Talkin' Bout [Infosec] News | FCC Blocks Foreign-Made Routers

This episode covers the FCC’s move to restrict or ban certain foreign-made networking equipment—especially routers tied to Chinese manufacturers—highlighting the potential cybersecurity risks, supply chain implications, and how the rule could affect ISPs and consumers. The hosts also discuss broader concerns around hardware trust, existing infrastructure, and what qualifies as “approved” devices under FCC guidelines, along with a brief, lighter mention of a viral robot incident making the rounds online.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Robot Handlers
(05:11) - FCC Blocks Foreign-Made Routers – 2026-03-30
(06:44) - Story # 1: FCC moves to block new foreign-made routers
(17:00) - Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers
(20:07) - Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops
(24:18) - Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
(27:49) - Story # 4b: TeamPCP Supply Chain Campaign
(42:45) - Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies
(45:51) - Story # 6: Anthropic readies Mythos model with high cybersecurity risk
(57:31) - Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web
(01:02:24) - Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It
(01:04:03) - Securing the Cloud: Foundations by Andrew Krug
(01:04:47) - Incident Response Simplified by Patterson Cake

News Links
Story # 1: FCC moves to block new foreign-made routers
Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers
Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops
Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
Story # 4b: TeamPCP Supply Chain Campaign
Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies
Story # 6: Anthropic readies Mythos model with high cybersecurity risk
Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web
Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It

Securing the Cloud: Foundations by Andrew Krug
Incident Response Simplified by Patterson Cake

Click here to watch this episode on YouTube.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Host

Bronwen Aker

Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.

Host

Corey Ham

Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.

Host

Ralph May

Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.

Host

Wade Wells

Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events

Guest

Andrew Krug

Andrew Krug is a Security Geek specializing in Cloud and Identity and Access Management. Andrew brings 15 years experience at the intersection of security, education, and systems administration. As a fierce advocate for Open Source and founder of ThreatResponse tool suite, Andrew has helped inspire the landscape around forensics and incident response in the Cloud. Andrew has been a presenter at a variety of conferences, publishing papers with BlackHat USA, DerbyCon, and many more.

Guest

Andy Pettit "Nerf"

Andy Pettit is a cybersecurity practitioner and lifelong builder with a hacker’s mindset, driven by deep curiosity and a desire to understand how systems truly work. He began coding in C at age 12 building custom MUDs and has been pulling systems apart ever since, focusing on gaps between design and real-world behavior. Andy brings a whole-business perspective from over a decade as managing partner of Clown Shoe Motorsports, shaping his views on risk, reliability, cost, and people. He volunteers with Black Hills Information Security and Antisyphon Training as a Nerd Herder and is a top 5% MetaCTF competitor, endurance racer, and HPDE instructor with NASA Texas Region.

Guest

Patterson Cake

Producer

Ryan Poirier

Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET

Andy Pettit (Nerf): 00:01

What what percentage of people even buy a router? Z like, minority, 25%. Eight per no. That's way too high. That's way too high.

Corey Ham: 00:10

90 might be closer.

Andy Pettit (Nerf): 00:12

Yeah. Like Well, it just wraps up ISP. Yeah.

Ralph May: 00:16

Yeah. What are the ISPs? Like that.

Corey Ham: 00:19

But all those are banned too, by the way.

Andy Pettit (Nerf): 00:21

So Well, only new versions. So really the ISPs can just be like, oh, sorry. We can't give you a newer one here. Have another one

Ralph May: 00:28

Well, they haven't given new ones in years anyways. This

Wade Wells: 00:33

one's only got doesn't even have four gigahertz on it or five.

Andy Pettit (Nerf): 00:38

But yeah. So it's all of they can't import, like, new new. They just can't do new models, like new versions.

Corey Ham: 00:44

Yeah. Let's hope Xfinity or Comcast has a back stock of 600,000 routers that they now get to burn through over the next

Ralph May: 00:52

ten years.

Andy Pettit (Nerf): 00:53

But they I mean, they can keep buying the ones that they're already getting is what I'm saying.

Corey Ham: 00:56

Oh, they can't?

Andy Pettit (Nerf): 00:57

Yes, they can.

Corey Ham: 00:58

Only if they won't

Andy Pettit (Nerf): 01:00

It's not new production. It's new models.

Ralph May: 01:03

Yeah. So they actually Well,

Wade Wells: 01:04

let's not talk about articles when we're live. Right. Right. Banter. Gosh.

Wade Wells: 01:08

All of you. It's like your children never podcast before.

Corey Ham: 01:13

Sorry. I'm sorry, guys. I took last week off, so I forgot everything I know about podcasting.

Ralph May: 01:17

That's all. It's okay. You knew something about podcasting? Apparently not. I'm not Does that have any better news article today?

Ralph May: 01:29

I thought we were all

Corey Ham: 01:30

rookies here. There's not a chicken news article, is there?

Wade Wells: 01:33

No. There isn't. Someone's trolling me and put something in there.

Corey Ham: 01:38

Made you click.

Bronwen Aker: 01:39

Something's in there, and it's definitely not chicken related, and there's no attempt to pretend it's chicken related.

Corey Ham: 01:45

How did we end up with a article from brobible.com that has a video of a robot slapping a kid in the face.

Bronwen Aker: 01:54

Wait. What?

Wade Wells: 01:55

What is that? And everything else.

Bronwen Aker: 01:58

How did I miss that?

Corey Ham: 01:59

We're gonna skip that one on The Real News, but it's it's an article, I guess.

Wade Wells: 02:05

It's definitely worth mentioning.

Corey Ham: 02:07

Is it though? Because it's just a robot trying to dance and then some stupid kid gets in the way. It's not the robot's fault.

Wade Wells: 02:14

No. I just meant like right now. That's it.

Corey Ham: 02:16

Right now.

Andy Pettit (Nerf): 02:17

Yeah. The video is pretty great.

Corey Ham: 02:19

The video

Andy Pettit (Nerf): 02:20

is love the video. I I recommend it.

Wade Wells: 02:22

There's another robot.

Corey Ham: 02:24

It's clearly accidental. I'm sorry. I'm gonna link to bro bible. I I don't know about bro bible. I do not endorse this website at in any way shape or form.

Corey Ham: 02:34

I don't know where this falls in the political spectrum or if it's just a malware site. I'm sorry.

Wade Wells: 02:40

This is

Andy Pettit (Nerf): 02:41

My favorite part is the guy with, like, the herding stick. That a robot? Yeah. Like, one of these, you know, robot handlers, and he's just got, like, a big stick that is clearly there to, you know, hit or poke the robot in case, I don't know, hits a kid or something.

Corey Ham: 02:57

It's like one of those high voltage electricity hooks for like when people are flipping big switches and it like has you know, just like grab someone and pull them.

Wade Wells: 03:04

He he throws it up and it immediately moves away from the stick. So they've obviously done some training on stick based discipline.

Corey Ham: 03:12

Carrot carrot and stick based.

Wade Wells: 03:14

Negative one negative one point to stick stick scene.

Bronwen Aker: 03:17

Now we're not only gonna have robots and AIs, like, doing things to sabotage their their programmers or handlers. Now they're gonna be programmed to be afraid of sticks? Oh, that's not gonna end well.

Wade Wells: 03:34

That's the perfect thing. We've programmed them now to be scared of sticks. We'll be fine. That's it.

Bronwen Aker: 03:39

Right? Long before they turn those against us? Come on.

Wade Wells: 03:42

Roboapocalypse, you just run into the forest. Movies. You're good. It's like it's it'll be similar to, like, vampires or, like, stakes but sticks.

Andy Pettit (Nerf): 03:52

I mean, of the things that robots could turn against us, I feel like sticks is the least harmful.

Wade Wells: 04:00

I guess it depends on how big the stick is and what the stick is made of.

Ralph May: 04:03

Yeah. Maybe they make it into a sphere.

Wade Wells: 04:06

A neutron stick that blows the sun up.

Andy Pettit (Nerf): 04:09

That kid should've just got out of the way. He he saw it coming. He literally did he see it coming? I don't know if he saw that coming. He saw it coming.

Andy Pettit (Nerf): 04:17

Look. Look. Look. He's like, oh, no. Boom.

Andy Pettit (Nerf): 04:21

I feel bad for laughing.

Corey Ham: 04:23

Nah. Kids what is it? What is the subreddit? Kids falling over or whatever? It's one of the best ones.

Corey Ham: 04:29

Alright.

Bronwen Aker: 04:29

Yeah. I'm I'm sorry. I've been just as discombobulated and accidentally hit people. I'm not buying it.

Corey Ham: 04:37

Really? Was anyone there with a stick?

Bronwen Aker: 04:41

Well, the human had the stick.

Wade Wells: 04:44

So at your like dance recital, someone was carrying a stick just like the guy in the video. Just like

Bronwen Aker: 04:50

Dude, wasn't a dance recital. It was one hell of a party though.

Wade Wells: 04:55

Oh, was it was one of those weddings,

Corey Ham: 05:00

Alright. Let's roll the finger. Let's do this.

Andy Pettit (Nerf): 05:02

Alright. Here we go. Maybe. Here we go. Oh, sorry.

Andy Pettit (Nerf): 05:05

I was I was typing. Excuse me. Here we go.

Corey Ham: 05:08

Sorry. No typing allowed during the show. One. Hello, and welcome to Black Hills Information Security's talkin' about news. It's 03/30/2026.

Corey Ham: 05:34

We're here on Zoom. I'm scared. I know I wasn't here last week. Everyone switched to Zoom while I was gone. This is some kind of elaborate April fool's day prank two weeks in advance as far as I'm concerned.

Ralph May: 05:43

You gotta start early.

Corey Ham: 05:45

You gotta start early these days. How's it going, everyone? We got Ralph, the cofounder of US based routers for what would it be? Routers for Ragers? I don't know what it what would

Bronwen Aker: 05:56

your company name be? Routers.

Ralph May: 05:58

Routers for Rooters? Routers for Rooters. Yeah.

Corey Ham: 06:02

We got Wade who just came back from paternity and is growing his mustache out again. It's gonna

Wade Wells: 06:07

be Takes takes three weeks to grow mustache everyone. Just for me. That's that's the That's

Corey Ham: 06:12

good to know.

Wade Wells: 06:12

Right.

Corey Ham: 06:13

We got Bronwen who is coming to us from debatably the only approved router that you can use in The US now. We got Andy who's wearing his record shirt. We got Patterson, our own incident responder ready ready for us to get breached live on the show and respond to it, hopefully.

Ralph May: 06:33

Wow. That would be interesting.

Corey Ham: 06:35

And then we got Andrew here to talk about his supply chain experience. I hope we'll put him on the spot.

Ralph May: 06:45

Alright.

Corey Ham: 06:45

I feel like the first thing we should probably dive into is the whole router ban thing. There's like 10 articles about this. So There's kind of

Ralph May: 06:53

a lot of articles.

Corey Ham: 06:54

Yeah. So basically for those out of the loop, the FCC, our favorite net neutrality eraser people have updated their covered list, which I don't really know what the covered list is. From what I understand, it's essentially a list of authorized devices that can't be authorized? Like, what does anyone know what the covered list actually is? No.

Corey Ham: 07:19

I didn't I didn't

Ralph May: 07:20

see the

Bronwen Aker: 07:21

covered list. According to the fcc.gov website, the FCC is going to work with public safety and homeland security to publish a list of equipment and services covered that are deemed to pose unacceptable risk to the national security of The United States. So, supposedly, the covered list is the list of bad routers or other devices.

Corey Ham: 07:52

Right. And the thing is they

Bronwen Aker: 07:54

It sounds like they're still figuring out which specific names are gonna go on the covered list.

Corey Ham: 07:58

No. No. So this is what happened. Today or on March 23, they added all consumer grade routers produced in foreign countries to the covered list. So basically, if your router has any components that were manufactured overseas, if the router itself manufactured overseas or it was produced in a foreign country, it's not covered or it's on the covered list, which means it's not allowed to be used.

Corey Ham: 08:23

It's It's not allowed to receive FCC approval, which means it can't be used because FCC is the people who regulate what can wirelessly transmit.

Ralph May: 08:33

They can get a conditional approval from the Department of War or Department of Homeland Security. So it's more political grandstand

Corey Ham: 08:42

Oh, similar to what we saw with Anthropic where now every company has to bend the knee to whoever is in charge.

Bronwen Aker: 08:49

Mhmm. Is this another tweet first, lawyers later routine?

Ralph May: 08:53

I think so. I I

Corey Ham: 08:55

don't know. I honestly don't really see what the point of this is. Like, if we're okay. So the details aside and and for those that are curious, yes, there are no routers that meet this criteria currently. You could argue a Starlink does vaguely meet the criteria because it's manufactured in The US, but the the wireless components of Starlink are manufactured overseas.

Corey Ham: 09:13

So it's like might meet the criteria, might not. The obviously, it doesn't cover existing routers. So in like, your router that you're using right now isn't covered. Like, that's still allowed. It's grandfathered in.

Corey Ham: 09:26

And existing, like, retail stock is also grandfathered in. So at the very least, we know people replace their routers all the time. Not not really. They probably never replace their routers. And so this, like, probably won't have any real effect in the next three to five years or probably won't have any effect now.

Corey Ham: 09:44

Most companies will apply for exemptions and there's a lot of back stock. Arguably, it's probably an okay move. Although, it is worth noting that the previous compromise we've seen of network devices by Volt Typhoon have not been of overseas routers. They've been of NETGEAR and Cisco routers.

Ralph May: 10:01

Well, weren't the most popular ones too, especially like the

Corey Ham: 10:05

Yeah.

Ralph May: 10:06

You know, the Fortinet the Fortinet's with, like, the 55,000 CBEs they've had in, like, the last three days. I mean, I'm being hyper verbal, but, you know,

Corey Ham: 10:14

like Yeah. Ralph, a 100%

Andy Pettit (Nerf): 10:16

only applies to consumer electronics. So Fortinet being enterprise, I think, would be exempt.

Ralph May: 10:22

They shouldn't.

Corey Ham: 10:24

Yeah. Well I don't I

Andy Pettit (Nerf): 10:25

don't think this goes into, like, the secure when I first read this article or or heard of this, I was like, you know, oh, well, good. Maybe they'll do something. Like, maybe they will actually enforce some kind of product security on this stuff. But it doesn't look like that's what's happening.

Ralph May: 10:40

No. This has nothing to do with security though. That's the thing.

Corey Ham: 10:42

You know? That No. Years ago though, SZA told everyone to rewrite everything in Rust. So that should have solved security a while ago, but somehow it didn't. Right.

Corey Ham: 10:51

I mean, basically, this is creating this is like a solution looking for a problem. Because if we're talking about real world we're talking about real world hacking of routers, it's just stuff that's outdated, and this honestly encourages people to run their existing outdated routers for even longer than they normally would. Yeah. And there is no maybe there's gonna be some company that stands up specifically to make this exist, but having some friends in the semiconductor industry, you don't just spin up a fab in a weekend. Like, that that takes decades.

Corey Ham: 11:27

You can't just be like, oh, yeah. We can manufacture things here now because we have a three d printer and a dream. Like, it it's a huge effort. So we'll see how this goes. I'm guessing every company just applies for an exemption and then

Andy Pettit (Nerf): 11:40

Corey, what if you have a three d printer, a dream, and AI?

Corey Ham: 11:45

It might be possible to make a You could make a router shaped object. I will say ironically, we were talking about this before the show, wired isn't covered. So you could still run your, you know, toilet paper link wired router.

Bronwen Aker: 12:01

Doesn't seem to have an exclusion on wired versus wireless.

Corey Ham: 12:05

Well, that's easy right now.

Bronwen Aker: 12:09

It says flat out. I mean, they they quote, volt flax, salt typhoon, cyberattacks, and they basically say that routers from other countries are not considered trustworthy.

Ralph May: 12:23

What what if you take Right. The computer.

Andy Pettit (Nerf): 12:25

Aren't they aren't they doing this via the the radio frequency certification process? Like, that's what the FCC is using for their enforcement. So if you have Yeah. I don't know what the scope is. Wireless, then I don't think it would apply.

Ralph May: 12:40

I I think FCC does other kinds of certifications outside of just wireless devices.

Bronwen Aker: 12:44

They do.

Ralph May: 12:44

I I I think Communications covers wired and wireless. Yeah.

Corey Ham: 12:49

Yeah. Okay. So it says here the definition of router's router, it's NIST internal report eight four two five a, which is the most government sounding thing ever, which defines routers as consumer grade networking devices that are primarily intended for residential use and can be installed by a consumer. It doesn't differentiate between wired and wireless.

Ralph May: 13:08

So So the wireless and wired aside. Here's my hacker brain. I'm like, well, I'll just get a computer, maybe like a Raspberry Pi or some other device that has two ethernet ports, tons of those, and I'll turn it into a router. Right?

Corey Ham: 13:20

Correct. Also, by the way, the only real carrot and stick that they have is FCC approval, which I'm sure I bet money you can go on Alibaba right now and buy a non FCC approved wireless router. I mean, I know you can buy a Baofeng. Right? Like, it's the same thing.

Corey Ham: 13:35

And then with

Ralph May: 13:36

and with with AI now, you could probably start your own router company. I'm not saying you should, and I'm also not saying it wouldn't take a little bit of work. But my last, like, cautionary tale about three d printing and having AI write all your code is you still have to make a board. Right? And those all come from China.

Ralph May: 13:56

There there's only, like, two fabs that really make most of this electronics, and all of that is in China. You can, as an individual, you can buy from maybe one there's one fab in The US, and it's, like, 10 times the price of the Chinese competition. And the Chinese fabs are better at developing, like, electronics board, whatever you want.

Wade Wells: 14:21

So Ralph, you haven't got the ad for that three d printer micro board thing. I keep getting ads for it. It's like, oh, print your own boards. And I'm like, oh, it's only $8? Like, oh, that's that's and maybe I should.

Ralph May: 14:34

But For somebody for somebody who's done board production at scale, it's definitely something you wanna hand off to somebody who can build tons of them at scale and has the parts to do that. You know, building, like, one off or two off or, like, three things, that's, like, okay. But if you wanna build hundreds or thousands of these things, you're you're definitely gonna wanna send that to a a batch.

Corey Ham: 14:53

By the way, as Ralph already said, your your pick and place your pick and place machine at home is still picking and placing chips that are made overseas. That's the bigger problem. You need the actual microprocessor that is made in The US to hit the criteria for this. So basically, it's just another day where the government drops a big turd in the punch bowl and we're all gonna have to figure out what happens. Classic.

Andrew Krug: 15:17

Yeah. I would I would predict we're gonna green check mark this. Like, they're gonna announce this, and then as the vendor in a foreign country, you're going to be able to buy a green check mark that you've gone through a compliance process in The US. That's where effectively, like, tariff on cybersecurity or routers. Yeah.

Corey Ham: 15:36

Yeah. I could see it. I could see it. Verified on

Bronwen Aker: 15:39

basically, it's more grift.

Corey Ham: 15:41

I just Sorry.

Ralph May: 15:42

All all I could think about was Ubiquiti and that you're they're a US company, but all their gear is not made in The US. Right?

Corey Ham: 15:50

I mean, dude, that's true for Cisco and Netgear and every other US company. Right? Right.

Ralph May: 15:56

Yeah. No. It's so it's yeah. Let's just let's just put it at that. Everything's already made in China or some other so Vietnam.

Ralph May: 16:03

Also, there's other places that do have some electronics. But, yeah, it's all getting imported in.

Corey Ham: 16:09

Do you all or here?

Andy Pettit (Nerf): 16:10

If your cell phone can be a hotspot, is it technically a router?

Corey Ham: 16:13

Oh. Yes. It is. It's definitely manufactured overseas. Whoopsie.

Ralph May: 16:17

China's the only one producing these suckers.

Corey Ham: 16:20

Yeah. So while we're here in networking device corner, There's been a couple back doors in wait. What why is there an article? Someone someone fished me with an article in this in the news for this week that's from 2018. Whoever you are, you suck.

Corey Ham: 16:42

Whoever you are, I don't like you, you suck.

Ralph May: 16:46

I don't like you.

Corey Ham: 16:48

So let's not talk about an article from 2018.

Ralph May: 16:50

I mean, was afro, po.

Corey Ham: 16:52

Are there any other networking I mean, are there any other networking news? I don't think there are.

Ralph May: 17:00

Alright.

Wade Wells: 17:00

We could talk could talk about how people are networking into Kash Patel's email.

Corey Ham: 17:06

Yes. Let's talk about that. What's going on with that? Was his password ILoveTrump?

Ralph May: 17:12

It I mean, I bet you was I bet you was in some list. I bet you was

Corey Ham: 17:16

in It had to be. Yeah. So what's going on here? Cash Patel, the current chief, who is a big fan of from what we understand, a big fan of hockey. He his Gmail was compromised by Iranian hackers.

Corey Ham: 17:29

What like, what is there I guess, there's some leaks. How how bad is this? Like, I'm assuming he's not doing government communications using his Gmail. Right? No.

Corey Ham: 17:39

Whatever.

Wade Wells: 17:39

I didn't see any reports of that, which is also fairly good. Right? Like, it was all personal stuff of him, like, smoking cigars in Cuba, which I was like, alright.

Corey Ham: 17:48

He's Yeah. Going to Who could have predicted this?

Wade Wells: 17:52

Right.

Corey Ham: 17:53

So is that why we let that ship into Cuba?

Ralph May: 17:56

Yeah. Mainly, it's for the cigars.

Corey Ham: 18:00

It's for the cigar. I mean, I I will say, like, honestly, kudos for not leaking your personal stuff into your or your work stuff into your Gmail. Like, that's good good good on him. Yeah.

Ralph May: 18:12

I mean, do you think here's my question. Do you think he had so wait. Hold on. I'm just thinking about this. Isn't two factor kind of enabled on your Google account anyways?

Ralph May: 18:22

So nowadays, if you set up a Google account and you don't go in and, like, turn on those things, if you log in from anywhere that you've never been from before, it usually prompts up to do like an SMS or some other kind of authentication. Right?

Corey Ham: 18:37

It seems like it probably wasn't his primary Gmail, but there is no details in the disclosure of what, like, how they got this information. It appears to be mostly going back from 2010 to 2019. So maybe it was like a secondary Gmail that he hasn't used since 2019 and

Ralph May: 18:54

Is old is it old like Cuban cigar

Corey Ham: 18:57

handle? Handle? Yeah. Yeah. Yeah.

Corey Ham: 18:58

Yeah. It's It's likelikecigarcigarboyboy202019nineteen.@gmail.com

Wade Wells: 19:03

or whatever. These are our these are also state backtackers. Right? So it's not like something on the lower end for them to do whether, like, they send them a fake fake push or something like that.

Ralph May: 19:13

Yeah. No. I mean, I wonder if they did actually interact with him. I guess that's the question I I was really kinda getting at is if, like, he really got duped or if, you know, it was just something as simple as, you know, what do you call it? Dealer.

Ralph May: 19:25

Yeah. Infose dealer.

Corey Ham: 19:27

Yeah. Password stuffing or yeah. I got you. Something like that. I don't know.

Corey Ham: 19:31

I mean, we don't know. There's no information. They basically announced it on their website and didn't provide any specific info. We'll we'll stay stay tuned on this show for, you know, what how it happened if that ever gets published.

Ralph May: 19:45

It probably will never get published just because he's already probably a little upset about the scenarios.

Wade Wells: 19:50

I thought they did publish it. They posted it somewhere so you could download it all.

Corey Ham: 19:53

They know yeah. They published the data, but I'm saying an incident response, like a full I r right now. It got free.

Wade Wells: 20:00

A k

Ralph May: 20:00

I was like, I looked

Wade Wells: 20:01

at so many pictures. I'm

Ralph May: 20:04

You're still scrolling through them. Wow. That's impressive.

Corey Ham: 20:07

So okay. Choose your own adventure. Do we wanna go into trivia stuff, or do we wanna talk about the Fancy Bear stuff? To

Bronwen Aker: 20:14

to we're already talking about Go ahead, Wade.

Wade Wells: 20:18

I was gonna say we're already talking about states state sponsored, but I I

Corey Ham: 20:22

Yeah. Let's go into it. I feel like Patterson will have some interesting knowledge to share on this. So basically, there's an article posted on control alt intel, which I've never heard of. Is this like a Wade Wade and Patterson, is this like a reputable site?

Corey Ham: 20:36

Have you guys ever heard of this?

Wade Wells: 20:39

I've seen them recently, but not long running something like the Differ report. Patterson,

Corey Ham: 20:45

have

Patterson Cake: 20:45

you I'm seen familiar. Alright.

Corey Ham: 20:47

Okay. On March 11, I guess it's also associated with hunt.io, which I've also not really heard of. I don't know if you guys have heard of that. But anyway, there's a opsec fail from a fancy bear Russian state sponsored threat actor that resulted in some exposed open directories, like basically directory indexing, classic, and a ton of information about their targets, their, you know, harvested information, 11,000 emails, credentials, forwarding rules. I guess from a business email compromise perspective, Patterson, is this kinda the like standard that people do?

Corey Ham: 21:26

They're using sieve forwarding rules? Is that like a normal business email compromise, or is this, like, something special to be gained from this write up?

Patterson Cake: 21:38

I am honestly catching up and reading this right now. So, yeah, definitely it it definitely seems a little bit unique to me, at least compared to typical business email compromise. Typical.

Corey Ham: 21:55

Is it also typical for threat actors to just leave open directory indexes

Patterson Cake: 22:01

on their servers? Clearly, depends on the threat actors and what type of router they're using. But yeah.

Corey Ham: 22:09

Nice. Yeah. I think it's probably worth a read. I mean, it's an interesting, you know, interesting concept. I can only imagine I'm assuming an Intel analyst was just digging through stuff and found way more than they ever could have imagined or expected based on an exposed directory index.

Corey Ham: 22:26

Like, that's kind of a gold gold mine.

Wade Wells: 22:30

Dave never heard the term civ forwarding before.

Andy Pettit (Nerf): 22:34

I wonder if that's like the the email server or something?

Wade Wells: 22:37

It says it's some JavaScript that they ran that does a redirect, but I would imagine it still would have to be something in the forwarding rules. Right? Which, like, mo general practice for most organizations is you eliminate all forwarding, email forwarding, just because of this particular situation, and then you only turn it on if someone gets, like, let go, and then the emails from that all emails get forwarded to that user's boss.

Andy Pettit (Nerf): 23:04

If if we wanna talk about, like, normal practices, though, I I think I read in there that, like, half of the accounts that they had creds for that were compromised didn't have any sort of 2FA at all. Just none. So I don't know that we can really fall on standard practices here.

Patterson Cake: 23:23

Well and we should we should comment that that, Wade's suggestion should be best practice for every business. But having worked a couple business email compromises of late, yeah, it's well, it won't surprise any of us that best practices are often not in place, even external forwarding, sadly. But

Corey Ham: 23:43

it looks like SIV is just like an open standard for how to design an email filter, basically. Yeah. RFC five two two eight.

Wade Wells: 23:53

Outlook and Apple Mail.

Corey Ham: 23:55

It looks like pretty much everything every mail server supports it or most do. So yeah. I don't know. Interesting write up. Obviously, we you know, we've seen this before.

Corey Ham: 24:06

The the NSA did this famously. Right? That's where we got all the Shadow Brokers stuff. So this has happened before. It'll probably happen again.

Corey Ham: 24:16

It's pretty spooky.

Bronwen Aker: 24:18

Kind of like what happened with the team PCP thing?

Corey Ham: 24:23

Yeah. Let's talk about that. Sure Andrew has many hot takes on So Team PCP is a recent a recent threat actor. Their main thing is that supply chain compromise of what is it? Trivy or whatever?

Corey Ham: 24:37

Trivy? I don't know.

Bronwen Aker: 24:38

It's lite l l m. L I t e l l m. It's a Lite LLM. Library.

Andy Pettit (Nerf): 24:46

That was one of the knock ons. Trivy was the first was the initial, which is the the open source product from Aqua Security.

Corey Ham: 24:57

Ah, okay. I just got start through this? I'm sure Andrew has, like, a full on long, marketing approved pitch for this so far. You wanna run us through this?

Andrew Krug: 25:08

There's no marketing approved pitch for this because this all actually happened while everybody was at RSA. So, like, that's the other thing about this is, like, all the action on this happened while, like, all the CSOs are somewhere in California at a bunch of parties or something. So, like, the interesting thing is first they compromise Trivy. Right?

Corey Ham: 25:28

And then a software supply chain scanner. Right?

Andrew Krug: 25:31

Trivy is a vulnerability scanner by Aqua Security. And a lot of other security vendors might not admit this, but they probably just take Trivy and embed this in their vulnerability management scanner, and then they provide

Corey Ham: 25:43

Andrew Krug: 25:43

dash around this. So because Trivy is provides a bunch

Andy Pettit (Nerf): 25:47

of integrate this into, like, GitHub actions? That Yeah. Pretty much the only way to do it? Okay.

Andrew Krug: 25:53

So, people put trivia in GitHub actions. They also put it a lot of other places as well. So, like, really, really interesting from a initial compromise perspective. So, like, because Trivia is compromised, we could assume on March 20 when canister worm and GitHub like, other GitHub actions are abused, that is a result of potentially pivoting from Trivia, like, in CI. So most companies, when they saw this, they just completely stopped building everything.

Andrew Krug: 26:22

Right? That's, like, the the initial response wherever you just disable all your runners across, like, GitHub, GitLab, like, whatever your build pipeline is. And then we see the compromise in, OpenVSX on March 23, so four days afterwards. Light LLM, one day after that, and then Telenix, the, package right after that.

Corey Ham: 26:46

So the worm, like, the worm functionality here is just dump your secrets and move on. Right? Like, that's the worming. Like, it's like, give me all the secrets that you can access and and Don't wait. There's more

Andy Pettit (Nerf): 26:58

unless you're from a RAM. It it is it's got, an RMRF built in for anybody that it thinks is Iranian.

Ralph May: 27:09

I gotta change my So what

Corey Ham: 27:12

what this is, like, what I I'm, like, reading between the geo lot like, the geopolitical tea leaves. This is Israel going after Iran through Trivy. They're like, Trivy, Iran's really good at scanning for vulnerabilities, so we'll go after them. Like, I I

Andy Pettit (Nerf): 27:28

I I don't know. I feel like it's gotta just be, you know, some kids, and they thought it'd be funny.

Corey Ham: 27:34

They're like, we read the news.

Wade Wells: 27:36

This has this has more of a shiny hunters thing, like, theme to me. Right? Looking for secrets and then using those secrets to then pivot into a different environment.

Ralph May: 27:46

So where does this Palinex? I saw that on there. Was I looking

Wade Wells: 27:49

Look at look at the link that I provided in our chat. It has a timeline of, like, the different different repos or the different Yeah. All the things that they

Corey Ham: 27:59

It's a lot. Yeah. It's a long chain of exploits for sure.

Wade Wells: 28:03

The three are trivia aqua

Bronwen Aker: 28:05

five ecosystems. Yeah. GitHub actions, Docker Hub, NPM, OpenVSX, and PyPI.

Corey Ham: 28:13

Well, packages on those, not the actual Yeah.

Bronwen Aker: 28:16

Right. What I mean.

Andrew Krug: 28:18

That

Corey Ham: 28:18

This is why nobody can

Bronwen Aker: 28:20

mute and pipe on in that has crossed into those five

Wade Wells: 28:24

ecosystems. We shoulda we shoulda went rust.

Ralph May: 28:28

Yeah. If you guys would have written this in rust, this never woulda happened.

Corey Ham: 28:31

Don't worry though. Every company has they they every company fully understands their CICD pipelines start to finish, and they have software bills and materials so they know exactly what packages are being used exactly where. Right, Andrew?

Ralph May: 28:43

Yes. And and they have

Bronwen Aker: 28:46

an ongoing patch management program.

Andrew Krug: 28:50

There's there's a great rant from the, I think it's, like, one of the founders of ChainGuard, how this just kind of, like, unearthed a whole bunch of things in the GitHub actions ecosystem that we have all thought of as blind spots for, like, the last I don't know how long they've had GitHub actions, but it's been forever. You know? There's just not a lot of visibility into what goes on in a GitHub action when the action is updated. Most people don't do basic things like even pinning GitHub actions to specific hash versions and things like they should be doing. So, like, this is an area that is pretty ripe for some good security hygiene, and hopefully, a few more features that we'll see come out from GitHub that won't be limited to, like, the enterprise tier.

Corey Ham: 29:32

Yeah. I mean, it makes sense. Like, basically, don't use the latest version of whatever thing is is, like, the simplest possible fix here. It's, like, pin your version that you're using. Well, tell me

Ralph May: 29:44

you wanna use the latest version, though, for security?

Andy Pettit (Nerf): 29:46

They replaced all the tags. They they repointed the tags to a different commit. So you'd have to you you you can't just pin by version. You have to pin by commit hash, which I've never heard of before, but apparently, it's a thing.

Andrew Krug: 30:02

Yeah. And this this is one of the things that everybody considers a nightmare scenario. Right? Because you should not be able to go back in time and overwrite a release. Like, releases should be releases, and those should be, immutable as a point in time, and you should not be able to go back and just, like, say, oh, version one zero one now is version one zero one plus, like, a 100 more bytes.

Andrew Krug: 30:27

Like, that just violates the contract. No. No. No. You can do that because it's it's just the way that that Git works and then GitHub doesn't provide any guardrails around how they bundle up the the final artifact as a release, which is a specific to GitHub thing.

Andrew Krug: 30:42

Right? It's not part of Git protocol.

Ralph May: 30:44

Isn't are are those releases tags too, essentially? Right? So they're tagging the release and then putting it into a release package. And then, I mean, you can essentially rerelease the same version package if you want. I mean, I've done it myself.

Ralph May: 30:56

Right? Instead of, like, just continuing to re rev a version up if you're testing, you can just rerelease it.

Andrew Krug: 31:02

Yeah. So tags are part of the the Git standard. What GitHub does is they pull that tag in as metadata of a release. A re releases effectively, in this case, a publicly downloadable file.

Corey Ham: 31:16

It's crazy. This is a really, really interesting compromise and super spooky. I guess, do we have a source? Andy, you mentioned before the show that, like, they have the the implication here is there's so many creds that they don't know what to do with them. Like, they're they're soliciting affiliates.

Andy Pettit (Nerf): 31:33

Where I read it. But, yeah, they were solicited. I I read somewhere or heard on one of the other many podcasts that they were soliciting ransomware affiliates because they

Corey Ham: 31:43

just had too many use these creds or secrets. I mean, it's gonna be secrets. Every sys admin right now is rolling secrets that were impacted by this, and the scope is gonna mad.

Andy Pettit (Nerf): 31:52

Percent of sys admins that were affected by this are rolling secrets, and that's why we're gonna have a problem.

Corey Ham: 31:59

Yeah. I thought it would be funny. You know, this is a more aggressive version, but it'd be funny if, like, instead of doing this, they just had, like the vulnerability scanner just never reports any vulnerabilities. It just, like, siphons them off to this threat group. And it's like, the vulnerabilities go only to us instead of actually, you know, this is a more noisy You're a more noisy man.

Andy Pettit (Nerf): 32:23

There was a there was one other cool thing. Well, I I thought it was kinda cool. The apparently, like, the second version of the Lite LLM package. So, like, they they've already iterated on it. But instead of just having it in Light LLM, they had it write to, like, the the root Python, and it would rerun the compromise package anytime the Python interpreter was activated.

Andy Pettit (Nerf): 32:52

Ugh. So

Corey Ham: 32:53

if if it's me Claude helping me

Andy Pettit (Nerf): 32:57

the system at all.

Corey Ham: 32:58

Yeah. Yeah. Yeah. I mean, that is like, right now, some sources are claiming over 500,000 corporate identities are compromised. There are some secrets were compromised of for 500,000 corporate entities and 300 gigabytes of compressed credentials, which is that's like in post dealer levels of credentials.

Corey Ham: 33:20

That's a lot. Yeah. I mean, watch for like, I guess, Patterson, anyone? Does anyone have tips? Like, what do I do?

Corey Ham: 33:28

Watch for secrets abuse, get my audit logs in order. Like, what what do I do if I'm worried about this?

Wade Wells: 33:34

Right. It's okay. We Cry.

Ralph May: 33:38

This is valid accounts.

Wade Wells: 33:40

Right? Like, valid accounts is probably one of the more harder things to detect. Right? Because they're they're valid credentials. Well, I'm thinking I'm thinking MITRE attacks.

Corey Ham: 33:48

Right? Yeah.

Wade Wells: 33:49

MITRE attacks. So they have a valid account already to your system. So you wanna look for, like, irregular network connections, maybe, like, IPs that are coming out, maybe weird timing. Patterson, you got anything?

Patterson Cake: 34:04

Rotate all the creds. I mean, yeah, let's sorry. Incident response out of an abundance of caution. Change them all. Change them now.

Corey Ham: 34:13

Our cloud will keys. Right? Yeah. Cloud cloud if if you do stuff in GitHub, if you use this tool, any credentials this tool had access to it at in during the last I mean, what? The last week?

Corey Ham: 34:25

It was like If you're I don't know.

Wade Wells: 34:27

If you're in GitHub, just quickly migrate to GitLab real quick, and you'll be fine. Alright? So

Ralph May: 34:33

the other thing that it made me think about is that, like, maybe have a plan for how to quickly rotate your keys without, like, having a pants on fire moment. Right? You know? Because some of these things that it obviously these organizations didn't have control over it. They were kind of a victim of a of a bigger of a bigger play.

Ralph May: 34:48

Of course, right, there's some layers in defense that you could have done, and maybe those are things you should look at as well. But also thinking about quickly being able to rotate your keys and how that works is probably a good play overall so that if this happens in the future, it probably will. Maybe you are affected, maybe you're not, but at least you have a a playbook for how to rotate your keys.

Corey Ham: 35:09

Yeah. And by the way, your developers are putting your keys into LLMs already. I guarantee you. So you should probably be rotating them on a regular basis.

Ralph May: 35:17

Yeah. Just get, like, an automatic rotation system, right, that just freaking rotates these things out all the time or every 30 days. Right? Mean, I they're already moving that with SSL certificates. I mean, they're they were like, you know what?

Ralph May: 35:28

Certificate revocation, it's broken. So guess what? Everyone's gonna get thirty day certificates now, and you just gotta rotate them over over and over again. So.

Corey Ham: 35:36

Yeah. I mean yeah. And also least privilege applies here. Right? If if they compromise the key that can only read an s three bucket, that's better than a key that can write an s three bucket or create a new one or whatever.

Corey Ham: 35:47

So like Sure.

Andy Pettit (Nerf): 35:48

You know.

Corey Ham: 35:48

But it's least privilege on keys and identities and things. I'm sure no one's just using an IAM role that's just like AWS global admin.

Andy Pettit (Nerf): 35:57

No one

Corey Ham: 35:58

would ever do that.

Ralph May: 35:58

No one is doing that. Everyone is doing that, Corey.

Andy Pettit (Nerf): 36:02

Leastprivilege.passwords.text is in that s three bucket.

Ralph May: 36:06

Yes. Yes.

Wade Wells: 36:08

This is why I use canary tokens, right, all

Ralph May: 36:10

over the place. Another good one too. Canary tokens could be useful in this scenario. Right? You might get some hits, especially if you, you know

Andy Pettit (Nerf): 36:18

Now it wouldn't it wouldn't help in this, but what about, like, having a, you know, NPM or PyPI clone on prem that, you know, you're you're lagging yeah. And you're you're lagging behind. Like, has anybody actually set one of those up? Like, in theory, it sounds like a good idea. In practice, it kinda sounds like a nightmare.

Corey Ham: 36:38

There's no I I mean, I I have no idea. That would be a question for Andrew. I I I can't even begin to imagine how that would be set up.

Andy Pettit (Nerf): 36:48

You're muted, Andrew. Andrew.

Ralph May: 36:52

Oh. Uh-oh. Uh-oh.

Corey Ham: 36:54

Maybe just use sign language to explain CIC security. It'll be fine.

Andrew Krug: 37:00

My back? My I'm back.

Corey Ham: 37:02

I'm out there.

Andrew Krug: 37:03

So a lot of people do build the node in the Python proxy. Right? But we also have an open source project that's called supply chain firewall that just wraps the node to Python commands with a bunch of some rep rules that scan for malicious code. And if they detect it, they will block the installation of that, which is I I like that approach versus, like, kind of a, a node proxy approach because oftentimes, as we all know with egress proxies, people find a way around them or stuff sneaks into the environment in other artifact forms. So having the, like, kind of some heuristics for detecting, malicious code, especially in dynamic languages, way better.

Corey Ham: 37:42

Yeah. I mean, there's a it's a good point. Basically, have some heuristic methods running on whatever programs you're using. If you're using programs that are constantly hitting a bunch of heuristic checks, maybe look into that. Right?

Corey Ham: 37:54

Like in this case, if you're looking at the post x that the tools did, they did a lot of memory scraping, you know, reading proc mem. They looked at the metadata service. They looked at a w s dot credentials files, kubernetes configs. Basically, these would hit a lot of yar rules or semgrep rules for like secrets abuse and other like sketchy things. I don't wanna download a tool whether it's been supply chain compromised or not that just looks in all my credentials files.

Ralph May: 38:24

Right? Like probably not

Corey Ham: 38:26

that's not good. Whether it's intentionally malicious or whether it's been supply chained, I still wanna know this tool is looking in all my credential files. Although in this case with trivy, it probably was exempt from a lot of those, you know, because it's supposed to be doing that. Right? That's what its job is is to look for exposed credentials and bad things.

Corey Ham: 38:46

So it's kind

Andy Pettit (Nerf): 38:47

of a perfect storm. It's it's a GitHub action. So like it's not even running in your environment so much. Right?

Corey Ham: 38:54

Well, it depends on how how how you have your runners set up. But yeah. For sure.

Wade Wells: 38:58

I would use I would if I would see it and I had some type of false positives, right, going off on it, I would immediately allow list that not thinking

Corey Ham: 39:09

Because it's a vulnerability scanner. Of course, it's looking in the secrets.

Andrew Krug: 39:12

Yeah. Visibility of GitHub actions is so hard, though. Because, like, if you think about it, if you're building on prem or something with, like, a Jenkins box, you can at least do EBPF, like, for observability. In GitHub actions, we don't really have any way to monitor what's going on inside of the action. It's like a neutral third party and then ship telemetry from that.

Andrew Krug: 39:32

So people have all these hacks, but none of them are good.

Corey Ham: 39:35

So it might be time for GitHub to spin up some more telemetry for actions, it sounds like.

Wade Wells: 39:41

So this is when Andrew pitches his visible actions product right now.

Andrew Krug: 39:45

And It'll be behind a a pay paywall. You know? And and that's the thing that is my big rent is that every cool feature for security, you have to pay for a very expensive tier GitHub just to gain access. So for a long time I don't know. Is it still the case that you have to pay just to get access to org logs?

Wade Wells: 40:05

Does anybody know? They I thought I thought they allow they stopped that. My because there was such a big uproar from the community that they do Microsoft did buy buy them.

Corey Ham: 40:15

Right? Microsoft yeah. Yeah. I was gonna say that's Microsoft's play.

Ralph May: 40:18

That is Microsoft's, like, play. Right?

Corey Ham: 40:20

Yeah. That's their play. Arguably that e nine license. Yeah.

Wade Wells: 40:23

I know I know the GitHub logs too, you get different things where if you run, what, like, integrations with certain tools versus you writing some code to hit the API too. It's a different log set, which is also scary. Right? Because you think you're you have all the logs, and then next thing you know, it's like, oh, no. These logs don't exist in this pipeline.

Wade Wells: 40:44

Corey Ham: 40:44

Well, the okay. So Go ahead.

Andrew Krug: 40:47

In in 2017, when I was at Mozilla, we actually had to write web bots that would, like, log in to GitHub and would pat page through the logs and then scrape them with beautiful soup just to get them into the SIEM because all of our repositories are free repositories. So, like, the I think the thing that I'm I'm trying to say is the open source projects that we depend on the most oftentimes have the lowest level of access to the security tools

Wade Wells: 41:12

Mhmm.

Andrew Krug: 41:12

Because they are free open source tools.

Corey Ham: 41:14

Yeah. Yeah. That's a good point. That's a really good point. I I guess last question I have on this.

Corey Ham: 41:21

Does anyone know who Team PCP is? Do we have any idea who this threat actor is? They just came out of nowhere and said, hey. We just crushed, you know, 500,000 companies overnight while everyone was at RSA. It feels pretty significant, but I guess does anyone have any intel on that?

Corey Ham: 41:38

Do we know who this is? It could be shiny hunters, I guess. But Or wouldn't they just branded a

Wade Wells: 41:43

shiny hunters? My feeling, but also only CSOs go to RSA. Right? Like, the people in the trenches were

Ralph May: 41:47

still Only CSOs.

Wade Wells: 41:48

We're still we're still at work. The real people doing the analysts, freaking out the alerts, very little of them get the privilege to go spend a very expensive hotel and to sit in a TSA line and hope your flight hopefully, you get your flight soon enough.

Corey Ham: 42:03

So no one knows who this is or what nation state they're affiliated with, if any. They're just it's the next lapses, I guess. I don't know.

Wade Wells: 42:11

You can also tell that I'm a little I didn't go to TSR or RSA.

Ralph May: 42:15

No. The result Do you wanna go?

Wade Wells: 42:17

Maybe maybe. No one asked me. No.

Ralph May: 42:19

I mean, I wouldn't mind going to the parties, but I don't know about, like, the conversation.

Wade Wells: 42:24

I wanna go win a Switch two at a booth or something like that, you know, like

Ralph May: 42:28

Switch two.

Corey Ham: 42:30

For the price of one night in San Francisco hotel.

Ralph May: 42:33

San Francisco hotel, you get, like, three Switches, dude.

Corey Ham: 42:36

You can get a Switch two for it. You can just expense a switch too for supply chain reasons. It's fine.

Ralph May: 42:42

Yes.

Corey Ham: 42:42

Alright. Let's move on. What's next? You wanna talk about Florida? Yeah.

Wade Wells: 42:48

Let's talk about Florida because Ralph and What?

Corey Ham: 42:50

Ralph's here. And because like

Wade Wells: 42:52

Ralph and I have been in in this exact spot together.

Corey Ham: 42:56

Oh, yeah. Us about the Space Coast.

Wade Wells: 42:57

The Space Coast. Right? Space Coast. Right? When I look at this, I think of, like, Hack Space Con.

Wade Wells: 43:02

That that was that was my first thing. That that's why. But pretty much, this article is just describing how the Space Coast Of Florida, right, all of where Blue Origin, SpaceX, NASA, all just have a bunch of top name scientists and has become a hotbed for espionage, both Chinese and Russian.

Corey Ham: 43:22

So what are they doing? Just driving around war driving, looking for people's Wi Fi passwords?

Wade Wells: 43:26

It's like next level going after people too. Sit in bars, getting people drunk, trying to get people to to talk about secrets. The old ways. Of one of the interesting is they're using real estate as a weapon. So federal authorities are tracking suspicious property buyers, right, in order to find sensitive sites.

Wade Wells: 43:45

They're finding the local governments or Russian or Chinese actually buying property around the base is one of the ways they're doing it. There's also a couple influence campaigns that have been discovered down there. So if you ever want to date a spy, go buy go down to Florida or So maybe

Corey Ham: 44:01

where exactly can you get in the world of Florida? What where is this? This is the like, give me a

Ralph May: 44:07

geographical It's called Canaveral. It's on the Okay. Pacific.

Bronwen Aker: 44:12

Atlantic.

Wade Wells: 44:14

Right? The the South or no. The, yeah, the Southeast Tampa, Florida?

Ralph May: 44:20

It's close to it's on the other other other coast. Right? Middle of middle of the state, near Orlando, probably about an hour and a half.

Corey Ham: 44:27

So So if you live in the Space Coast and you've recently made a new friend who's way out of your league. It might be time to it might be time to question question

Ralph May: 44:40

their intentions. Speaking speaking of the Space Coast, they're gonna be launching the Armenis.

Wade Wells: 44:46

Wednesday. Right?

Ralph May: 44:47

Wednesday. Yeah. So we're going back to the moon. Way to

Corey Ham: 44:51

leak the launch date to the foreign enemy.

Wade Wells: 44:54

I know. A little bumpy.

Bronwen Aker: 44:55

In May, we've got SpaceTechCon.

Ralph May: 44:58

Hack space.

Wade Wells: 44:59

Hack space. Space. Space. Space.

Corey Ham: 45:00

Space I like space can we go can we go back to Spacehat? I like SpacehatCon. I know you said hack, but I like Spacehat.

Wade Wells: 45:09

Hack spacecon is a good conference. Like, one of the few conferences I've been multiple times on the East Coast and, like, highly recommend it. One of the more cool one of the more interesting talks I heard there was a dude talking about all the satellite hacks and how you don't hear about anything because the government doesn't want you to know how many satellites have been hacked. That is

Corey Ham: 45:26

Don't worry. All those satellites are FCC compliant to the latest standards. It's fine.

Ralph May: 45:31

They've all

Bronwen Aker: 45:32

been It should be fun. One of one of my to do list items when I go to hack space con will be to get chatted up by a spy.

Ralph May: 45:43

Oh, there you go.

Corey Ham: 45:44

Wade Wells: 45:44

My goal every year is just to see Ralph. You know?

Corey Ham: 45:47

Oh, that's a really good goal. You gotta see Ralph. Yeah. So while we're on the topic of AI that I just started, Anthropic came up with these cool. Accidentally released these mythos models, maybe?

Ralph May: 46:02

They did accidentally release it. They left an open database of sorts. Right? Yeah.

Corey Ham: 46:07

It's like they like leaked unintentionally. Their CMS left 3,000 unpublished assets in a data store.

Ralph May: 46:15

Why did they have so many articles pre written? I mean like are they like

Corey Ham: 46:18

Why AI? Nature?

Wade Wells: 46:19

All AI. Never mind.

Ralph May: 46:21

Alright. Fine. Alright. Fine. You know what?

Ralph May: 46:23

I deserve that. You're correct.

Corey Ham: 46:24

Yeah. So basically, this is I don't know. It's kinda cool. Like, I don't know. The claim is March 2026.

Corey Ham: 46:34

They just released Opus

Ralph May: 46:35

I know. Two months ago. Read all into this because I'm like, I'm all deep into like the next drug addiction. But so

Corey Ham: 46:45

Ralph's like, give me give me some more extra usage. I need some more extra usage.

Wade Wells: 46:50

More tokens. More tokens.

Bronwen Aker: 46:51

People are starting to ask in job interviews, can I get paid in tokens?

Ralph May: 46:55

Oh my god. No. So alright. Here's the wild part. So, again, let let me be crystal clear.

Ralph May: 47:00

This is all claims probably written by AI. Okay? But and every time they say it's the best and the fastest and all this other stuff. Okay? So, like, let let me get it will clear the air.

Ralph May: 47:12

But so the we the the alright. The most interesting part of this article, specifically to our audience, is that what Anthropic was saying in the article in their blog post was that they wanted more time for people to research how these new models would affect cybersecurity. Specifically, they are afraid that these models will be so good at attacking. They want other organizations to be able to implement AI for defense. Right?

Ralph May: 47:42

The argument being that if AI is or if there this model is very fast at creating novel, especially, or just generic attacks, then it's faster if it's faster than a human, then it's one of those arms race where you need AI to defend, if that makes sense.

Corey Ham: 48:01

Right? And by the way, that ship has already is sailing right now. Like, right now, we are burning massive stacks of cash to try to use AI to attack our customers, and every other threat actor is doing the same thing. Like like last week, we spent and I'm not these are real numbers. We spent $4,000 on Amazon Bedrock trying to find a zero a critical vulnerability, and we actually did get one for a customer.

Corey Ham: 48:26

And and, basically, I told the person who burned that money. I was like, I would pay $4,000 for a critical vulnerability in one of our customers every day of the week. Like, so it is definitely a thing. Like, we are I am very nervous with new models, the impact they can generate, and this is currently the arms race is like, who has the most tokens to throw at attacking entity a, b, or c? Yeah.

Wade Wells: 48:51

Wasn't there a recent article? So I got sent an article talking about it, but I don't even know where it was from. But there was a talk at someone Anthropic that was running Claude finding zero day vulnerability live at a conference.

Ralph May: 49:03

That also did happen. Yes.

Wade Wells: 49:06

Alright? Which man. Yeah. Like Yeah.

Corey Ham: 49:09

Yeah. It's it's definitely I mean, it really is. It's the new like, that I mean, it's just the new thing that people are doing. I will say looking at the like, this is a template page, and I know there's template content. But it says here, Ralph, as with all of our models, we have tested Claude with those on a wide variety of safety and capability evaluation.

Corey Ham: 49:27

So it's fine. Don't worry

Ralph May: 49:28

about it. Fine. Yeah. No. It's it's super interesting.

Ralph May: 49:32

So, like, the one thing that a lot of researchers have kind of put into place is that anytime you can get a known output and you give enough credits at these models, you can get to the to the if it knows what the answer is supposed to be, it it can pretty much get its way there. Right? Yes. That's why benchmarks always keep adjusting. They're like, well, no.

Ralph May: 49:56

We have a new benchmark because they crushed the last one, and now we have a new one in whatever category it is. It could be in code. It could be in, you know, college math or what whatever it is. Right? So they have to keep adjusting it.

Ralph May: 50:07

And what what they're finding is that anytime you can get an output that it can search for, that it usually will start to make their make the answer or find the answer in a certain amount of time, enough credits, you know, so on and so forth. And, you know, as they get better, regretfully, you know, when Apple gets on stage and goes, this is the fastest processor ever. You're like, cool. I didn't need it to be faster. But when they say this is the most intelligent AI ever, it it does more matters.

Ralph May: 50:33

It matters more.

Corey Ham: 50:35

Yes. No. A 100%.

Wade Wells: 50:37

Yeah. I will say I did I'd ran, like, two very very large queries and completely ran out of tokens last night. And I did the Ralph and I was like, fuck it. I'm upgrading. Like, I I threw money at it.

Wade Wells: 50:49

Like, give me the next tier, more tokens.

Corey Ham: 50:50

There you go. Dude, the last last week of having double usage on Anthropic, like, I I I don't know if I can go back, guys. Did

Andy Pettit (Nerf): 50:59

did you go the five x or 20 x, Wade?

Ralph May: 51:02

I'm not you know what?

Wade Wells: 51:03

I probably can go the 20 x with

Ralph May: 51:05

Just go just go the

Wade Wells: 51:06

two I went five.

Ralph May: 51:08

Just go to $200 and just let it go because Bro,

Corey Ham: 51:11

I went

Andy Pettit (Nerf): 51:11

I went pro to 20. I was just like, I mean, five times as much money for five times as much usage. I mean And then for only double that, I another

Wade Wells: 51:21

four or five times. Times usage, I'll upgrade again. We'll see. We'll see. I'm not made of money over here.

Ralph May: 51:26

I'm not made of money over here.

Wade Wells: 51:28

I'm not using it for I am not really using it for business stuff. This is me, like, building my app. Like

Corey Ham: 51:34

I will say, though, I I do think, like, we talked about GitHub and open source, and now we're talking about AI, and I wanna bring it back to open source. I do think that they Anthropic or, you know, whatever, they're kind of the leader right now, but any other AI model producer, they should have a free or low cost option for people to use AI tools to attack their own open source projects and find vulnerabilities in them. Like, just like GitHub for these high, you know, high importance open source projects like Trivy, they should be providing enterprise level, you know, logging in capabilities for them. Anthropic or other other companies should be providing open source software developers with the ability to assess their own tools using Claude or using whatever models. Like, talk about how what you should do before you release the latest model.

Corey Ham: 52:28

Give early access to open source developers so they can find and fix the vulnerabilities in their stuff before it goes public and some random bug bounty hunter does it. My hot take. I don't know if anyone's gonna disagree with me.

Andy Pettit (Nerf): 52:41

I think both of the frontier labs have kind of been doing that. So Claude had whatever their security thing was, and then open I OpenAI had Aardvark. And I believe that they were they weren't publishing everything, but they were going through and testing a lot of this on open source things and finding it and, you know, doing responsible disclosure with them beforehand. And I know Google's doing it through through DeepMind as well. So, I mean, they they're not just giving they're not just giving it to open source devs and saying, hey.

Andy Pettit (Nerf): 53:13

You can use it. But they're doing something. Like, they're contributing.

Corey Ham: 53:17

Yeah. I mean, at the very least, it's just something that we need to be aware of is that as these tools get more advanced that production are gonna use them, we should beat them to the punch if it's a matter of dollars. Like, I would donate a, you know, pile of tokens to for someone to go look at, you know, an open source tool and find vulnerabilities. That that's like easy money to spend versus doing this huge incident response because it had a vulnerability and I'm dependent on it. So basically, if you're a company who used an open source tool, throw it through your throw it through your AI, burn some tokens on it, and report the vulnerability to the developer.

Ralph May: 53:52

Honestly, what we what I do with my own software, I have a pipeline that runs every week that will run through a whole essentially prompt to look for security issues. Right? And then makes issues related to those. And if they've already been addressed or moved, then it just it just keep on going. So you can build that into your own into own setup.

Ralph May: 54:12

Yeah. It does take tokens, though, back to Corey's point.

Corey Ham: 54:15

Yeah. And if you're wondering why we're all fiending for Claude tokens, the biggest reason why is because they have a million context length. Yeah. That's why that's what makes Opus so killer. That million context length means you can go significantly further and deeper than you could with a two fifty k or a smaller context.

Corey Ham: 54:32

That's just

Andy Pettit (Nerf): 54:33

Well, and it's Opus. I mean, Gemini

Wade Wells: 54:36

had Yeah.

Bronwen Aker: 54:36

It is Opus.

Andy Pettit (Nerf): 54:37

1,000,000 context, and I was still using Claude.

Wade Wells: 54:41

Yeah. I I have a good so I was playing I've been playing around with Cloud Code for the past five weeks. Like, that's all I've been doing.

Ralph May: 54:48

He's he's on the drug. He's

Corey Ham: 54:50

straight up.

Ralph May: 54:50

Completely. Completely. They're restraining on be able to get on. Yeah.

Wade Wells: 54:53

But the amount of utilities that it has that are similar to RMM tools is semi scary. So if I were to keep several remote remote control sessions open on different servers throughout my enterprise, right, and then I get, like, hacked. That pretty much just completely bypasses whatever security you had between that end user and the servers. I'm waiting for something to use that mechanism, and I think it'll be really interesting.

Corey Ham: 55:27

Yeah. Right now Yeah. Yeah. It makes sense. I mean, dude, even now we're building, like, MCP c twos in house.

Corey Ham: 55:33

Yeah. That like, you know, it's a it's a thing for sure.

Ralph May: 55:36

I put together a

Corey Ham: 55:37

c two

Ralph May: 55:37

with one passport. Works great. Did you do I was gonna ask, did

Wade Wells: 55:40

you do it? Did you do it? Send it to me, please.

Ralph May: 55:43

It works. No. You did. Yes.

Wade Wells: 55:45

He did. Yes. I agree. Corey wasn't on the news last week. We were talking about c twos, and I've been saying I wanted to build one for a while.

Ralph May: 55:51

That's amazing. Very fast, but it it is efficient.

Corey Ham: 55:55

That's awesome.

Wade Wells: 55:56

Please send it.

Bronwen Aker: 55:56

Efficient is good.

Corey Ham: 55:58

Yeah. There's Ralph's talk at hack space code.

Bronwen Aker: 56:00

There we go.

Ralph May: 56:01

I hacked your password manager, and I don't know the key.

Andrew Krug: 56:08

Has anybody tried Claude Cowork, like the new Claude Code Dispatch Hunter, which requires you to disable pretty much every single security control on a MacBook?

Corey Ham: 56:19

It's like Claude wants access to the outlets.

Bronwen Aker: 56:21

Without disabling security controls on Windows.

Corey Ham: 56:24

Cloud wants to access your files. Cloud wants to access no. Absolute I mean, yes, but no. Yes.

Ralph May: 56:30

You know what? Ask so many questions, and I just turn them all off. Just say, you

Corey Ham: 56:33

know Always allow. What could go wrong?

Ralph May: 56:37

What could go wrong? I'm good for this.

Wade Wells: 56:39

I did that, and it it did a git push that I wasn't expecting. I'm like, wait. Wait. What's going on?

Ralph May: 56:45

That that was an article a couple weeks ago, or maybe it should have been. Yeah. Was should have been. Yeah. I do.

Ralph May: 56:50

Okay. Yeah.

Corey Ham: 56:51

We were just talking about heuristics, you know, like Andrew was bringing up, like, oh, you can have a heuristic tool that analyzes your the software you're running. I think it's funny that Claude, the code that it writes oftentimes, it'll say, you should review this because it looks like obfuscated code. Like, it it'll write a Python, like, a Python one liner, and it'll put it in quotes. It'll be like, hey. This looks like obfuscated code.

Corey Ham: 57:15

Warning. Are you sure you wanna run this? And it's like, you wrote this, dude. Like, you should write code that you don't think is obfuscated. Right?

Ralph May: 57:24

That was my cousin. You closed the window. I'm a new

Corey Ham: 57:30

It's like

Bronwen Aker: 57:31

Speaking of MCP, did you guys catch the fact that Google has shipped web MCP?

Corey Ham: 57:38

No. Did you

Bronwen Aker: 57:39

see that article?

Corey Ham: 57:40

What is this? Please. Yeah. Scare me. Well, okay.

Bronwen Aker: 57:43

So MCP is a protocol for working with agents.

Wade Wells: 57:49

Mhmm.

Bronwen Aker: 57:49

And Google has apparently shipped through Chrome one forty six Canary a new protocol that allows websites to expose structured functions directly to AI agents.

Ralph May: 58:07

So the I like this.

Corey Ham: 58:09

So that this as a concept?

Ralph May: 58:11

The the idea being that if you want to browse a website, traditionally, you would have to read the DOM and then execute the page in the Yes. In the screen,

Andrew Krug: 58:21

the code. Click.

Ralph May: 58:22

The code. The the JavaScript, the HTML, that's all for us. That's not for the computer. Right? Yeah.

Ralph May: 58:28

Yeah. That's for the MCP, if I'm correct, is to make it easier for the AI agent to browse. Right?

Bronwen Aker: 58:34

Well, here's the really twisted thing, though. So now they've they've shipped this web MCP that allows this new interaction directly machine to machine between the agents. But they've also just patented a tool where you can basically, if your website website is coming up in searches, but their analytics decide that it doesn't have enough content, they'll have AI rewrite your website on the fly and that's what they present to the client.

Corey Ham: 59:12

Basically, you're talking about an an AI generated parking page. They pat they patented this. This is not a tech release. But basically, it's an AI generated parking page that will just make up whatever it thinks the person searching for the page was trying to get to.

Wade Wells: 59:27

It sounds like a fishing dream.

Bronwen Aker: 59:28

The the combination is just nuts.

Corey Ham: 59:32

The new four zero four page is an AI generated version of the page you were trying to reach.

Bronwen Aker: 59:38

Yeah. If for some reason Google's AI decides that you didn't put enough content or the right content or, you know, you're not gonna get any any click throughs on this, it'll redesign what it presents as if it in presented on your behalf.

Corey Ham: 59:53

I'm glad that we're ratcheting up AI gaslighting us to one new level. That's great.

Andy Pettit (Nerf): 59:59

So here's here's the question though. Does this make malvertising better or worse?

Andrew Krug: 01:00:04

That's a

Corey Ham: 01:00:05

really good question. Makes typosquatting worse, but it it also makes typosquatting better at the same time.

Andy Pettit (Nerf): 01:00:11

I mean, does it

Bronwen Aker: 01:00:12

make Depends on whether the AI removes the malicious code embedded in the websites websites or whether it's going to propagate it.

Corey Ham: 01:00:22

Yeah. I don't know. I mean, it it to be clear, it will depend on the implementation. This is just a patent. This is just, you know Yep.

Corey Ham: 01:00:31

Them cornering a part of the Internet. But it makes sense. Also, think that, you know, to go back to the MCP thing, I think this is just developers, especially front end developers, are sick of having watching the logs of like, using Claude CoWork when I was using it I okay. So my use case was I was trying to get it to read comments on a website about a trip I was trying to go on and read all the people's trip reports and be like, is it a good idea to go to this place at this time or is it gonna be closed or whatever. And it took Claude, like, I'm gonna say twenty minutes to read all the comments.

Corey Ham: 01:01:06

Like, it was like, okay. I found the div. Okay. I found an iframe inside the div. Oh, no.

Corey Ham: 01:01:11

There's a paywall. What do I do? Oh, no. I have to click the x. Oh, no.

Ralph May: 01:01:15

I signed you up for a subscription. You owe $20.

Corey Ham: 01:01:18

It it was so painful. And of course, the worst part is you can watch Claude. Like, you can watch its browser window, and I'm like, dude, this is worse than the one I worked tech support in college. And I would watch a professor. I'd be like, okay.

Corey Ham: 01:01:30

Click on the start menu, and it's like three minutes, and they're like, which one is that? I'm like, bottom left. Like, dude, I watching we need a better solution than watching Claude, like, sloppily click through a website and try to find iframes and bypass paywalls and stuff.

Bronwen Aker: 01:01:47

Claude or Gemini because you can use Gemini in the browser, or you can load the Claude extension to get agentic in the browser now.

Wade Wells: 01:01:56

Yeah. Yeah. I think

Corey Ham: 01:01:57

if if it if it

Andrew Krug: 01:01:58

can't figure out what to do, it actually will just take a screenshot of the page, and then it will start to

Bronwen Aker: 01:02:02

screenshot, see our

Andrew Krug: 01:02:04

which just chews through a ton of tokens.

Corey Ham: 01:02:07

Correct.

Ralph May: 01:02:08

Like, that's

Corey Ham: 01:02:08

what it did.

Andrew Krug: 01:02:09

You're lighting your tokens on fire.

Corey Ham: 01:02:12

Yes. That is exactly what it did. It it did screenshot it OCR, and then it had the entire web page in every response. And so, yes, it burned through all my usage. Yep.

Ralph May: 01:02:19

And this is why RAM is so expensive, everybody. Just to let you know.

Andy Pettit (Nerf): 01:02:23

What? No.

Wade Wells: 01:02:24

RAM prices are going down. You didn't see that article?

Corey Ham: 01:02:27

What's up? Will say it's worth it. I I it was so funny having AI be like, oh, no. Evan got lost on his way to the restaurant. And I was like, I don't know.

Corey Ham: 01:02:36

I'm not invested in this at all, but it's like AI is, like, in-depth researching all these people and telling me what their trip experience was. So silly.

Andy Pettit (Nerf): 01:02:46

See? I I found a receipt earlier today. I bought a 128 gigs of RAM and a four terabyte hard drive, like, almost exactly a year ago. It was $560. I went on Micro Center's website, pulled up the same stuff today, 1,700.

Ralph May: 01:03:01

Yeah. So that that the this article that you just posted was about the the drop in memory prices. And this was actually to one other notable thing. This is not necessarily security related, but Google's new quad or turbo quad int or whatever you wanna call it. Like, it's essentially a compression algorithm for AI.

Ralph May: 01:03:21

Right? And so the argument is here, like, putting Google's compression algorithm aside and whether it actually succeeds or not is that if they change how the models are actually used and they're able to enable a lot more compression, then you could see a radical price shift and drop. But it's probably not gonna be as much as you think because all these people ordered all this stuff in these data centers are still gonna get built out, which is what we're seeing in our in that whole supply chain.

Corey Ham: 01:03:46

Yeah. Alright. There's no there's no chicken news this week. Does anyone have any final articles before we end the show? Any last last thoughts?

Corey Ham: 01:03:55

Last feelings?

Andrew Krug: 01:03:59

Yeah. The I think some of us have classes coming up.

Corey Ham: 01:04:03

Yeah. Let's plug. Let's do some plugs. Plug it. Who's teaching?

Corey Ham: 01:04:06

When are they teaching? Andrew, you go first because it's yeah. I don't know. Ryan should bring up some little graphics and things, but go ahead.

Andrew Krug: 01:04:14

Yeah. April, securing the cloud, which has a ton of AI based content. If you wanna hear my spicy take, which is that MCP is already dead, and we'll be talking about something different, like, two months from now.

Ralph May: 01:04:28

Spicy. You can hear it in my class.

Andrew Krug: 01:04:31

I may have to

Corey Ham: 01:04:32

Patterson Cake: 01:04:33

Now I have

Corey Ham: 01:04:34

to have my AI go and then summarize the entire thing.

Ralph May: 01:04:36

I'm actually getting my AI to find your class right now.

Corey Ham: 01:04:42

Alright. By the the

Andrew Krug: 01:04:43

day, dispatch might be done.

Corey Ham: 01:04:46

Patterson, do you have a course coming up?

Patterson Cake: 01:04:48

I I have a course coming up on Friday, this Friday. Yeah. And so when all of these things go horribly wrong, you're gonna wanna come to this class. Oh.

Ralph May: 01:04:58

So then

Patterson Cake: 01:04:59

you know what to do next.

Corey Ham: 01:05:01

Yeah. I mean this I mean with all this trivia stuff with all like oh my goodness. There's so many IR scenarios to get into.

Patterson Cake: 01:05:09

It's crazy. Here I'm here for you. Dedicated day on Friday.

Corey Ham: 01:05:12

Nice. That's awesome. I like that it's simplified. I need that. I'm with you.

Andy Pettit (Nerf): 01:05:18

And John's got sock course skills, pay what you can starting next Monday.

Corey Ham: 01:05:24

Bring your socks, and they'll be knocked off by John Strand's ranting. Sock off. Anyone else have anything to plug while we're here? Wade, do you wanna plug your mustache oh, no. Beside San Diego's this week.

Corey Ham: 01:05:38

Right? Or

Wade Wells: 01:05:39

We were we sold out tickets. Don't email me, please. There's been so many people.

Corey Ham: 01:05:43

So Wade would like to plug not going to be

Ralph May: 01:05:46

Not going to be asides because everyone else will be there.

Wade Wells: 01:05:49

You can't can you see it? Let's see. Hopefully, nothing. If you move my camera and then this box over here is full of all of the raffle gifts. Extreme

Ralph May: 01:06:00

fun stuff. Nice.

Wade Wells: 01:06:01

There's books. There's dude, Raspberry Pis are expensive nowadays. Like, for a whole kit, it was gnarly. And then portable monitors, Legos, some Game Boy things.

Ralph May: 01:06:11

It's

Wade Wells: 01:06:12

fine. Those should be good times. If you didn't buy a ticket, I'm sorry. But

Corey Ham: 01:06:15

Next year.

Wade Wells: 01:06:16

If you did, come sit Yeah. 600 tickets sold out.

Andrew Krug: 01:06:21

Still tickets for b sides Tampa, which is coming up May 15. You know, there's Okay. Spy stuff in Florida.

Ralph May: 01:06:29

It's actually

Wade Wells: 01:06:30

B sides Tampa is one

Ralph May: 01:06:30

of It's actually a pretty big conference.

Wade Wells: 01:06:32

It is.

Ralph May: 01:06:33

A b of a

Corey Ham: 01:06:34

Russian spy too. It is. Tampa? Weather.

Ralph May: 01:06:38

It's the weather.

Wade Wells: 01:06:39

Florida Florida has really good cons. Like, they have Tampa and or b sides of Tampa and Orlando are both really good. Hack space con's pretty good, and there's a couple others too.

Corey Ham: 01:06:48

Go now before it turns into a swamp. Before hurricane season gets underway and Yeah. That's why

Ralph May: 01:06:54

they do it early. Just, you know, Yeah.

Corey Ham: 01:06:57

I'm sure it's really nice there. Alright. Cool. Well, thanks y'all. Thanks for coming and we'll see you next week.

Corey Ham: 01:07:02

Bye bye.