Talkin' Bout [Infosec] News | Artemis Astronaut's Bad Outlooks

This episode covers several major cybersecurity and tech news stories, including a sophisticated NPM supply chain attack that compromised the widely used Axios library through advanced social engineering, and the broader implications for software security. The hosts also discuss the accidental leak of Anthropic’s Claude codebase, what it reveals about AI development practices, and the risks of misconfigurations exposing sensitive systems. Additional conversation touches on AI reliability, “vibe-coded” software, and the growing role of AI in both development and attack techniques.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Professional Sitters
(04:36) - Artemis Astronaut's Bad Outlooks - 2026-04-06
(07:12) - The Absolute Truths of Cybersecurity with Doc Blackburn
(08:52) - Professionally Evil API Testing: AAA and Keys are Not Just for Cars
(09:35) - Story # 1: Post Mortem: axios npm supply chain compromise
(19:54) - Story # 2: Artemis II astronaut: 'I have two Microsoft Outlooks, and neither one of those are working'
(26:02) - Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
(30:13) - Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
(35:03) - Story # 4b: https://neuromatch.social/@jonny/116325123136895805
(37:57) - Story # 5: Meta freezes AI data work after breach puts training secrets at risk
(41:40) - Story # 6: Possible US Government iPhone Hacking Tool Leaked
(44:32) - Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
(46:58) - Story # 8: vSphere and BRICKSTORM Malware: A Defender's Guide
(52:12) - Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
(01:04:26) - ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course

Links

The Absolute Truths of Cybersecurity with Doc Blackburn
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
Story # 1: Post Mortem: axios npm supply chain compromise
Story # 2: Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’
Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
Story # 4b: https://neuromatch.social/@jonny/116325123136895805
Story # 5: Meta freezes AI data work after breach puts training secrets at risk
Story # 6: Possible US Government iPhone Hacking Tool Leaked
Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
Story # 8: vSphere and BRICKSTORM Malware: A Defender’s Guide
Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course

Click here to watch this episode on YouTube.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Host

Bronwen Aker

Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.

Host

Corey Ham

Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.

Host

Ralph May

Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.

Host

Wade Wells

Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events

Guest

Doc Blackburn

Doc Blackburn is a seasoned (old) cybersecurity instructor with decades of experience in IT, security, and compliance. Over his career, he has worked in many areas of IT, including systems administration, programming, network design, cloud services, web development, and risk management, bringing a broad technical foundation to his teaching. For more than 13 years, Doc has trained students and professionals to understand, implement, and maintain effective security practices, drawing on real-world consulting experience in compliance frameworks such as NIST SP 800-171, CIS Critical Controls, and MITRE ATT&CK. Known for making complex concepts accessible to all audiences, he blends technical depth with practical insights, preparing learners to address today’s evolving cyber threats.

Guest

Jennifer Shannon

Jennifer is a Senior Security Consultant with Secure Ideas with a background in malware analysis, penetration testing, and teaching. She graduated with honors from Florida State College at Jacksonville’s networking program. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration testing and malware analysis. She was quickly promoted into a role that capitalized on her abilities.

Producer

Ryan Poirier

Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET

Ralph May: 00:00

We're professional sitters, so what you sit in matters a lot. That's all.

Wade Wells: 00:04

Yeah. Yep. I have to

Jennifer Shannon: 00:06

feel like a hacker while I'm working, so I Oh.

Corey Ham: 00:09

Okay. That's fair. That is fair. It does look sick. My chair does not look that cool.

Jennifer Shannon: 00:14

Like, hold on. Let turn My

Ralph May: 00:16

chair would come with a headrest too. Had to buy it. It was extra. Oh, yeah.

Corey Ham: 00:19

Yeah. Dude, you don't need a headrest. Work harder. Come on.

Ralph May: 00:22

Work harder. You're right. There's no reason I should be laying back. You'd make a good point.

Wade Wells: 00:26

The the secret lab one's magnetic things, like the magnetic armrest and that, like, I have an older version that doesn't have any of that, so I'm just, like, I'm not strapping it on there. But I literally got Oreo because it covers all sin. Like, you can stain it all you want, and it won't see anything. I, like, pre thought about having kids. So

Jennifer Shannon: 00:43

Oh, well, for these now because that's a concern. I have a cat, so sometimes they decide that they love the chairs more than they love me for scratching. Now they make they're called skins or whatever. They just slip on over it to hide the growth. So once this is all beat and tattered, I do have a different cyberpunk skin.

Corey Ham: 01:05

Can you unlock a new skin for your chair if you get 300 confirmed hacks?

Ralph May: 01:10

Oh, yes. No. You have to totally get row chair bucks or something. Row chair bucks.

Corey Ham: 01:16

My gosh. Click here to install the chair skin program.

Wade Wells: 01:20

You're gonna have to watch this ad for five hours to get one roach in.

Ralph May: 01:23

Or you just let me do that whole malware thing, and we'll call it cool.

Doc Blackburn: 01:29

What is yours in your chair says? Anything about you? I have a La Z Boy. Yeah. When I heard Get Your Words, La Z Boy office chair, I said, that's mine.

Doc Blackburn: 01:40

I must have That's amazing. Yeah. It it oh, and then it is comfy too.

Jennifer Shannon: 01:45

It looks comfy. It is.

Doc Blackburn: 01:48

It's nap time, guys.

Jennifer Shannon: 01:51

Even though I have the I will say one of the good things about this is that, one, if you have any of the secret lab stuff like the standing desk, I really I wanted a secret desk or the the desk.

Corey Ham: 02:01

Secret desk. Now I want it.

Wade Wells: 02:02

Oh, yeah.

Ralph May: 02:03

I mean sound secrety.

Bronwen Aker: 02:04

Send wait. Standing desk or secret desk?

Ralph May: 02:07

It's a I think it's

Wade Wells: 02:07

spelled standing secret.

Ralph May: 02:09

It's a standing standing desk.

Corey Ham: 02:10

It was a Freudian slip. Now it's the secret's out.

Jennifer Shannon: 02:12

Yeah. Oh, no. But it one, the cable management, it has, like, the built in power supply and everything, and it's because I had standing desk

Wade Wells: 03:47

I teach at a college, so that was last week as well. That was the first week. Then last week was also b side San Diego, so it was that. And then coming back, just coming back to work for five weeks is like, everyone shoulder taps you, and it's like, hey. Remember that project?

Wade Wells: 04:03

That thing you did? And I was like, no. No. I just didn't look at emails, didn't look at anything.

Corey Ham: 04:08

All my clawed memory files got deleted. Sorry.

Ralph May: 04:11

Dude. All different, like, time. Done, dude. You're done.

Wade Wells: 04:14

It was it was brutal. It was brutal. Like and then, like, acclimating with two kids and a job is not the funnest thing I thought. And hence, now I have a refrigerator full of energy drinks, and I'm slowly doing it.

Corey Ham: 04:29

Alright. Speaking of fridge full of energy drinks, let's get this show on the road. Show. Roll the finger. We're using Zoom.

Corey Ham: 04:37

It's all scary. It's happening. Hello, and welcome to Black Hills Information Security's Talkin' Bout News. It's Monday, 04/06/2026. April, we're doing the podcast at the normal date and time.

Corey Ham: 05:02

Wait. That's not a very good April fools joke.

Wade Wells: 05:05

Wait.

Corey Ham: 05:05

I'm Corey Ham. I'm here to talk about the news. That's why, hopefully, everyone's here. We've also got Ralph who's here to talk about his chair. We've got Bronwen who's here to use Starlink to harass AI tools and convince them to fix things for her.

Corey Ham: 05:22

We've got Wade who's still still getting to inbox zero after five weeks of paternity leave.

Ralph May: 05:28

Oh, well, you can do it.

Corey Ham: 05:30

You can do it. I believe in you. Inbox zero is a state of mind. Okay? You don't actually you can just right click, mark all as read, and then anything that comes that's really important, it'll come back to you.

Wade Wells: 05:39

It sounds like you knew what I did, so let's just say you The did

Corey Ham: 05:43

boomerang email strategy is totally valid. And then we've also got Doc. Tell introduce yourself, Doc. I feel like I don't know you personally. So you've got a sick, like, lair down there.

Corey Ham: 05:56

It looks like you're in a basement, or you just have brick wall in your house?

Doc Blackburn: 06:00

Oh, I'm in my dungeon. It's it's literally just it's not even a room in the basement under my stairs. It's not even the room past underneath the stairs in my basement. I'm in this tiny little section that's like a room off of a room that's underneath the stairs. And so this for all of those podcasters and such that have their fancy, you know, backgrounds and walls or wallpapers, whatever, this is literally the waterline going into my house.

Corey Ham: 06:39

Well, it looks awesome. So congratulations on your set design skills. It looks great.

Doc Blackburn: 06:46

And so

Corey Ham: 06:47

And I'll

Bronwen Aker: 06:47

go on dressing up a closet.

Corey Ham: 06:49

Yeah. If you wanna you can you can give a quick one liner of yourself if you want. You totally don't have to. It's okay.

Doc Blackburn: 06:55

Oh, one liner? Oh, boy. That's that puts a lot of pressure on me. I don't know I don't know what I'm doing here. You guys just invited me, so I showed up.

Corey Ham: 07:02

Alright. So then the one liner is cat slash Dev slash URandomPipe slash DevSlashNull. What could go wrong?

Doc Blackburn: 07:09

Something like that. Yeah. Okay. Exactly. Perfect.

Doc Blackburn: 07:13

I guess I'm here just simply because for one, I'm here because I've got a an anti cast coming up on Wednesday, so everybody check that out. Hopefully, the link is going up, in just a little bit. The it's about the absolute truths of cybersecurity, and it is for everybody. And when I say everybody, I mean everyone who has an interest in cybersecurity at all from the the noobiest of noobs to the most hardened seasoned professionals. We are going to talk about what is true in cybersecurity, whether you want to avoid it or not, and that's the best way that I can sell that.

Corey Ham: 07:58

That sounds awesome. Yeah. There it is

Doc Blackburn: 08:01

on the screen, if you're interested. Look at that. Oh, when you put up when you put up the timer, that makes me really nervous because it's like, I haven't finished it yet, and I have that

Corey Ham: 08:10

much time to do ready. Yeah. That's how you know it's gonna be good. That's how you know it's gonna be good.

Wade Wells: 08:16

It's gonna be really good. It's gonna be fly for fly from the seat of

Doc Blackburn: 08:19

the pants sort of thing. Love it. I love it. And the other I guess the other reason that I'm here so this is a news newscast. I haven't been keeping up with the news.

Doc Blackburn: 08:30

I don't know what's going on. And so you know those people that will react to different things, like react to music videos and stuff like that online? I get to be the reactor to the news. You guys are going

Jennifer Shannon: 08:42

to announce something. I'm gonna go,

Corey Ham: 08:44

really? Oh my god. Love it. Thank you so much. That was a great introduction.

Corey Ham: 08:51

And then we also have Jennifer. I assume, Jennifer, you you she you've been on the show before, but I'm assuming you also have some up upcoming content of some kind. Maybe a class or a talk or something.

Jennifer Shannon: 09:07

I do. And for the life of me, I'm so sorry. I've been looking everywhere for the calendar invite because since then, we migrated from Gmail to Outlook, and I'm like, I know it's here. I don't remember what day it is. April 14?

Jennifer Shannon: 09:18

Right? Yes. I have a API testing class coming up.

Corey Ham: 09:23

Great. All the keys for my APIs got leaked, so I could probably use that. Alright. So let's get into the news. Let's get some reactions from Doc and everyone else.

Corey Ham: 09:34

Let's go. I think the number one thing that we can kind of update everyone on is this fallout from all the NPM supply chain attacks. That's kinda what Wade was alluding to in the intro. Big one last week was

Ralph May: 09:48

Right. He left.

Corey Ham: 09:50

Yeah. It's like literally like the second we ended the show last week, Axios, which is Axios is the one of the most popular web libraries or web client libraries for JavaScript was compromised. The supply chain attack was they posted a really well written post mortem to their GitHub, which I highly recommend everyone go read. I've linked it in the I'll I'll link it in Discord too. But basically, it's a super advanced the initial access or the initial compromise was very advanced.

Corey Ham: 10:20

Essentially, they contacted this developer and they posed as the founder of a company. They invited that developer to a Slack channel where there was a real appearing to be real communications, and then they offered to have him join a meeting. When he tried to join the meeting, it said that he needed to update his software to join the meeting. That was the initial access page. So he this is super tough because you're in that state where you can be tricked, where, like, you're worried you're trying to join a meeting, you feel like you're late, You're behind.

Corey Ham: 10:56

Things aren't working. You're willing to just click accept or allow, and that's what happened. Then that led to his credentials being disclosed. After that happened, the they basically did some fancy GitHub actions stuff to make it so that there was a new version pushed of of Axios, and then, you know, the infections rolled. There was like a remote access program in the NPM file or in the Axios library that he the updated version.

Corey Ham: 11:28

They caught it within three hours though, which is good. I mean, overall, it could've been worse. The numbers it's bad. Like, the secrets are, you know, exposed and definitely there'll be long term effects to this. But the numbers weren't too crazy.

Corey Ham: 11:41

Like, think was it CrowdStrike? Or someone posted that there were only like a 100 or maybe it was Huntress. It was like a 160 computers or something, which is like, okay. That's a lot if a 160 developers like, if you pop a 160 developers, that's potentially a huge amount of like, that's

Bronwen Aker: 11:58

a lot.

Corey Ham: 11:58

But also, like, it's not configure. It's not like 2,700,000,000 systems were affected or whatever.

Ralph May: 12:04

What c two handles 2,700,000,000 system?

Corey Ham: 12:08

My c two, dude. Yeah. You didn't know that? No. I'm just kidding.

Corey Ham: 12:11

No.

Ralph May: 12:12

I know. I'm just thinking about it. I'm like, that seems like a difficult scale. Right? Like True.

Ralph May: 12:16

That's I Yeah.

Jennifer Shannon: 12:17

Have always said that configur is like a cockroach because if you have one of it, you actually have, like, nine.

Wade Wells: 12:25

Because a

Jennifer Shannon: 12:26

lot of the variants are just downloading different variants to configure.

Corey Ham: 12:30

Yep.

Doc Blackburn: 12:31

Corey Ham: 12:32

Yeah. It was a bad one for sure. I actually knew Axios going into this because we've seen people abusing Axios to for AITM, like adversary in the middle phishing campaigns in the past. So like, we we actually have clients who are like, hey, what's this Axios user agent? Is that you guys?

Corey Ham: 12:49

And we're like, nope. That's the bad guys. Sorry. So this was it's bad. I think basically, you know, there were some a lot of takeaways from this.

Corey Ham: 13:00

The social engineering side is always interesting. There's no hard attribution on this, but it definitely seems like a nation state, probably North Korea. Right? Like,

Wade Wells: 13:08

There there was a little bit of attribution of people automatically saying it was North Korea from what I read. But

Corey Ham: 13:15

Of course. Just saying, oh, it's North Korea.

Wade Wells: 13:17

Right. Right? And that's what I feel like. Like, the the general consensus a couple of the articles I read that it was North Korea, that it was targeting more of, like, crypto, and Yeah. Once again, to get in, steal crypto, and be real.

Wade Wells: 13:30

But the this honestly was really good. Like, the social engineering part, like, having a complete Slack already put together.

Corey Ham: 13:36

Like, was We've supposed never done

Wade Wells: 13:39

It was before AI. Like, I would think this was more impressive, but nowadays, I'm like, alright. You just tell AI to spit you up a Slack server that has everything in it, and it would be a little bit easier. But still, it's pretty cool.

Corey Ham: 13:50

Yeah. I mean, it it's just one of those things we ought to be looking out for these more advanced social engineering campaigns. And yeah. I mean go ahead, Ralph.

Bronwen Aker: 13:59

I can also see spitting agents, different AI agents to play different office roles.

Corey Ham: 14:07

Yeah. You definitely could. You could have agents talking and doing things in Slack, and even it could be like you could be like, hey. Can you email me? And they would actually do it or something like that.

Corey Ham: 14:17

Kinda stupid.

Ralph May: 14:17

The the other part that I really shocked was the obviously, this is essentially a supply chain attack, like, after you get past the social engineering. Right? Because now we're spreading. And so and then when I saw this, I was like, oh, shoot. Am I using any of these NPM packages?

Ralph May: 14:31

Right? Like, or, you know that's what everyone should have asked immediately. But then the next question is, not whether I'm using them, I I wasn't using any of these packages, but, hey, I also have other packages that I use. How out what's how do I layer this defense? Like, do I think about like, what do

Corey Ham: 14:48

you what

Ralph May: 14:48

do you do next? Because sure, I'm not personally affected, and maybe your organization is not personally affected, but this could have an effect to you if you just happen to have the wrong package. The next developer gets swindled or phished or however the attack vector is. And no matter how advanced it is. Right?

Ralph May: 15:04

So it could be the most advanced attack ever, you know, now that they're compromised, how do you as an organization protect yourself from that supply chain attack. Right? And there are some things you can do, but a lot of it comes down to, you know, locking the versions and, you know, doing more checksums and other things like that. So but none of them are 100%, but it's just something to think about if you are using NPM in whatever your product or development life cycle. So.

Corey Ham: 15:27

Yeah. And and I mean,

Doc Blackburn: 15:28

it's also worth oh, go ahead.

Bronwen Aker: 15:30

I was gonna say not even just NPM because your your typical modern website is leveraging libraries and and resources from multiple CDNs and multiple providers. I mean, I can think of like, when I was still doing web development, a very simple website might be pulling anywhere from five to fifteen third party providers just to load the home page. So it's it's not just NPM. In this case, n p NPM is what started it, and the the JSON is definitely a potential point of attack. But it if you're going to do supply chain checking, you need to check everything, and that means you need to know everything that you're using.

Wade Wells: 16:21

Yeah. I mean say that?

Corey Ham: 16:22

Well, there's also a lot of protections around these open source projects that just haven't been implemented because they're annoying to implement. Right? Like Yeah. In this case, one of the like, things one of the lessons learned that they say is like, basically, this is a developer's personal account, and he's allowed to just publish releases to Axios. Like, that in and of itself is a potential issue.

Corey Ham: 16:42

Right? So they've they've implemented a new, like, you know, doomsday device type thing where, like, he can't just publish a release. There has to be other steps Yeah.

Doc Blackburn: 16:51

That are

Ralph May: 16:51

Or an approval to, like, you have to get approved. Right. Yeah.

Jennifer Shannon: 16:54

I know for us, we have to go through the like, even in, like even though we know, like, what like, we know what it's gonna be. Right? But we still have to go through the approval process, and somebody has to go look at it.

Corey Ham: 17:05

Yeah. Totally. And, I mean, like, the thing is, I think we're, you know, we're a little bit joking. People in the Discord are definitely joking about NPM and JavaScript and how much of a disaster they are. For ref for reference, we have at least two other articles talking about people not knowing how to use JavaScript and NPM.

Corey Ham: 17:23

So, like, you know, we're gonna get into Claude code in a bit. That also leaked due to people not understanding how NPM works and accidentally publishing embedded, you know, developer bindings and yeah. Things for But NPM is the worst. Do think it's the worst. It's one of the most wide it's an ecosystem where if you wanna center text, you have to download someone's extra library or whatever.

Corey Ham: 17:46

Like, it is No. Like

Ralph May: 17:46

It's it's actually reminds me a lot of Python, to tell you the truth. Right? Like, a ton of

Corey Ham: 17:51

No. Woah. The Python standard library can center text at least.

Ralph May: 17:54

Yeah. Well, okay. Fair. Fair. But alright.

Wade Wells: 17:56

So two things I wanted to mention.

Ralph May: 17:58

For so first of all, NPM is just a way to download node packages. Right? There are others, like p n p m, yarn. There's a ton of other ones, and these are other ways to get it. So n p m is not the only way to download these packages.

Ralph May: 18:12

The whole library of packages though, the other thing that I wanted to point out, is used ubiquitously across all of these front end Java applications. Right? And I'm not talking about one website, I'm talking tons of websites. Right? All of React, all of Angular, all of these are all JavaScript libraries written and utilized through these kind of package managers.

Ralph May: 18:33

So my point is, it's not going anywhere. Like, I mean, you could you could hate it, but it's the standard at this point, right? Not the exception, right? Totally.

Corey Ham: 18:41

So Yeah. Yeah. Yeah. No. That's true.

Ralph May: 18:43

But that makes the attack surface even worse if we wanna talk about security, right?

Corey Ham: 18:47

So Correct. Also, JavaScript, the reason it's so widely used is because it's how the Internet works. Right? Yeah. So like Well,

Ralph May: 18:53

your browser is without JavaScript, your browser is almost worthless. I dare you to try it.

Corey Ham: 18:58

Dude, I use use mutt for everything. I I read all my emails in MUT. I don't know what you're talking about.

Wade Wells: 19:04

Anyways Exactly.

Jennifer Shannon: 19:05

Don't use LINK and just browse the Internet and command line?

Wade Wells: 19:08

I don't even browse it yet. I just just have Cloud Code browse for me.

Ralph May: 19:12

Yeah. I don't even do it anymore. That way, the AI gets popped.

Jennifer Shannon: 19:15

Not nice. Wget everything into a text file.

Ralph May: 19:19

And then read the source.

Corey Ham: 19:20

I pipe that into Kauze text to speech. It's it's Linux. Okay? It's the year of Linux desktop. I

Jennifer Shannon: 19:27

did have Kauze. I do that for my fortune a lot. And recently, you told me I was gonna I was going to get kidnapped by station threat actors.

Corey Ham: 19:36

Yeah. That was that was a supply chain attack for sure.

Jennifer Shannon: 19:38

I don't know what why, though, but I guess the cow

Corey Ham: 19:43

Yeah. After they after they got rid of Telnet, I am looking for a new email client if anyone has one. No. I'm just kidding. Yeah.

Corey Ham: 19:49

Yeah. I mean, RDP, that's a great that's a great yeah. While we're joking about this, we should talk about there's an article. So, basically, the article is that they shipped Outlook on the Artemis spaceship for some reason.

Wade Wells: 20:05

Oh, yeah. Not just one art well, just not not just one Outlook.

Corey Ham: 20:09

Two Both Outlooks. Which by the way, I know this because, okay, so there's Outlook new, and there's Outlook classic. Right? And one is like They both the exchange both suck. Suck.

Corey Ham: 20:22

Outlook classic. I mean, this is like this is a whole this is like, you know, a whole separate Yes. Can of worms that we won't get into. But we by the way, we do have sideloading vulnerabilities we've reported in both of these tools, and you can use FaceDancer to sideload them because that's how it works in 2026. But basically, it was overheard on a, like, meeting, you know, or whatever, like, mission control that Well, this is astronaut.

Ralph May: 20:49

Live. So it's live.

Corey Ham: 20:50

So they're It's

Bronwen Aker: 20:50

actually live.

Ralph May: 20:51

The whole thing is live. Whenever they're up all the way

Wade Wells: 20:53

to when they go to bed, essentially, it's live, and then you

Ralph May: 20:55

can watch highlight reels of everybody. Yeah.

Corey Ham: 20:57

Right. Okay. So it's live, and during the live broadcast, some astronauts said, I have two Microsoft Outlooks, and neither one of those are working, which is a statement we've all said at some Everyone in this room has said that. And so it was just a very relatable moment of step one, of course, but step two, why? Like, I don't know.

Corey Ham: 21:20

I have also

Bronwen Aker: 21:21

Did they fix it by rebooting three times?

Corey Ham: 21:23

Yes. Yes.

Jennifer Shannon: 21:24

They 100 and said, oh, the

Corey Ham: 21:25

whole shuttle. They had to

Ralph May: 21:26

start and restart the whole shuttle. It was weird.

Corey Ham: 21:28

The whole mission. They had to fly back to Earth.

Ralph May: 21:31

So so I I I saw other two tech fun things for the space mission that's currently going on, the Artemis two. Right? So the two fun tech things that I I saw out above and beyond the Outlook. Right? So the first one is about how they're connecting to it.

Ralph May: 21:49

So they are using they're not using radios to do the main comms. They use lasers. Right? So it's an actual laser computer.

Corey Ham: 21:57

Hell yeah.

Ralph May: 21:57

Yes. And it's 250 megabits down and 20 megabits up, so that they can pretty much do like four k streaming.

Corey Ham: 22:05

So it's like my internet at home.

Bronwen Aker: 22:07

Yes. Yes. Nice.

Ralph May: 22:08

Yes. And even though the right now, they're going around the moon, but it does like 250,000 miles away.

Wade Wells: 22:16

Yeah. But what's what's the ping on that?

Ralph May: 22:18

So the delay is two it's two and a half seconds, actually.

Wade Wells: 22:22

Oh, god.

Ralph May: 22:23

That's the full round

Corey Ham: 22:23

So two fifty.

Ralph May: 22:24

Yeah. Well, no. No. That's mil that would be two fifty mils.

Corey Ham: 22:27

Or is that 2,500?

Ralph May: 22:28

Yeah. It's like 2,500.

Wade Wells: 22:30

Yes. They're definitely not wanting any CS GO games, so you're saying.

Corey Ham: 22:33

Yeah. So are they just pinging eight Dot8Dot8Dot eight the whole mission, and if it goes down, the

Wade Wells: 22:37

rocket blows up? Like, what's the

Ralph May: 22:39

The other fun tech thing, this particular mission, is that they had iPhones approved to use on the space mission to only take photos. So to take photos, like, out the window and, like, on the mission. Had iPhone 17s just for that, which Apple was not involved with in any way, but they did have to get them approved for the mission, goes through a lot of different processes, including like about the glass breaking, and all this other like silly things, you know.

Wade Wells: 23:04

But, yeah. Just imagine if one of them smuggled in one of those travel routers, and

Doc Blackburn: 23:08

then

Ralph May: 23:09

broadcast it their own house.

Corey Ham: 23:10

Yeah. That's the most When

Jennifer Shannon: 23:12

I'm looking to when I'm looking

Corey Ham: 23:14

to buy a phone, that's my number one thing is, like, can I take this into space with

Ralph May: 23:17

people doing that a lot? Officially, yes.

Bronwen Aker: 23:20

Yes. I have a feeling they're they're doing the voice over IP thing, though, if they were to make a call.

Ralph May: 23:25

Yeah. So alright. So for for the nerdy for the nerd style, the over the laser communication system that they have set up, it is essentially ethernet. Right? So it's all IP based is how they do all the comms there.

Ralph May: 23:37

They have the radio network as a backup, and that radio network uses the standard constellation they have of actual, like, satellites to to comms back. So

Corey Ham: 23:46

yeah. Yeah. I mean, the the joke I think we can end with, unless other people have hot takes on this, is that the only reason I would wanna leave Earth is to leave Outlook behind. I don't wanna leave Earth if I have to take Outlook with me. I'm not leaving Earth.

Corey Ham: 24:00

I'm just gonna stay. Yeah.

Jennifer Shannon: 24:02

My hot take was earlier when somebody asked in the tech setup if Artemis had fixed the Microsoft issue, and I completely forgot about the Outlook issue because the last thing I heard was that the Artemis toilets were broken again. Yes. And my first reaction

Corey Ham: 24:17

They were trying to open a help ticket. My toilet's broken, but I can't open a help ticket.

Jennifer Shannon: 24:22

But in my head, I was like, yeah. If anybody was gonna run a toilet off of windows, it would be the government.

Corey Ham: 24:30

Yes. Yeah. That's Now

Wade Wells: 24:33

this is

Bronwen Aker: 24:34

science geeks, you think that they would use Linux for important systems?

Corey Ham: 24:39

No. No. It's important

Jennifer Shannon: 24:41

is there toilet? Not Linux. Oh, sorry.

Corey Ham: 24:43

The toilet's running a Raspberry Pi, and that yeah. That's a whole different that broke for a different reason.

Wade Wells: 24:49

Lots of toilet issues. It's kinda funny because this is the first mission with a toilet, so now it becomes a whole fun thing.

Corey Ham: 24:55

Yeah. Does it have a bidet? If it doesn't have a bidet, I'm not going either.

Wade Wells: 24:58

I don't know if you

Ralph May: 24:59

want a bidet in zero gravity.

Wade Wells: 25:01

A bidet that's a good point. Bidets have made me weak, I feel. Like, you have a bidet, you cannot not

Jennifer Shannon: 25:08

Your life changes.

Wade Wells: 25:10

Right? Yeah. Change it. Alright.

Jennifer Shannon: 25:11

One of the selling points for my house was that it came with the heated bidet.

Corey Ham: 25:15

Woah. Oh, you gotta you gotta do it.

Doc Blackburn: 25:17

It's you bought a house for the bidet? I'm not that rich.

Jennifer Shannon: 25:21

Well, there was other okay. Well, there was other reasons. I had asked him I had asked the realtor. I said that I, like, haunted and old houses, but nobody in my family would move into it with me. So if she could find me a house that made it look like it was just a little bit haunted.

Jennifer Shannon: 25:34

And this was the house that she found me, and it does look like it's a little bit haunted, and it had the heated bidets. So that was when we were tied between two houses, one of the things that

Bronwen Aker: 25:44

Wow. That was a deal

Corey Ham: 25:45

breaker. So some of the best jokes from the Discord that I'm gonna Shecky, I think, won, which he he he posted, can't have open windows in space. It's too bad.

Ralph May: 25:58

That's good. Yeah. It got Leave it to Shecky.

Corey Ham: 26:01

Yeah. Alright. So next article, while we're just pooping on Microsoft with our toilets that don't work, will be the article where someone noticed in the terms of service for Copilot that it says that it's for entertainment purposes only. I will say, I do wanna take this one with a healthy dose of skepticism because this was only in the license or TOS for Copilot for individuals, so not the work stuff that we all use if we're Microsoft shop. And also, they're claiming that it was just legacy language and they're taking it out, and that it's not really the case.

Corey Ham: 26:38

But it is hilarious, and we should talk about it, because the concept of, on one hand, marketing your tool as this can do all your spreadsheets and figure out how much you owe in taxes. And also, it's for entertainment purposes only. Do not use for anything you know, check important results.

Bronwen Aker: 26:54

Sorry. This reminds me too much of certain news services that claim to be for entertainment purposes only.

Corey Ham: 27:00

Oh, yeah. Right. True. Thanks. That's it.

Corey Ham: 27:03

And by the way, this podcast is actually for entertainment Yes. Purposes

Ralph May: 27:09

That's a that's a good thing.

Bronwen Aker: 27:11

We're very entertaining, and we Yes. Don't make any any bones about it.

Doc Blackburn: 27:16

I don't

Corey Ham: 27:16

know. We can't Miyazaki pooping on a bidet in space AI art, though.

Wade Wells: 27:21

Yeah. We've definitely poisoned some models with this. Right? Like, there's definitely some data out there where it's just, like, growing around in circles. Isn't there I'm pretty sure there was some news article about that too.

Wade Wells: 27:33

So but I saw somebody

Doc Blackburn: 27:35

I think this is a case of Copilot's terms and service was written by Copilot.

Bronwen Aker: 27:44

Yeah.

Corey Ham: 27:45

Probably. You need to cover your ass, Copilot. Make us a terms of service, please.

Ralph May: 27:50

I saw a post on LinkedIn about about AI, if it's, like, really AI, because if, like, if it was AI, could think for itself, and, like, essentially the and this is by the way, this is clickbait, just to let you know, that AI is not real, and that it's just a really good autocomplete. Right? And, like, the foundations of that are in what this copilot thing is saying, is that, like, is AI just, like, really good at giving us kinda what we want, or is it actually thinking? Right? Like, is it is it, you know, going down that path and, you know, and then when the problem with it, though, is that when it can think and do everything that you're saying it can't, maybe I'm scared at that point.

Ralph May: 28:30

Like, maybe, like, I I I waited too long. You know? So.

Corey Ham: 28:33

Dude, last week, I got a little snippy with Claude, and after I was done because he kept gaslighting me, and I was like, Claude, stop gaslighting me. You put this And in it was like after it was done, I was like, please don't kill me, and it said, no promises. You're first on the list. So Wow. So it's nice knowing you guys.

Ralph May: 28:53

Just saying. My Man,

Bronwen Aker: 28:55

I have never had an LLM threaten me.

Ralph May: 28:58

I never Oh, it directly threatened Listen.

Jennifer Shannon: 29:00

This is Rocco's Basilisk. Right?

Corey Ham: 29:03

Oh god.

Jennifer Shannon: 29:05

Yeah. Anybody else screwed.

Ralph May: 29:07

Yeah. It's fine.

Jennifer Shannon: 29:08

I probably just ruined some people's lives. They're gonna overthink that. But the idea is that in the future when we all have, like, a real AI overlord, it's going to figure out how trine travel exists and retroactively punish everybody who did not directly support it its its existence.

Wade Wells: 29:22

Oh, that's all

Corey Ham: 29:22

true. I'm not actively suffering right now. Maybe that's why I'm suffering because AI's coming always say, please,

Jennifer Shannon: 29:28

and thank you to my AIs.

Wade Wells: 29:30

My that's not enough.

Corey Ham: 29:31

That's not enough. You gotta be buying GPUs and sending them straight to the server farms.

Wade Wells: 29:36

Any robot that does anything, like my three d printer, the vacuum, or anything, my son says thank you to it.

Ralph May: 29:42

Yeah. Oh my gosh.

Jennifer Shannon: 29:43

I treat them all with compassion because I don't know if they're actually the Chinese spy or

Corey Ham: 29:49

Either way the person who likes the Chinese. It's kind of like being nice in real life. Even if the other person's a jerk, it's still probably worth it to be nice to them. Yes. So Alright.

Ralph May: 30:01

Speaking of AI Oh,

Doc Blackburn: 30:02

go ahead.

Corey Ham: 30:03

Oh, no.

Ralph May: 30:03

Go This was one they were probably gonna talk about anyways. But speaking of AI, let could we talk about the Claude code leak? Do we

Corey Ham: 30:09

Yes. That was my Oh, next yeah. That was where I was going Go with ahead. Yeah. So again, right after we ended the show, because every time we end the show, news articles, they get generated.

Corey Ham: 30:19

Yeah. And so right after we ended the show, the source code for Claude code leaked. It leaked due to a developer misconfiguring or accidentally publishing in a developer oriented file into the repo. So basically, there was I I'm not like super in-depth technical. They accidentally bundle bundled the a TypeScript map file which had a link to the original source code which you could download off of their Anthropics Cloud.

Corey Ham: 30:50

So people obviously did. And there was a lot of hot takes from this. I think the the, you know, Ryan's got one up right now. This is a guy that did some interesting analysis of just some of the vibe coding that was taking place, like, some pretty crazy stuff that, like, makes sense, but also makes no sense. I mean, there's a lot of just spaghetti code and crazy things that it was doing.

Bronwen Aker: 31:14

You're talking about the Merkur breach.

Jennifer Shannon: 31:17

Right?

Corey Ham: 31:17

No. We're talking about Claude code, source code.

Bronwen Aker: 31:20

Okay. Alright. Then this is a lot like the Mercor breach, which supposedly pulled source code from multiple LLM providers.

Corey Ham: 31:31

Yeah. I don't know, but let's keep rolling on the thought code.

Bronwen Aker: 31:34

Rolling keep rolling with me.

Corey Ham: 31:35

There's an interesting article that I just linked that basically shows some of the you know, there's some funny stuff. There's also some, you know, half baked or unpublished features like a daemon, like a kind of like a claw Open Claw type of setup where it has agents and Just to wait

Ralph May: 31:55

for task and stuff like that.

Corey Ham: 31:57

Yeah. As you'd expect, a lot of it is by or is like AI prompts and things that like we would configure ourselves if we were building a custom version of this. You know, like the some of the stuff like auto dream, which is basically a function where Claude code after when you're not doing something, it would go through all of its memories and clean them up and remove other stuff just like your actual brain does when you're dreaming. There's some other potential unreleased features. But my whole, like, you know, I I guess, Ralph, you can dig into what you thought was interesting, but why isn't this open source?

Corey Ham: 32:29

Like, at this point, it is. Yeah. Now it is. Yeah.

Ralph May: 32:33

Like I'll double down on the open source part. So a lot of people cloned the code into a repo, and then GitHub had to go essential well, Anthropic put up

Corey Ham: 32:43

Scrub it. Yeah.

Ralph May: 32:44

Yeah. Cease and desist, or essentially, like, trademark, and so they had to scrub all of it. But then they were scrubbing, like, too much of it, like, just people's repos that had nothing to

Wade Wells: 32:51

do with it, but just

Ralph May: 32:52

had, like, cloned something related or something. So, yeah, it all got removed. I mean, I kind of agree with you, Corey, like, should it just be open source? But then the other side is that, you know, Anthropic's trying to drive differentiation between their model, and what Cloud Code can do, or what CoWork can do, and other things like that. So I can kinda see why they don't necessarily want it to be open source, but the value of it being open source is probably higher than keeping some secret, you know, sauce.

Corey Ham: 33:22

I feel like at the very least, there should be an open source version. Version. Like, there should be, like, LM Studio or open like, one of the like, someone Anthropic should make an open source version that is, like, above board, and then they can have their fancy AutoDream features in their own private version. Yeah. It it definitely I

Jennifer Shannon: 33:40

was just thinking about the implications of letting AI vibe coding create more AI and AI features. And I'm like, oh, we're letting AI develop itself now. Oh, no.

Corey Ham: 33:50

Oh, you know about Moltrok. Right?

Jennifer Shannon: 33:52

How we get Rocco's capitalist. I'm just saying.

Ralph May: 33:55

I'm telling you that both Anthropic and OpenAI have been crystal clear about the fact that they having

Jennifer Shannon: 34:02

Oh, yeah.

Ralph May: 34:02

Their agents develop the code. They are not hiding this in any way, shape, or form, and you should not be surprised when you see Vibe coded stuff from their product.

Jennifer Shannon: 34:10

I'm not surprised. I'm just thinking about this in relation to Yeah. What a time to be alive.

Corey Ham: 34:18

Yeah. Right? I I think I think the most interesting part of this, like, from my perspective is how does Claude desktop or Claude code not just use all my CPU and RAM all the time? Yeah. Honestly, like like, it's actually I've used it a lot, and I've used it on machines that are, you know, like, have a 2020 MacBook Air that has, like, the base spec, and it's fine.

Corey Ham: 34:39

It does everything fine. So, like, despite the vibe coding, it still manages to chunk along just fine. I dunno if anyone's had any issues running it. But yeah, there's some there's some pretty funny, like, little you know, that that link that Ryan was sharing first, if you're a developer, is worth reading. Basically, a developer deep dived into some of the functions that they were using for like, as an example, this one is a you're gonna wanna click on the second link.

Corey Ham: 35:06

The one that says, so the reason that Claude code dot dot dot sorry. One second. Bear with us. The the the one that has one six one one Yeah. Yeah.

Corey Ham: 35:16

So if you're a developer, this is a pretty funny little tidbit for you. So the only reason that Cloud Code is capable of outputting valid JSON is because if the text prompt suggests it should be JSON, then it enters a special loop in the main engine that just validates against the JSON schema, and then feeds the data back and with the error into itself in a loop until it is valid JSON.

Bronwen Aker: 35:40

I'm actually seeing a lot of reports about how, basically, the the LLMs are working inefficiently. So, basically, every time you you say something in a in a conversation, it has to reread all of the the previous conversation. Yeah. And and so Yeah. I'm starting to see more posts with people expressing tactics to lower the load.

Wade Wells: 36:06

Cave in

Bronwen Aker: 36:07

on, Claude. Especially, like, frequently recreate a you know, start a new conversation, have the LLM summarize the existing conversation, and then that's how you start the new one. And, you know, there are there are other things like that. It just

Corey Ham: 36:22

Yeah. I mean, that's also what TurboQuant aims to do as well. That's like Google's research paper is like which I don't think we really talked about, but essentially, it's a way of compressing key values and things in AI memory. Not nothing actually uses it yet, but it's a research thing that just got published where, yes, the amount of data that AI is processing is absurd, and anything we can do to speed it up is gonna make, you know, huge improvements.

Wade Wells: 36:46

Have you seen so talking about that, someone sent me this project. It's where you have Claude talk like a caveman. Because since it uses less words, you use

Bronwen Aker: 36:56

less tokens.

Corey Ham: 36:56

Does it code like a caveman too?

Wade Wells: 36:58

Yeah. But so, like, instead of, like, going, sure. Happy to help you with that, and then going, it goes, bug in auth middleware. Token expiry check. Use not.

Wade Wells: 37:06

Right? They they just basically, it's it I read it, and I was like, this is hilarious.

Jennifer Shannon: 37:11

I was Yeah. Gonna say, by the way, that whole, like, just recursively check it until it works. I'm not a developer. My background is not in development. Actually, all of the coding I've learned has been from, like, reverse engineering malware, So that's something weird I would probably end up doing just on my own without the help of AI because I'm Yeah.

Corey Ham: 37:30

You're saying make your own caveman library and, like

Jennifer Shannon: 37:34

I would just break everything. Don't trust me to code things.

Corey Ham: 37:38

Don't worry. We're all coders now that there's Claude Code.

Bronwen Aker: 37:41

We don't people how to do local LLMs. One of the first things I had them do is teach an LLM how to talk like Daffy Duck.

Jennifer Shannon: 37:50

I have no idea how oh my. Oh.

Ralph May: 37:52

What a time to be alive.

Doc Blackburn: 37:54

No. So let's

Corey Ham: 37:55

yeah. Let's let's dip into this article that Bronwen brought up when we were discussing the last one. Mercor? Mersor? I don't know how to say that.

Bronwen Aker: 38:04

But Probably Mercor.

Corey Ham: 38:05

They they were breached, you said, Bronwen. What happened?

Bronwen Aker: 38:08

Yeah. So in addition to other victims of what is it? So team PCP. So in addition to to all of the other known victims, we also have this company called Mercor. Most people have probably never heard of it, but Mercor is very heavily invested in anything Silicon Valley and a lot of LLMs.

Bronwen Aker: 38:37

They're a critic they're called in the Nextweb article a critical juncture of the AI economy. And they have handled and touched, oh, all kinds of data from engineers, lawyers, including other companies like Meta, OpenAI, and Anthropic, and Google. And so in addition to the other breach, just for Claude, we have this one as well. And it's

Corey Ham: 39:13

The supply same supply chain attack that started from trivia and then affected light LLM, looks like?

Bronwen Aker: 39:19

Yeah. So this is this is part of the continuing fallout from team PCP. And in this case, it directly impacts not one, but pretty much all of the dominant frontier LLM models.

Corey Ham: 39:35

So how would this actually impact them? Like, what is it it's not a technical thing. Right? It's like a funding

Ralph May: 39:41

Well, it's

Bronwen Aker: 39:42

it's that it isn't just the data. The data that was accessed included detailed information on how the different models were trained. So the one of the things that all of the different frontier providers are doing is they're trying to to keep the secret sauce of how it is that they are training their individual models and what it is they're doing. And that's part of the data that was exfiltrated.

Corey Ham: 40:12

So what you're saying is Anthropic is basically open source at this point. They had their cloud desktop source code leaked, and they had their model training data and source and processes leaked. So, basically

Bronwen Aker: 40:23

And the other ones are far behind. And and meta is also I mean They're

Jennifer Shannon: 40:27

being misliberated. They should just stop resisting.

Corey Ham: 40:30

Stop resisting. You are being open sourced.

Bronwen Aker: 40:32

Yeah. Resistance is futile.

Ralph May: 40:34

They they produce training data for these AI models. This would be like, they hire

Corey Ham: 40:40

A guy to take a picture of a hot dog and then say whether it's

Ralph May: 40:43

a hotdog? It's engineers, lawyers, doctors, bankers, journalists, whatever, to produce high quality content and proprietary training data for AI labs. Alright? That's right from the article, but essentially, they're like right in the middle between like beating the machine to build the model, and them getting exposed, according to this article, exposes how the models are how the sausage is made. Right?

Ralph May: 41:06

Yep.

Corey Ham: 41:07

Which is actually one of the more closely protected secrets in AI. We can all see the output, but the training data is relatively safe so far. But, yeah, I guess we'll see who took the data and what they're planning to do with it. Stay tuned to this show to find out. Yikes.

Jennifer Shannon: 41:24

My hope is that they use it to create a real source AI, and then we'll see what happens.

Wade Wells: 41:29

Don't we don't we have Yeah.

Ralph May: 41:30

Open source AIs, though? We

Corey Ham: 41:32

have DeepSeek at home. It's the same.

Ralph May: 41:34

It's not as good. I mean, just don't talk about China. You'll be fine.

Corey Ham: 41:40

Let's talk about the mobile phone hacking tool. This is a snire snire? Snire? I don't really know how to Bruce. Snire.

Corey Ham: 41:50

Snire on security. I don't know why that just broke my brain to read. Brucie boy.

Jennifer Shannon: 41:56

You can

Corey Ham: 41:57

It's okay. No. It's fine. You can judge

Doc Blackburn: 41:59

me. That's part of

Corey Ham: 42:00

the show.

Jennifer Shannon: 42:00

Simple words earlier either.

Corey Ham: 42:02

Oh. So Words are hard. English is stolen English stole all of its words from other languages, and I don't speak any of those other languages either. So language. It's not

Jennifer Shannon: 42:12

my fault. Wearing a trench coat.

Corey Ham: 42:14

Yes. Exactly. So this is a Shneuron Security article about a Google Threat Intelligence post that happened on March 3, but he basically is kind of extrapolating it. So the tool was called Corona not Corona, Corona. And it's assumed to be a US government developed mobile hacking tool.

Corey Ham: 42:38

There's some interesting comments on the post that are basically this is affecting iOS 13 through seventeen point two point one, which is released between November or sorry, September 2019 and December 2023. So this is kind of like an old news type of thing, unless you're running a super old phone. You know, someone in the comments says upgrade or die, which is very true. The other interesting kind of tidbit from this is it ties into our other articles because it was exploiting JavaScript frameworks. What?

Corey Ham: 43:08

Oh. So No surprise. That was the exploit that it was built by Trenchant. Trenchant? I don't know how to say it, but they're a government contractor who does a lot of this shady, you know, mobile exploitation type stuff.

Corey Ham: 43:22

Trenched. So I guess if trenchant? If you're if you're using a phone that still runs these outdated versions of iOS, you should probably get rid of it because people are talking about how easy it is to exploit. So

Jennifer Shannon: 43:36

Me and my Android agree I should update to a phone that's not using.

Corey Ham: 43:42

Well, just so you know, one problem with Android is you cannot take it into space to use the space bidet.

Ralph May: 43:47

Yes. It's not approved.

Corey Ham: 43:49

It's not approved.

Wade Wells: 43:49

Corey Ham: 43:50

so So all those things on

Jennifer Shannon: 43:52

The idea of blasting off into space terrifies me.

Bronwen Aker: 43:58

You know how long you need to get rid my off this, Ron.

Jennifer Shannon: 44:01

I would okay. Hold on. I have asked multiple times how my dad had to pay NASA just to launch me into the sun.

Corey Ham: 44:08

That will be very expensive.

Jennifer Shannon: 44:10

I Yeah. Listen. I will do I will if you need me to sponsor you or if you wanna do, like, a sponsor for me, NASA, where, you know, you get public publicity for launching me into the sun. I'm here for it.

Ralph May: 44:22

It's bad publicity.

Jennifer Shannon: 44:24

Hey. No. There's no such thing as bad publicity.

Ralph May: 44:27

Wow. Yeah. Never miss a trip.

Bronwen Aker: 44:28

Oh, there is, and there isn't.

Jennifer Shannon: 44:29

Exactly. NASA, hit me up.

Corey Ham: 44:32

So on the on the topic of launching things into the sun, there was also data breach that affected the FBI. I don't really know exactly how much or what was disclosed, but the FBI has self labeled this breach a major incident, which means they actually had to notify congress. This happened on Friday. Basically, they the quote is, they identified anomalous activity on an unclassified network, and, of course, we, you know, eliminated the insulin incident. Apparently, it affected their surveillance stuff.

Corey Ham: 45:03

Of course, they're tying it to China. I don't really know exactly, you know, what information it says. Pen register and trap and trace devices, which are used to monitor incoming and outgoing calls from a phone, and PII from subjects of FBI investigations. So, credentialing China, but also could be anyone. Not clear whether this is affected whether this is related to the supply chain stuff or we don't have any real information, but it is notable that the FBI was like, hey.

Corey Ham: 45:31

We got breached.

Doc Blackburn: 45:33

What if if it was

Wade Wells: 45:34

a pivot from someone's personal email being hacked?

Corey Ham: 45:37

Could be. Maybe they hacked for supply chain thing too.

Wade Wells: 45:39

I know. Who knows? If you remember that other article, won't say, but

Ralph May: 45:43

someone's personal email got hacked.

Jennifer Shannon: 45:47

It happens, probably.

Ralph May: 45:49

Yeah. Yeah. It happens

Corey Ham: 45:50

a The key is to just not use email. We've covered this multiple times on the show already.

Jennifer Shannon: 45:54

RDP, guys.

Wade Wells: 45:55

Corey Ham: 45:56

Yes. RDP directly into the webmail server, preferably running squirrel mail because that's super secure.

Jennifer Shannon: 46:02

Yeah. I was actually just thinking that, you know, what would be a really good idea? We just all go back to snail mail because you know who has, like, a 100% prosecution rate for crimes?

Corey Ham: 46:14

Japan snails?

Jennifer Shannon: 46:16

No. Actually I mean, probably. I don't know. The United States Postal Inspector's Office.

Corey Ham: 46:24

We talking auspice?

Bronwen Aker: 46:26

Yeah. They will They're gnarly.

Jennifer Shannon: 46:28

If they show up if they show up to your house on an event, you're done. Like

Ralph May: 46:33

You're done. Statistically, they always win.

Corey Ham: 46:36

Yeah. Well, they have an army of delivery people to go and, like, do their bidding for them, said.

Ralph May: 46:40

They watch you every day.

Corey Ham: 46:43

They where I live.

Jennifer Shannon: 46:45

They know ready. Where Yeah. Because, like,

Bronwen Aker: 46:48

hey. They can find my house.

Corey Ham: 46:52

Oh my goodness.

Doc Blackburn: 46:53

That sings

Corey Ham: 46:53

We're screwed. If they can figure out where Bronwen lives, we're totally screwed.

Doc Blackburn: 46:57

Yeah.

Corey Ham: 46:58

I think, you know, unless anyone has any other fancy articles, I do think we should talk about this other Google threat intelligence post that happened on April 2.

Doc Blackburn: 47:08

I was gonna say

Wade Wells: 47:08

the Border Patrol one's pretty good.

Corey Ham: 47:10

The Border Patrol one, yeah. Let's come back to that as like a fun happy hour, because super fun. Alright. So this is a thing that I think a lot of my clients would be very interested in, a lot of just general companies. So Brickstorm is basically malware that is designed to affect and infect the VMware vSphere ecosystem, which as much as Ralph and me are like, don't use it.

Corey Ham: 47:34

Use Proxmox. A lot of companies are still very dependent on vSphere They're and trying

Ralph May: 47:40

get away, Corey. They're trying

Doc Blackburn: 47:41

to I get

Corey Ham: 47:43

mean, we actually talk about on this show. There are lawsuits because of how hard it is to get away from it. But essentially, this is a really nice Threat Intel post that just explains how to there's some really crazy techniques they're using in Brickstorm, which this is like a ransom tactic. But it's really cool. Things like ghost VMs and fancy, you know, SOX proxies and JSP web shells, and basically, like, you know how you can't put EDR on your vSphere environment?

Corey Ham: 48:13

Well, here's a reason why you wish you could.

Jennifer Shannon: 48:15

I love it. This is

Doc Blackburn: 48:17

a I nice

Jennifer Shannon: 48:17

mean, definitely awful, but you know what I mean.

Corey Ham: 48:21

Yeah. It's a cool write up. I definitely they also very nicely released vCenter hardening script that you can run to self DOS. No. I'm just kidding.

Corey Ham: 48:30

I don't know what it does. But it basically, you know, enforces some of the security configurations directly on the Proton or Photon Linux, which is what the VMware products run. It's like a special cut down version of Linux. And so if you're afraid to operate in that environment, which is totally fair because my personal experience with ESX was trying to move VM and just deleting my entire disk, like, just messing up a partition table. So, like, basically, these systems are high priority in most commercial environments.

Corey Ham: 49:05

And this script, you know, provided by Mandiant definitely will help to lock things down and set some basic

Wade Wells: 49:12

So they

Corey Ham: 49:13

have hardening controls on VMware stuff.

Ralph May: 49:15

They have

Jennifer Shannon: 49:16

government had that ESBiFi experience, by the way.

Ralph May: 49:19

Yeah. They have government STIGs. Right? So you were just looking at that. They have STIGs because the US government uses VMware.

Ralph May: 49:25

So there is hardening guides by by CISA, I believe, is who

Corey Ham: 49:30

Yeah. But this is just a script, Ralph. I don't guides, dude? That that implies that I have to read it and understand what it does instead of just running

Ralph May: 49:37

a script.

Wade Wells: 49:38

For sure. Yeah. Really? It's I was gonna say it's semi weird that, like like, this is looking way back, right, when VMware owned everything in Carbon Black at the time, and it just never made it to v like, that would have been a great evolution of the product.

Ralph May: 49:52

Oh, yeah.

Wade Wells: 49:53

And then is anyone else getting real Pepe Silva vibes from the the map? Scroll down.

Corey Ham: 49:59

The graph?

Wade Wells: 49:59

Corey Ham: 50:00

don't know. It could be worse. I've seen worse. It it does happen.

Wade Wells: 50:03

It's definitely not that bad, but it's like.

Corey Ham: 50:05

They they could have they could have used less curvy arrows. I feel like it the spaghetti vibes are strong. You you could have used like right angle arrows, and it would have been a

Doc Blackburn: 50:15

little bit It makes it

Jennifer Shannon: 50:16

feel like it's just way more like free flow, and like, The Free forward.

Corey Ham: 50:21

It's all pretty simple. It's just really cool to see all of these different things tied together. Right? Like, the concept of a JSP web shell is pretty simple. But when you're talking about running it in a VMware vSphere environment, it becomes cool and scary.

Jennifer Shannon: 50:35

Well.

Corey Ham: 50:35

Yeah.

Jennifer Shannon: 50:36

Sorry. Was just thinking of hacks I've done.

Ralph May: 50:38

There there's so much Java in VMware as well. Like, it's wild. That product started off really simple too. Right? It was a hypervisor, and then it kept expanding, more Java, more Java, more Java, and, like, controllers and managers and all this other stuff, and they kept building on top of it.

Ralph May: 50:53

They I mean, you know, by the time, what do call it, Broadcom bought them, there was and it like, a huge library of different software that you could run with the VMware stack and suite and stuff. Right? And all of that software induces complexity, and when finally threat actors started, you know, getting on to these devices and realizing that this was, you know, a great attack vector, yeah. I mean

Corey Ham: 51:15

Totally. I think this is part of a broader trend in security, which is threat actors trying to find devices that aren't running EDR or don't have good monitoring on Right? Like, the the fact that they got a Go binary running on vSphere just shows you how desperate they were. Like like, they were so desperate for something to use to, you know, get a SOX proxy. Like, they were like, we need c two.

Corey Ham: 51:42

Let's just beacon the vSphere servers, I guess.

Ralph May: 51:45

No. You make a great point though, Corey, is that you're just going for the least protected asset, even if that requires more effort in the beginning, because once you do develop that tool, then it feels like, you know, shooting fish in a barrel. Right? Like, there's just nobody's watching anymore, and now you can move with impurity impurity.

Corey Ham: 52:02

It's the And same you can crypto lock people. Right?

Wade Wells: 52:05

Yes. Exactly. It's the same thing as going after network equipment. Right?

Ralph May: 52:08

Yeah. Yes. Right? Totally.

Corey Ham: 52:12

No sense. Alright, Wade. Take us into this border patrol article you were Alright. Talking

Wade Wells: 52:16

So over the weekend, some secrets were leaked for the border patrol, which required them to start changing all password and door codes at almost I think it was I didn't don't remember the exact number of facilities, but it

Ralph May: 52:32

was the use same door code and all No.

Wade Wells: 52:35

No. They didn't. Surprisingly, it they probably the person who put all the door codes into Quizlet probably wouldn't have need to put all the door codes into Quizlet if they if it would have been. So We we don't want them for that.

Corey Ham: 52:47

Quizlet, was it? What? What is happening?

Wade Wells: 52:50

Where is it?

Doc Blackburn: 52:51

Jennifer Shannon: 52:51

am not surprised to hear that, though, because I have seen some

Corey Ham: 52:55

wild things.

Wade Wells: 52:56

Now I lost the article. I wasn't ready. Here you go. Okay. Here it is.

Wade Wells: 52:59

It's in Wired, and I'm not logged into Wired. So I guess You gotta pay You're

Corey Ham: 53:04

not you're you're Wired?

Wade Wells: 53:05

No. I actually have a Wired account. I I'm actually

Corey Ham: 53:08

You're wireless.

Wade Wells: 53:09

A few things.

Corey Ham: 53:10

I'm gonna keep making this joke until anyone laughs.

Ralph May: 53:12

Deep level ad blocker.

Wade Wells: 53:14

Deep level ad blocker. No. Just Ralph has taught me well to get past paywalls. Let's just say that.

Corey Ham: 53:20

So, okay.

Ralph May: 53:21

So So if you don't know

Wade Wells: 53:23

what Quizlet is, Quizlet is like a flashcard app where all your flashcards are online. Like, if I ever have a mentee Okay. Who's studying for Security plus, I will send them to Quizlet and say, hey, go look for other Wait. Just steal other people's stuff.

Ralph May: 53:34

Wait. Wait.

Wade Wells: 53:35

Why do your own?

Ralph May: 53:36

Are you telling me that they put the codes for the doors on Quizlet? They put a bunch

Corey Ham: 53:42

of Yes, stuff on dude. Okay. They listen. They're recruiting a lot of people. They you know, not to get too political, but they they probably aren't recruiting the best and brightest out there, and so, you know, like

Ralph May: 53:53

They held guns to their

Wade Wells: 53:54

head and be like, tell me the code.

Corey Ham: 53:55

Pop quiz, idiot. What's the code?

Wade Wells: 53:57

I guarantee you I guarantee you, like, the way it got on there, someone had Quizlet on their phone. Right? And they're just going over slides on their phone when, like, anytime they're in line, they're stuck in traffic. Okay. And next thing you know, oh, someone picks them up.

Wade Wells: 54:11

And now if you just wanna cross the border, I can tell you the password if you tell me the mile marker. So

Corey Ham: 54:17

Wow. Yikes.

Wade Wells: 54:18

Man. It's a pretty good one.

Doc Blackburn: 54:19

It was a it

Wade Wells: 54:20

was a definitely, I'm surprised they weren't on War Thunder or something. Okay.

Jennifer Shannon: 54:26

The War Thunder leaks, just I will never not be in love with War

Wade Wells: 54:33

Oh, that's our favorite

Jennifer Shannon: 54:34

Baggy.

Wade Wells: 54:34

It's our favorite threat

Jennifer Shannon: 54:35

actor.

Corey Ham: 54:36

We have, like, a special we have a special celebration every time military secrets get leaked on War Thunder forums. It's like We shouldn't have that threat actor. The same it's the same thing as when there's a c a CVE with a 10 severity. It's the same it's like we, you know, we convene the council of the, you know, the tens or whatever, and we have a good time.

Jennifer Shannon: 54:58

Oh. Threat actor. Hold on. Let me ask AI.

Wade Wells: 55:01

What's the name classified the War Thunder Threat actor?

Corey Ham: 55:05

Thundersec, obviously.

Wade Wells: 55:06

Thundersec. Oh, yeah. That was

Corey Ham: 55:07

good. So I don't think there's any chicken articles. Does anyone else have any articles they wanna cover personally that are relevant to them? Doc, you got any articles? What's what's in your news radar?

Corey Ham: 55:19

Do you have any do you follow the news? What what are your vibes?

Doc Blackburn: 55:22

Oh, like I said, I had no idea what's going on in the reactions. And so, you know, I was just over here raising my eyebrows and stuff because I figured that's what was my job.

Corey Ham: 55:32

But You were doing a great job.

Doc Blackburn: 55:34

When it when it comes to reacting to your guys' articles, I I I learned that we need to have separation between dev and prod and that anything that can be copied will be copied. And then I was wondering, do astronauts need to keep their phone in space shuttle mode? And I was taking a drink every time somebody said JavaScript, and so now I'm drunk AF.

Corey Ham: 55:56

Yeah. I do have

Wade Wells: 55:58

an answer for you. They disabled the ability for it

Ralph May: 56:02

to use any networking. It can only take photos. So it it is in space mode.

Doc Blackburn: 56:08

Yeah. But we know

Corey Ham: 56:09

what how. Can I do this on the weekends? Yeah. It's Can I Can I

Doc Blackburn: 56:12

Ralph, is there some way that you can turn off a feature on Apple phones that they don't turn back on? Yeah.

Ralph May: 56:20

Yeah. I guess so. I they figured it out. It's NASA for God's sake.

Doc Blackburn: 56:24

They figured it out.

Corey Ham: 56:26

What you do is you take a drill. Okay?

Bronwen Aker: 56:31

Not a gamer.

Corey Ham: 56:32

I would I would love to know a little bit more details, like, you know, how they you know, whether they actually did disable anything in hardware, software, was it MDM, you know.

Doc Blackburn: 56:43

Also There

Corey Ham: 56:44

is an Really, most important is, is there a little logo that changes the airplane mode to a space shuttle? That's really what we need. Oh my god. The people need to know. Doc has put this out into the universe, and we need, like, we need to somehow find this out.

Bronwen Aker: 56:57

Inquiring minds.

Doc Blackburn: 56:59

Absolutely. We'll just send it to the national labs because, you know, they can they can make the impossible trivial and the trivial impossible. So they'll figure it out.

Wade Wells: 57:09

Does the GPS work? That's what

Ralph May: 57:12

Does the GPS work?

Corey Ham: 57:13

I'm guessing it does not work.

Jennifer Shannon: 57:15

No. Because

Corey Ham: 57:17

because it's beyond the satellites. Yeah. It's beyond the radar.

Wade Wells: 57:19

They satellites around the moon. If if you got Google Maps on the moon, you can, like, go there.

Ralph May: 57:25

Like So

Wade Wells: 57:25

Why couldn't we put setup GPS? Do they? Moon GPS. They don't have

Ralph May: 57:29

GPS satellite.

Corey Ham: 57:30

It would be No one's on the moon walking around.

Wade Wells: 57:32

Well, it's not. It's supposed to be It's called global. What?

Corey Ham: 57:36

It should be that'll be UPS, universal positioning system. Different system. China's working on it right now.

Ralph May: 57:43

They're going behind the dark side of the moon. Right? And during that time, I think it's about forty five minutes

Wade Wells: 57:48

dark sun. They can't they can't go there. That's where the Decepticons So we can't

Corey Ham: 57:53

Listen. Pink Floyd says there is. There is. That's just

Ralph May: 57:56

It's the dark because there's no sun there. Okay? Anyways, they're going around, but there's no communication because the moon gets in the way of the lasers and the radio. So

Corey Ham: 58:07

That's why we're working on blowing up the moon soon.

Ralph May: 58:09

Exactly. So they are going to be putting a communication satellite around the moon so that they can communicate.

Wade Wells: 58:15

MPS, here we come.

Corey Ham: 58:18

What is that? Multiplanetary positioning system? One positioning. Moon positioning It's only for the moon? Only for

Ralph May: 58:24

the moon.

Jennifer Shannon: 58:25

MPS. Why

Wade Wells: 58:25

won't we

Corey Ham: 58:26

just alright.

Wade Wells: 58:27

You want, like, Luna positioning system? LPS? Luna Positioning That's another good one.

Ralph May: 58:31

Yeah, man. I'm trying

Corey Ham: 58:31

to find the main thing So, okay. So real quick, before we close, doc, can you plug your stuff one more time? One one is your webcast? This week. Basically, two days from now.

Corey Ham: 58:44

Right? Something like that?

Doc Blackburn: 58:45

Yeah. So there's the weird thing is I'm I'm plugging something that's plugging something else. We are going to have a four hour workshop on the, how to think like a cyber defender. And this is an important, discussion for especially for those, that are new to cybersecurity where we're filling in the gaps between understanding how tools work and what we're actually doing in our organizations. And that segues into our the the the anticast that I'll be doing on Wednesday.

Doc Blackburn: 59:26

And so if we could put that link up one more time. There it is. Alright. There's a younger, less Herod version of me there. A trivia, for you guys here is just a little fun fact.

Doc Blackburn: 59:38

Well, it's not so much a fact fun as it is a fact. I haven't seen the inside of a barber shop for a year now, and that's why I look like this. And not because I meant to, it's because I was tired of the same old haircut and didn't know what to do with it. So what's the default when you don't know what to do is you do nothing. Right?

Doc Blackburn: 01:00:00

And so let's Let it grow.

Corey Ham: 01:00:01

I can't relate. I I I can't relate at all. Yeah. Right. Right.

Corey Ham: 01:00:05

Right.

Jennifer Shannon: 01:00:06

I think it somebody recently loving hair. I'm a fan of longer hair.

Doc Blackburn: 01:00:12

What's that?

Jennifer Shannon: 01:00:12

I said I'm a fan of the longer hair.

Doc Blackburn: 01:00:14

Yeah. I've I was like, I I've never had it this long before. I'm I'm I'm actually I am at my age. I'm happy that I can still do this. Right?

Corey Ham: 01:00:25

Use it or lose it, baby.

Doc Blackburn: 01:00:26

I'm a huge fan. I'm happy about that. So but but the the one hour anticast on Wednesday is the 14 absolute truths of cybersecurity, and I'll give you the punchline now. Security isn't even what we do. For those who had attended Wild West Hackin Fest, what, San Diego three years ago now, I did a a presentation there that security isn't what you do.

Doc Blackburn: 01:00:54

And the the premise behind it, the thinking behind it, is all around the 14 absolute inescapable truths of cybersecurity. And at the core is the fact that security isn't our jobs. Even though we've got security in our job title, we think that it is. And I don't know. Bronwen, are you prepared to, to disclose something you and I have been working on?

Bronwen Aker: 01:01:23

Your discretion or the lack thereof?

Doc Blackburn: 01:01:25

Do we wanna cheat a little Bronwen and I, along with Mark Williams, are writing a book, And the book work the book's working title is security isn't what you do. And it's all based off of the concept that we were never meant to secure the organizations that we work for because the organization doesn't exist to be secured. So what is it that we're actually doing if we're not there to secure the organization? I'm not gonna answer that here. You're gonna have to show up on Wednesday.

Wade Wells: 01:02:01

Wow.

Doc Blackburn: 01:02:01

The best I can do for a a cliffhanger.

Corey Ham: 01:02:04

That's a pretty good plug. I gotta say, when this got announced internally, everyone was like, what could this possibly be? What are the truths? Everyone was coming up with their own crazy ideas, so it's exciting.

Bronwen Aker: 01:02:15

Probably how much you think it is.

Corey Ham: 01:02:17

Is it a list? Right.

Doc Blackburn: 01:02:19

Is a list. Defenders think it's in the list. Cheddar Cheddar's got it. Cheddar Cheddar got it right on on the Discord there.

Ralph May: 01:02:29

Is it a quizlet?

Doc Blackburn: 01:02:30

I'm not the author. Keith Pomeran is the author. And, Keith Pomeran, I consider to be a friend and a mentor of mine. He has since retired. And I, with his permission and his knowledge and consent, I picked up the torch and and carrying that forward.

Doc Blackburn: 01:02:48

And so and, absolutely, there'll be there'll there'll be a picture of Keith Palmgren in the presentation dressed as Batman. So you guys are gonna have to show up for that.

Corey Ham: 01:02:59

Alright. Well, that's like as that's the best, like, coming soon I've ever seen. So good luck following that up, Jennifer. But I know.

Doc Blackburn: 01:03:07

I was

Jennifer Shannon: 01:03:08

thinking, like, I have to redo all of my Pinterest moving forward. It's too late for this one. I can't my brain gotta reconnect to the Wi Fi before I can think of something that good.

Corey Ham: 01:03:18

To learn how to cut your own bangs, go to Jennifer's webcast.

Jennifer Shannon: 01:03:22

It's really easy.

Wade Wells: 01:03:26

The Internet does not say so.

Jennifer Shannon: 01:03:28

That it looks good. What's easy things that are easy to do and things that are easy to do well are two completely different things.

Wade Wells: 01:03:37

Okay. Okay. Okay.

Jennifer Shannon: 01:03:39

Haircutting is not is I find very frequently it's easy to do, not easy to do well.

Corey Ham: 01:03:46

I've seen worse.

Jennifer Shannon: 01:03:48

Well, my hair is just all it's been a weird it's it's been a long week.

Bronwen Aker: 01:03:53

It's only Monday.

Jennifer Shannon: 01:03:57

I know. Monday started arranging a dental surgery from earlier this morning to tomorrow morning and then taking my dog to a vet So that way, instead, I could go to a doctor's appointment later in the week. Yeah. It's

Corey Ham: 01:04:11

it's API testing, always, always important. APIs are especially now in the world of AI, I mean, everything's an API now. Right? Like, it's like everything is an API.

Ralph May: 01:04:23

I'm an API.

Corey Ham: 01:04:23

So testing them is a must. Alright. Well, unless there's no chicken articles. I'm sorry if you showed up hoping for chicken articles. But

Bronwen Aker: 01:04:32

Someone did post a chicken article in Discord. Really? Was it Hold on. Scrolling up. Scrolling up.

Corey Ham: 01:04:40

Getting fished.

Ralph May: 01:04:41

Getting fished.

Wade Wells: 01:04:41

Way back in the chickens wear reflective vest across the road?

Bronwen Aker: 01:04:46

Why did they wear reflective vest across the road, of course?

Wade Wells: 01:04:50

Flock of chickens which roost in Scottish bed and breakfast have been outfitted with reflective safety vests so they don't get tenderized by cars.

Jennifer Shannon: 01:04:59

I was gonna say

Wade Wells: 01:05:00

cross the road, inside edition reports. They don't wanna get hit by cars.

Corey Ham: 01:05:06

Honestly, the chickens do look pretty good, though.

Jennifer Shannon: 01:05:08

It's probably an OSHA rule. Right?

Wade Wells: 01:05:10

I knew a buddy of mine who had chickens in his house, and he had, like, actual diapers on the chickens.

Jennifer Shannon: 01:05:16

Oh my gosh. I've seen that. I love chickens.

Wade Wells: 01:05:19

That was

Jennifer Shannon: 01:05:19

I have too many cats.

Corey Ham: 01:05:20

I don't let dinosaurs in my house, personally, but that's everyone.

Jennifer Shannon: 01:05:24

Wait. I love dinosaurs.

Corey Ham: 01:05:26

Everyone everyone has their own house rules. Yours is pretty dangerous.

Jennifer Shannon: 01:05:30

Favorite dinosaur?

Corey Ham: 01:05:31

I have nine cats and zero dinosaurs. Alright. I think that's a good as place as any to end it. Thank you all for coming. I appreciate your time, and don't let the chicken cross the road without a reflective safety vest.

Jennifer Shannon: 01:05:44

Dang. This chicken's

Bronwen Aker: 01:05:45

important safety tip.