get a lot
20:25
more details about howard
20:27
and in what happened then
20:29
you it what we've talked about in the past
20:31
with regard to some other i
20:34
guess a call activism
20:36
the
20:37
software open source software maintain
20:39
years continuing by the way
20:42
who
20:43
the poison their own works it as
20:45
as part of a protest
20:47
against the a particular the war in ukraine
20:50
more we more to come on those
20:52
topics and will will be looking at that for next
20:55
time
20:56
sounds good to have a great week everybody
20:58
always fun talking tune can freezes
21:00
up on the twitters that lurks
21:03
l year g there is an wishes
21:05
link casually on
21:07
the twitters occasionally
21:11
has turned into a crazy cesspool of
21:13
anger so i limit
21:16
my interaction myself
21:18
i've had to
21:19
for for the sake of mental health i
21:22
said
21:23
who limit my conception of twitter
21:26
yeah it's crazy eyed and absurd to realize that
21:28
your outrageous their business model
21:31
in so
21:32
that doesn't lead to good things as a great
21:34
way to have it like that
21:37
anyway a regular of
21:39
thank you all have a great week see
21:42
below
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More