Talkin' Bout [Infosec] News

This episode of BHIS - Talkin' Bout [infosec] News covers the latest cybersecurity headlines, including debate over the economics of AI infrastructure, updates on the Huntress controversy, new details surrounding Scattered Spider, a critical Microsoft SharePoint vulnerability, and reports of a breach involving a DHS information-sharing network. The discussion also examines Apple's legal battles over alternative app stores, the limitations of Apple's Hide My Email feature, a Medtronic breach, firmware security, Palo Alto Networks attribution disputes, and other notable security stories that didn't make the main rundown.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat


Chapters
  • (00:00) - PreShow Banter™ — Ask GPU
  • (02:09) - Story # 0: The memory crisis heads to court as class-action lawsuit filed against Samsung, SK Hynix, and Micron
  • (05:15) - Apple's Hide My Email ... Doesn't! – 2026-07-06
  • (08:38) - Story #1 - These Recent Insider Threat Allegations
  • (12:53) - Story #2a - Alleged Scattered Spider hacker extradited to the United States
  • (16:40) - Story #3 - US Department of Homeland Security says it is probing a cyber breach at information-sharing network
  • (22:20) - Story #5 - Espionage Against the European Parliament
  • (28:33) - Story #6a - Sony Is Going Disc-Free: What It Means for PS6 and Your Wallet
  • (33:35) - Story #6b - Resetting XBOX
  • (38:51) - Story #7 - Command & Conquer Generals: Zero Hour — macOS, iOS & iPadOS
  • (42:47) - Story #8 - Medtronic notifies customers impacted by ShinyHunters data breach
  • (43:56) - Story #9 - Flipper Zero firmware development continues with community help
  • (55:18) - Story #10 - Amazon will stop accepting new customers for Mechanical Turk
  • (59:06) - Fletus’ YouTube Channel
  • (59:42) - Doc’s Upcoming Workshop
  • (01:03:22) - Story #11 - Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses
  • (01:03:56) - Story #12 - Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage

Links
Story # 0: The memory crisis heads to court as class-action lawsuit filed against Samsung, SK Hynix, and Micron
Story #1 - These Recent Insider Threat Allegations
Story #2a - Alleged Scattered Spider hacker extradited to the United States
Story #3 - US Department of Homeland Security says it is probing a cyber breach at information-sharing network
Story #5 - Espionage Against the European Parliament
Story #6a - Sony Is Going Disc-Free: What It Means for PS6 and Your Wallet
Story #6b - Resetting XBOX
Story #7 - Command & Conquer Generals: Zero Hour — macOS, iOS & iPadOS
Story #8 - Medtronic notifies customers impacted by ShinyHunters data breach
Story #9 - Flipper Zero firmware development continues with community help
Story #10 - Amazon will stop accepting new customers for Mechanical Turk
Fletus’ YouTube Channel
Doc’s Upcoming Workshop
Story #11 - Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses
Story #12 - Startup sues Palo Alto Networks’ Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage

Click here to watch this episode on YouTube.




🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 
https://poweredbybhis.com

Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

Creators and Guests

Host
Corey Ham
Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.
Host
Hayden Covington
Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Hayden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.
Host
John Strand
John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.
Host
Ralph May
Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.
Host
Wade Wells
Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events
Guest
Doc Blackburn
Doc Blackburn is a seasoned (old) cybersecurity instructor with decades of experience in IT, security, and compliance. Over his career, he has worked in many areas of IT, including systems administration, programming, network design, cloud services, web development, and risk management, bringing a broad technical foundation to his teaching. For more than 13 years, Doc has trained students and professionals to understand, implement, and maintain effective security practices, drawing on real-world consulting experience in compliance frameworks such as NIST SP 800-171, CIS Critical Controls, and MITRE ATT&CK. Known for making complex concepts accessible to all audiences, he blends technical depth with practical insights, preparing learners to address today’s evolving cyber threats.
Guest
Fletus Poston
Fletus is a seasoned IT and security professional, with a career spanning since the mid-2000s when he began as an IDS handler. Throughout the years, he has managed cybersecurity initiatives in various industries, including finance, utility, and software development. Fletus holds a Master of Science in Information Systems (M.S.I.S.) specializing in Information Assurance, along with a range of certifications such as CISSP, SSAP, GISF, GSEC, GCED, GPCS, GMON, GCCC, GSLC, GSOM and GCIL. He takes great pleasure in sharing his expertise and passion for cybersecurity with others.
Producer
Ryan Poirier
Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET

Corey Ham:

I will say it it is a little different than like the .com bubble because at least some of the value is physical. Like, you know, GPUs do have at least some physical value unlike the concept of yahoo.com or askjeeves.com or whatever, which has no inherent value.

Ralph May:

Yeah. It was it was vast. Vast.ai, you can go rent GPUs all over the place. And I rent

Corey Ham:

Is that one of the ones that, like, lives at a like, oil and gas production facility and, like, burns off of their extra energy or whatever? Like, getting rid of these?

Ralph May:

No. No. No. No. So, like, what did this is like a marketplace where people just rent out their, like, computer sitting sitting next to them, one GPU or whatever it is.

Ralph May:

Right?

Wade Wells:

Is this the same people making a Avast antivirus? Because I don't know if you should

Corey Ham:

trust them. You're missing out of the day. You're back. You're You're You're You're was if you install Avast on your computer, they will rent out your GPU for you. Not really.

Ralph May:

I rented, like, thirty, fifty It was it was really easy.

Corey Ham:

Yeah. I mean, Amazon with spot pricing too can get ridiculously cheap for what you get.

Ralph May:

Yeah. Yeah. Nah. I don't know. I just thought it was wild that we obviously are in a bubble if the prices are that expensive, but yet the rental is that cheap.

Ralph May:

I you know, we're we're in something

Corey Ham:

I mean, it's always like, I mean, it's these two factors, like buy versus rent. You know, if you were to look at the housing market or any other market would that has, like, large capital investments. You know, buying an office building is expensive, but renting out office space might be cheap. Like, you know, this is a dynamic that exists in any market. Well, yeah.

Corey Ham:

But you you

Ralph May:

also you're also talking about where there's, like, a reasonable supply and demand equilibrium right now. And there there isn't that in the computing market, especially in the RAM and in the GPU market. The, you know, the supply and demand is totally broken. But what I think is most interesting is that everyone is using that supply to then sell it back as a rental. So they're, like, buying every single house to rent it out, but then selling it the rental price really low.

Corey Ham:

Yeah. Just so you Speaking of, I don't know if we put this article in our show notes or if it really would need to be. But did you guys see that there's, like, a price fixing lawsuit that someone filed against Micron and the other in memory manufacturers? So Good. I mean, this is, like, not really cybersecurity, so we can cover it in pre show.

Corey Ham:

But, basically, people are upset about the whole RAM thing RAM pricing to the point that there's actually a class action lawsuit, 14 individuals and three businesses against Samsung and SK Hynix and Micron, the three main major manufacturers, specifically covering DDR three and DDR four. And basically, the claim is that they stopped making DDR three and DDR four intentionally to drive up prices Mhmm. For it. But, you know, we'll see if it pays out. I mean, obviously, this it'll be very difficult to prove whether that price collusion type activity actually happened or if, you know, it's it's turns out it's legal to just maximize profit.

Corey Ham:

That's legal. So We'll see if anything happens from that. But it is a real article. I'll see if I can find a a real link for it.

Ralph May:

I was reading something that said that, you know, every time that sometime there's, like, a price collusion, eventually, some competitor figures out the the the way out and the the price colluters pretty much get, you know, get ran ran ran over pretty hard.

Wade Wells:

We can only hope.

Ralph May:

We can only hope. I I know.

Corey Ham:

I I, you know, I don't know. Like, I could see it going either way. But basically, people are upset about prices for low end RAM, which should be cheap.

Wade Wells:

Yeah. Like DDR three and four, you can probably find a data center somewhere that is just throwing that away. Like, I'm pretty sure I have a buddy who has like a moving box full of DDR four that I will sell to you at cost.

Corey Ham:

Well, I think yeah. I mean, basically, that's like how it was for many years. Like Ralph and I were both buying like, I probably have a text thread between me and Ralph where we both talked about buying 64 gig six of DDR four for like $50 a pop. Yeah. And now that's like that's like impossible.

Ralph May:

The RAM in my servers now is appreciating so fast. Like, I'm

Corey Ham:

making money off it.

Ralph May:

I doubt it. Like, I I just haven't sold it yet. Right? Like, it's It's a

Hayden Covington:

new investment.

Ralph May:

It's a new investment. This is actually like a capital investment right here.

Wade Wells:

Don't invest in the gold. Invest in the RAM.

Corey Ham:

I I get RAM. Every time

Doc Blackburn:

every time a computer chip is made, an angel gets its wings.

Ralph May:

Oh my god.

Corey Ham:

Literally, I just want I did

Ralph May:

just put this in perspective. I was in a drawer that I have extra SSDs in, and I found a couple one terabyte SSDs, like enterprise ones. And they're, like, worth $300. And I was like, no. I know, dude.

Ralph May:

Away. Like, I was

Corey Ham:

like, oh, I know. Home labbers, if you're a hoarder, cash in now or forever hold your peace. This is it.

John Strand:

This is your time.

Ralph May:

Alright. Let's still waiting for

Doc Blackburn:

floppy drives to appreciate

Corey Ham:

the money. Yeah. I'll do it for that. You're gonna be waiting for a while. Vintage though, at some point.

Corey Ham:

It'll be valuable. Alright. Let's do this. Hello, and welcome to Black Hills Information Security's talking about news. It's 07/06/2026.

Corey Ham:

Somehow it's July already. And this is a not an AI generated podcast so far. John Strand well, if you're watching this or listening, it will look and sound like John Strand is being generated by AI. But believe it or not, he is really here. And he'll say something right now that proves he's not generated by AI.

Corey Ham:

Oh, god. Alright. So obviously, we'll go through introductions real quick. My name is Corey Ham. I'm director of continuous pen testing at Black Hills Infosec.

Corey Ham:

I'm always pen testing. And I don't know what that actually means. But Ralph's here. He's a home lab hoarder. That's his job title.

Corey Ham:

He has has more money in RAM than his house is worth. But that's okay.

Ralph May:

Exactly. Exactly. It's appreciating much faster than my home.

Corey Ham:

We've got Hayden who's currently looking for jobs on the McLaren f one team because he's in the sock. And that's just hard. That's hard work.

Hayden Covington:

That's the wrong team to look for jobs on right now. Yeah.

Ralph May:

I don't I

Corey Ham:

don't really follow f one. So I don't know what that means, but it makes sense. And then we've got Doc and I don't is it is it Fledis? Fledis? It's Fledis.

Corey Ham:

It's Fledis. Fledis. Alright. You guys wanna introduce yourselves?

Doc Blackburn:

Go for it, Go for

Fetus Postin III:

it, doc.

Corey Ham:

You're too nice. You're both too nice. You know, you. Oh, go ahead, doc.

Fetus Postin III:

So Fluz Posten currently serve as a director of IT and cybersecurity for an additive three d manufacturing company running pretty much blue team activities. So excited to be here.

John Strand:

Awesome. Cool.

Doc Blackburn:

I'm Doc Blackburn and you're not I don't know why I'm here right now. And so that's alright. Continue on this. There's no need

Corey Ham:

to expand my brain, sir.

John Strand:

Box just like, how did I end up here? Alright, I

Corey Ham:

clicked a phishing link. And now I'm on a podcast. That's what I'd like to hear. It's my worst guy.

Doc Blackburn:

So I got up this morning.

Corey Ham:

Amazing. Alright. And then we've got Wade, who's a professional. Also, I mean, I gotta say you did Hayden, Wade, did you guys, like, coordinate your colors? Are you both simulating that you're getting pulled over by the police?

Corey Ham:

Or what's going on? You both have like a red

Fetus Postin III:

The blue

John Strand:

background color.

Wade Wells:

Yeah. I thought that's how you're supposed to do it just to make pretty backgrounds. That's what that's what, yeah, Ryan tells us.

Corey Ham:

I got an old dog pen and green because I had

Doc Blackburn:

lights for three colors.

Corey Ham:

Yeah. You guys are I had

John Strand:

a student compare me to Doc last week while I was teaching. He's like, Oh, you know, couple of things. One, you don't have cool lights in the background. Two, you don't have any guitars in the background. And three, shave your beard.

John Strand:

And he's like, I don't know if I can trust you. I'm like, God, now I'm gonna get married to doc.

Wade Wells:

Man. Oh, wow. I'm so

John Strand:

sorry. I think you set me up. So alright.

Corey Ham:

Let's get into the articles. I think we can start with kind of a follow-up to the whole Huntress thing. We kind of brought that up. I think that matter, at least from my perspective, is now close, and I wanna give people an update in case they're curious. If you live under a rock, I'm sorry.

Corey Ham:

You don't know what this is. Basically, Huntress is a defensive operations company who does a lot of threat intelligence. And recently, there was a whistleblower who left the company and was basically claiming they are mishandling interactions with criminals and law enforcement. Basically, I think the my summary or, like, my take on this is that it appears that, yes, this did happen. What the person claimed, basically, an employee involved in an investigation did kind of tip-off a criminal that that, you know, the the cops are come on to you or whatever.

Corey Ham:

Huntress is claiming basically that activity was investigated and handled internally. And my read on the situation is that the person the whistleblower who left was not super pumped with that internal resolution and was like, okay. I'm going nuclear. So that's basically my take on it. They obviously did confirm some of the stuff we speculated about last week, which was that they do sometimes interface with law enforcement, and they do also interface with cybercriminals because, you know, that is the nature of being threat intelligence investigators.

Corey Ham:

But also, they confirmed that according to them, least, nothing malicious or illegal happened. There was no tip-off. No investigations were put in danger. No agents or other people were put in danger in danger. I mean, it's a really tough situation.

Corey Ham:

I gotta say that, you know, I kind of see both sides of this one. I get it from both perspectives. Obviously, going public is kind of the worst case scenario. But I don't know. What what are people's thoughts on this?

Corey Ham:

I feel like it's kinda closed and and weirdly in a way that kind of works for everyone. I don't know.

John Strand:

I don't know how Kyle and the team could have handled this any better because they basically said, Yeah, it's kinda true, but there's more to it. Yeah. And we can't talk about it. And see, that's what sucks about living in a gray area. Right?

John Strand:

Like, you're always gonna have these gray areas, and they can't come out and say flat out, No. This is a lie. They can't come out and say, yes, it's a 100% true. It's it's true. There's gonna be nuance.

John Strand:

There's gonna be something in the middle of what's going on here. I just I really don't think that Huntress could have won this at all. I think that the statement is about as good as it could have been. It's still bad. I'm not crapping on it like it could have been written better.

John Strand:

It's just that it's nuance.

Corey Ham:

They had to leave some info out intentionally.

John Strand:

They had to. Yeah. Yeah. And I still say this, social media is not a place for nuanced conversations. And I'm sure that there's a lot more data about this that we'll never know.

John Strand:

And to be honest with you, if they're working with law enforcement, law enforcement's happy, then it's none of our business. Let's move on with our lives.

Corey Ham:

Alright. I agree. Any other takes on on this? I think it's basically, what I would say is if you are an organization following this, and you do kind of similar activities, I think it's worth sort of trying to navigate these situations carefully. Right?

Corey Ham:

Just like they are

John Strand:

always. Yeah.

Hayden Covington:

Yeah. I I thought what we're supposed to do with social media, though, is to make a lot of drama about nothing. So I thought we're supposed to do that.

Wade Wells:

Was the wrong podcast. Didn't have to.

Hayden Covington:

And then Ryan We're trying not do that. Yeah. Thanks, Ryan.

John Strand:

Yeah. Then Brian throws a bump in the big screen.

Corey Ham:

Yeah. So Yeah. We try not to do that.

Hayden Covington:

No. And

John Strand:

about all I gotta say about that, doc, since we're doing old references. Right?

Corey Ham:

Because we don't if we remember that.

Doc Blackburn:

So That was a good one. And as far as this article goes, was gonna say this has real strong energy of we've investigated ourselves and discovered a vocabulary problem.

Corey Ham:

Yeah.

John Strand:

Yeah.

Corey Ham:

Alright. On another I guess, let's stay in law enforcement corner for a second. A couple of scattered spider one scattered spider hacker was been extradited to The United States. It's a dual US and Estonian citizen who's facing charges in The US. His name is Peter Stokes.

Corey Ham:

And he was arrested in Finland on the April 10. He was involved in four scattered spider breaches, which if you don't know who scattered spider is, they're basically an English speaking Right. Group that was doing a lot of social engineering activity. They were the MGM breach or party responsible for that and have incurred a lot of damage in ransomware. Also, I mean, there's not much to talk about with this article except for I don't know if it'll come through in the summary, but you have to show the picture because I'd like to I'd like to congratulate I'd like to congratulate the US Department of Justice for maintaining their perfect streak of finding the most embarrassing photos of someone they possibly can and using them for the news articles and

John Strand:

They did a great job here.

Corey Ham:

Such like a horror. I'm sure this poor kid has so many photos of him that are so much more reasonable than this. No, this is what they use.

John Strand:

These are the only two photos of this kid.

Fetus Postin III:

I go back to Hayden's comment. This is why social media is bad. Any and every photo can be taken and used against you in the court of law.

Corey Ham:

This is these are the only two photos of this. Yeah. And he's got like a

Hayden Covington:

Gatorade water bottle. Like, you got all that money, but a cheap $10 water bottle. So

John Strand:

Hey, does is he wearing wait, is he wearing a necklace that says hack the planet?

Corey Ham:

Yes. He is. And it's a diamond necklace, by the way.

John Strand:

Oh my god. Oh, man.

Ralph May:

Did you guys see how they caught him, though? So did you there No. There's an article in Tom's Hardware that they used a Windows Microsoft used a Windows 11 identifier. They worked with the FBI to identify the actual to get a the GDID data to help with the FBI with the with catching in. So the global device identifier on their Windows instance, they actually use that to to help track them down.

Wade Wells:

Bro, just a stack on Windows.

Corey Ham:

Are you telling me that operating systems track and collect information about their users? That's b s, dude. That's why only use our Linux.

John Strand:

Share them with vendors?

Corey Ham:

Yes. Only I only use our Linux. So then I'm all my OS is always completely broken, and I can't do crime.

Ralph May:

Here's the wildest part. People get upset when they catch you doing a crime. But when they sell that exact same data to advertisers, they're like, oh, okay. That's just part of business. Yeah.

Corey Ham:

I mean yeah. It is it is what it is, you know. Criminal justice system, hopefully, will work as intended here. I guess, one last thing, John. Question for you.

Corey Ham:

Hypothetically, if this person was wearing a BHIS shirt, how do you feel? Like, is that is that is it no press is bad for us? Or like

John Strand:

It depends it depends on the so it depends on the shirt. Right? If they're wearing spearfishing social cork like Rekka Rekka really doesn't does it's kind of you know, just a clothing brand, right? But if it's like, BHIS, you know, like, any staff

Wade Wells:

where somebody's got a staff

Corey Ham:

corporate shirt. I might be

John Strand:

a little uncomfortable because I don't think our shirts pair well with that haircut.

Corey Ham:

Oh, I see. Yeah.

John Strand:

Strict fashion sense. Our shirts do not pair well with diamond necklaces that say hacker planet. That specific hairstyle, and I think it kinda clashes with a handful of cash. But other than that, I'm fine with it.

Corey Ham:

Alright. Moving on. Moving on. There was potentially a leak this week. It's pretty spicy one.

Corey Ham:

Basically, the the claim this leaked information claiming that hackers breached DHS's information sharing network. I don't know. Yeah. This this one, I think there's a link somewhere to it. And there's a few different there's a Reuters article about it.

Corey Ham:

There's a few different articles about it. I'll paste. But basically, John, have you read this one?

John Strand:

I have. And the so, yeah, it's possible that they broke into this network. I don't know what the level of damage would be from it because a lot of these data sharing networks, threat actors and breach data and things of that nature, especially whenever it's unclassified, like sensitive, but I think it was sensitive.

Corey Ham:

Yeah, they said information, it's, they haven't named the network that was supposedly breached. It just says it was an information sharing network.

John Strand:

And it's usually anything that's unclassified the network that that broke into has like crap data. A lot of its data that we already, like a lot of other sources are talking about it openly. I mean, yes, Department of Homeland Security do better in secure your systems, but I I don't think that this is, like, the equivalent of, like, full classified data breach or anything like that at all. I it just every time I've been around these datasets, it's not super, super interesting at all.

Corey Ham:

Yeah. Mean, it says SharePoint was compromised as well. I'm assuming Of

John Strand:

course it was.

Corey Ham:

Maybe it was the SharePoint CV that popped this week, maybe?

John Strand:

Could be. Could be. I would like that would be a much more interesting story to me. But still, I don't know. Then there would be another interesting, like, are they running their own on prem sharepoint instance as well?

Hayden Covington:

I hope so.

John Strand:

I don't know. I I don't think that this is like a big deal. Like, my god, something horribly sensitive has been broken. But, yeah,

Corey Ham:

I mean, it's just a headline anytime that DHS is claiming a data breach, right? Like that is, you know, the exact headline they're trying to avoid at any cost.

Hayden Covington:

Yeah, the article at the very end says,

John Strand:

no, no, no, no, no, DHS, You can say that they're trying to avoid those headlines. What's the quote? I think Winston Churchill said Americans will always do the right thing after they've tried everything else worse. Whenever you're talking about whenever you're talking about government security, it's like, well, we gotta make sure we do a press release. We gotta do this.

John Strand:

How about we actually secure the servers? No. No. No. We're not gonna

Ralph May:

No. No.

John Strand:

We're not gonna put effort into that at all.

Corey Ham:

It's a legacy network, It's legacy. And it's unclassified. Are you gonna get It's always.

John Strand:

Yeah. It's right there. I think you just nailed it, Corey. You just summed it

Corey Ham:

up perfectly. Alright. That's where we're at. But yeah. Speaking of SharePoint, there is a note.

Corey Ham:

KEV got an addition this week of SharePoint CVE. It's it's self hosted SharePoint only. If you SharePoint like every if you use SharePoint like every single organization on the planet does, it's probably cloud hosted, and you're you're not vulnerable to this. But if you are the weird ones who self host your SharePoint because of, I don't know, legacy information sharing networks, like the DHS, there is a CVE, and you should patch immediately because it was disclosed on July 2.

Hayden Covington:

Yeah. If you've ever used SharePoint, you know that it's kind of iffy. If you've ever thought that maybe it's not the greatest, you should try self hosting it because it gives you an entirely new opinion on Uh-huh.

Ralph May:

On SharePoint. Bad it is. Yep.

Hayden Covington:

Yeah. And if that's not bad enough that you have to use the self hosted SharePoint, how many CVEs has it been for SharePoint in the last few years? It's been a couple that were pretty nasty.

Corey Ham:

Pretty nasty. Yeah.

Hayden Covington:

It's been a couple to maybe move to something else.

Corey Ham:

You know what the worst

Ralph May:

part is? Is people think that the SharePoint on, like, regular Microsoft is somehow better, like, in

Hayden Covington:

the cloud? They're like, oh, yeah.

Ralph May:

I know. It's it's just that they updated it before this one.

John Strand:

Okay. But that's my question I'd like to ask is, you remember, like years ago, there was somebody, there was a critical exchange vulnerability and the guy decided to see how long it took to patch it. And it was like incredibly hard to install patch. Is SharePoint as difficult to patch as old on on prem of Exchange, or is it a little bit easier? I don't know of anybody that's running on prem SharePoint other than some of our customers from time to time.

John Strand:

But, seriously, it's just, an incredible pain in the ass to patch or is it pretty straightforward?

Corey Ham:

Yeah. The point should be

Ralph May:

straightforward. Usually.

Fetus Postin III:

It's it's still sandbox.

Corey Ham:

It's it's tedious, but it Yeah. It's one of the okay.

John Strand:

Here's the

Ralph May:

fun patch one. Here's the fun patch lesson. This Microsoft done this a done a bunch of times too, historically. Right? You gotta patch this, and then you have to go to this version.

Ralph May:

Then you gotta go to that version, and then only

John Strand:

this version.

Corey Ham:

If you

Ralph May:

go to the other one, you're gonna break the yes. Yes. Exactly. They love it.

Corey Ham:

They love it. So what if I just go and Copilot or Codex and type patch my SharePoint, make no mistakes, c r, buddy?

Hayden Covington:

Yeah. It would only work if it's on fable. It's on fable. Wrong with it.

Corey Ham:

It's

Ralph May:

on fable. It'll be like, sorry, I can't do this. Yeah.

John Strand:

Did you just replace our SharePoint server with FTP server running on arch?

Corey Ham:

Listen, I ran out of discussions. Yeah, I ran out. So actually, John, have bad news. It is FTP, but it's somehow through IIS. Don't question that.

Corey Ham:

There we go.

Ralph May:

Don't get that. It happens a lot. Yes. That's how you know it. You made it FTP with IIS.

Corey Ham:

I've switched to Move It, a more secure solution with no one. Hey.

John Strand:

There's something we haven't heard in a while.

Corey Ham:

No. Didn't. And everyone moved it out of there. So we already kind of just talked about this without talking about it, but we're talking about Fable. But wait,

John Strand:

crap. I was gonna say, do we have any other stories? Hold on. Hold on.

Corey Ham:

No, no, no, we're not gonna

John Strand:

go there yet. We're not. Nope. That's AI.

Fetus Postin III:

He refuses.

Corey Ham:

Hold on.

John Strand:

I'm not there yet. I'm not. That's AI.

Corey Ham:

Did you see where you defeat AirDapt system? Hold on. Hold on.

John Strand:

I got one. I got one. This story right here.

Corey Ham:

Yep. This is another guy that was non AI news article right now. Yes. Exactly. Yeah.

Ralph May:

Copeland is summarizing the non AI article.

John Strand:

Investigating. Hold on. It's the guy that was investigating Pegasus in Europe, and then they found out he had Pegasus on his computer.

Corey Ham:

What? Yeah.

John Strand:

So this is the he was a substitute member of the European Parliament Committee, And they were specifically in the EU investigating the use of Pegasus and equivalent surveillance spyware. And they found out that he had Pegasus since the fall time. Okay.

Corey Ham:

But the question is, are these two activities related? Does he just have bad hygiene? Or is this separate?

John Strand:

I would find it very weird if NSO hacked. Well, I wouldn't actually shit. I man, flip a coin. I think it would be about 5,050. Because this is the group in Europe, that's studying NSO.

John Strand:

And whether or not it's going to be okay for people to use Pegasus and NSO. I can't put it past. I can't put it past the NSO to hack the members on that panel to see what they're coming up with. Oh, I don't know. Fifty fifty on this one.

John Strand:

Does anyone else have a take on that?

Doc Blackburn:

He was he was trying to reverse engineer it. Yeah. It's not surprising that the spyware being investigated apparently is attending every meeting.

Corey Ham:

Well, okay. I I think I will say, like, reading the article a little bit in-depth, I think that it probably was a nontechnical. Like, I'm guessing this person was actually infected, like, as from the threat actors. Because they're a member of parliament and they're on the committee that's supposed to be, like, investigating spyware abuse in Europe. Right?

Corey Ham:

So it seems like that would just be a target for, you know.

Wade Wells:

Corey, thanks for taking out fun out of it. Alright?

Corey Ham:

Like, we've made, like, five more jokes about Yeah.

Fetus Postin III:

As I said, I'm like, at the back door.

Corey Ham:

Yeah. I mean, it is possible. Right? Like, I mean, sometimes people get a little technical, but also, just to make it even more depressing, it was his iPhone that was infected. So basically, you know, his personal or not personal, but his phone was what was infected.

Corey Ham:

It's probably pretty unlikely he was doing reverse engineering on his phone unless he's, you know What if what if he infected?

Wade Wells:

He infected himself on a iPhone as a false flag.

John Strand:

I

Wade Wells:

And then he was feeding them information. It was he took John's deception class. That was the key

Corey Ham:

of it.

John Strand:

That's how it works. I don't know everything I learned about how they reverse engineer shit in Europe. I learned from, like, like, James Bond Spector. Or was it skyfall where the guy was just like running it on on the actual network? And blew up the building.

John Strand:

So I don't know. Maybe?

Corey Ham:

Yeah. I mean, basically, this is it is dating back a few years. Right? This is 2022, 2023. I don't know exactly.

Corey Ham:

We honestly, it's super interesting to think about. We don't know how active tools like Pegasus really are today. We don't know if these are still running rampant or not. There's been a lot of regulations around them. Obviously, Apple filed some lawsuits against these companies.

Corey Ham:

Like, it's a pretty active like, Apple's worst headline is we can hack your phone with Pegasus or whatever. But Yep. It's kinda crazy. You because you have to think of it from the nation state, like, level. The assumption I would make is that only nation states get access to run Pegasus against live targets.

Corey Ham:

And so the question is, what nation state is running a live Pegasus infection against a member of parliament? And

John Strand:

that's why that's why I'm, flipping coin that NSO group was behind it because you're a 100% right. And as far as I know, you still have to have a direct connection back to NSO servers. Like, just can't Yes. Stand it up on your own. Just go go like off road.

John Strand:

Right?

Corey Ham:

So no cracked copy. Although if you Google it, you will find a cracked copy. Don't install that.

John Strand:

Wait. What? Was trying to keep up with my hair because I

Doc Blackburn:

think Apple's just upset that they're not getting a 30 cut for agents.

Corey Ham:

I put in the app store.

John Strand:

I'd love to say someone's eyes. Yeah, it's like, Doc, I just got a pop up. It said I have to download this app from the store in order for it to run properly. That's spear phishing in the future. It's like go to the App Store and download BHIS dash Pegasus is not not Spectrops Pegasus, not TrustedSec Pegasus, BHIS Pegasus.

Corey Ham:

It's gonna open up the app, but it's gonna ask for a callback URL in that you

John Strand:

Yeah. Deflected it said.

Ralph May:

I thought the European Union changed the rules so Apple has to have a alternative app store or whatever. I think I think that was one of the laws they did change. So

John Strand:

I don't know if it's in effect yet or not. I

Corey Ham:

don't know.

John Strand:

I dig it a lot.

Fetus Postin III:

But that's what Apple Intelligence is for. You just tell Siri to go to use Apple Intelligence and put it back for you.

Corey Ham:

Ah. Yes. That's good for preventing it from ever getting infected because Apple Intelligence is useless. I was

Doc Blackburn:

gonna say.

John Strand:

By the way, I want to say I'm proud of all of us. We made it twenty three minutes without an AI story.

Corey Ham:

Oh, can go. We can

Wade Wells:

go one hour. There's a lot more. Let's do

Corey Ham:

another one. Let's do another one. This is like a push up. How many push ups can we do before AI podcast happens?

John Strand:

Two. Exactly two.

Wade Wells:

I would say, I don't know if this is security, but I I still think it's in the realm of Sony going completely digital.

Hayden Covington:

Oh, I saw that. Dude, people are mad about that.

Corey Ham:

Okay. Wait. So is this like

Wade Wells:

This is PS five games. Yeah. All PlayStation games are going completely digital by April 2027. So no more physical discs whatsoever. There's already I'll throw you a link right now.

Wade Wells:

But you can just Google it and you'll find something too though.

Hayden Covington:

So People are not happy.

Wade Wells:

Yeah. So so the thing is Xbox is there's already been talks that Xbox is already moving this way as well. But like, I'm not surprised about it, but I am sad about it, if that makes sense. There's also a bunch of great memes out there

John Strand:

Oh, yeah.

Wade Wells:

Going around of like, Domino's putting out a statement saying, in response to the gaming industry, Domino's will be going completely digital by 2027, then everyone else is clowning on them as well. I

Corey Ham:

see. Yeah. The classic pile on. Yeah.

Wade Wells:

If if you guys remember, think it was, like, 2024 Xbox made a statement that they were going to do this, and then quickly walked it back due to due to community. And Sony actually has a YouTube video out there saying, like, oh, here's how you share a PlayStation game and just gives them the physical. But this looks like it's already in place. They're already ramping down one of their factories that is there just to make disks and then rearming it to do something else.

John Strand:

I just yeah. It's gonna it's gonna run, you know, crypto mining or something. AI server So this this was okay. Like, I I don't give a shit about this one, honestly. What does bother me is I think it was Sony also said this last week that if you do not log in to your account over, can't remember how many months

Corey Ham:

There's twelve that they will

John Strand:

delete your account. Twelve months. Yeah. And they will delete all the games that you purchased. And that's a bigger deal for me.

John Strand:

I don't know why people are more enraged

Corey Ham:

about that than

Ralph May:

But, John, that's same that's the same deal. It's like they're actually so interconnected.

Corey Ham:

It is.

John Strand:

Yeah. It is connected. Yes.

Ralph May:

Yes. Because if you don't have a CD, now, if I lose my account, I lose everything. Right? And then it just really comes down to the general thing. Do you own do you own anything?

Ralph May:

The And you don't.

Hayden Covington:

The goal is for you to not own a Like an Amazon book, you rent it if you buy

Ralph May:

a rental. If you buy

Hayden Covington:

a if you buy a game, it's now a rental. Everything's a rental. They don't want you to actually own anything. The part that also has a lot of people furious is these, like, these digital games that cost so much less to produce at that point. You don't have to produce physically cost more and also continue to go up in price where, like, the new GTA will be over a $100 or something ridiculous, probably.

John Strand:

Yeah. But the physical the physical disc, a lot of the games my kids would get, you would get the physical disc, but you would still have to associate it with an account.

Corey Ham:

Yeah. The disk is useless. It just has to wait to anyway. Yeah. Yeah.

Corey Ham:

That that was like the the gateway expansions and yeah. Yeah. I mean, I

Doc Blackburn:

think This is Sony having a great way of saying you no longer own the game, but please enjoy paying $70 for permission.

Corey Ham:

Right. You you want to

Hayden Covington:

pass this thing done to your kid, they now need to pay for it themselves too. Go to hell.

Corey Ham:

I I think there's basically there's two takes on this. One is there there's always gonna be a counter to this. Right? One is vintage gaming, which is probably just as popular as it ever will be, are gonna get even more popular. Right?

Corey Ham:

People, especially of our vintage, are more interested in playing games they played as a kid on NES than they are in GTA six. Also, I think for most people I talk to that play a lot of video games, most of them have some kind of a game pass type subscription and just kind of flop around. Like, I don't own any of the shows or meet movies that I watch. I just have They're like they're shut up.

Ralph May:

Spotify ing video games.

Corey Ham:

Yeah. They're Spotify ing video games, which That

Hayden Covington:

that's fine if that's the model, though. But if you if you're purchasing a game for $70, you would assume that you at least have some amount of ownership over that product, which you don't.

Corey Ham:

And you Well okay.

Hayden Covington:

You never will if they have Yeah.

Corey Ham:

I think that's an interesting one because it depends on where you buy it. Right? Like, right now, we're still in the, like, kind of transition phase of, like, depends on where you buy it. But, yeah, long term

Ralph May:

Perpetual licensing is dying, and that's really what it's getting to.

Corey Ham:

But I think it's a part of that.

Ralph May:

The disc is there. You should be able

Corey Ham:

to copy all of it

Ralph May:

off and be able to save it and be able to, you know, have it to to play, you know, because you bought the license one time. Right?

Corey Ham:

Yeah. You know? Basically, the

Fetus Postin III:

But Ralph, you're talking about the legacy stuff where now it's everything is subscription based.

Corey Ham:

Want you to pay me every month. Yeah. Because you

Fetus Postin III:

can't have this perpetual license anymore. Yeah.

Corey Ham:

Yes. I I mean, basically, they're adopting. They've seen Amazon or other vendors do this, Spotify, you know, etcetera etcetera. A lot of other industries have already moved to this model and so they're just following it.

Wade Wells:

The thing is though with like the video game stuff, especially with Xbox, right? They started losing money on their subscription base. Like they and now they're they're slowly walking stuff back hence. But there's another story with Xbox laying off a bunch of people and it's all their gaming division. And they even they brought the price down to try to bring gamers back, but, like, the subscription model isn't doing so well for gaming wise.

Corey Ham:

I mean, that's interesting. I I basically, what I would say is, I think this does also, you know, to tie it back into cybersecurity. This puts a huge target on the back of the firmware for Sony and like Oh. Them as a company of like, this basically means people wanna jailbreak this 10 times harder. Right.

Corey Ham:

And there is, like, there is a a a real thing, which is basically, if you make piracy the easiest and cheapest alternative, people will just do piracy. Like, the only real way to prevent piracy is to make it easier and cheaper not to pirate it. Right? Like Well,

John Strand:

it was like, that that do you know, that's exactly what Netflix did. Whenever Netflix, it was kind of like Netflix and Amazon, you know, all the different pirate based shit just kinda went away because it was so easy to just get a Netflix subscription or just get something on Amazon Prime. Now all of a sudden, like, you have to have, like, five different subscriptions to be able to get to things. And now you're right. People are just like, well, looks like I'm going back to piracy.

Ralph May:

Going back onto the sea, my friends.

Corey Ham:

For PlayStation, you need the

Hayden Covington:

$600 console, and then you need their $20 a month subscription, and then you're buying the digital copy of the game.

Wade Wells:

You're Ralph's already running local models. We might as well have him run a couple emulators for too. Know? That's like a

Hayden Covington:

great yeah. Oh my Yeah.

Corey Ham:

I mean, honestly yeah. I'm curious to see how this evolves long term because, like, first of all, Steam and the other, like, PC gaming can lean hard against this and kind of be a counter be counter positioned. Yeah. And it might just take like, everything's poised to make console gaming kind of die. You have PC gaming being the most, like, polished it's ever been with the steam machines and the steam deck and all that stuff.

Corey Ham:

You have consoles getting as expensive as computers. You have now subscriptions for everything. And, you know, Microsoft doing poorly with Xbox. Like, we're basically down to, like, two consoles. I don't know.

Corey Ham:

It's it's it's rough out there if you're a console gamer.

Hayden Covington:

Yeah. And and Wade mentioned the other Microsoft story. So that story is is Microsoft, but also largely Xbox is where the focus comes out. Yes. Because I think it was the CEO of Xbox.

Hayden Covington:

She mentioned it on on Twitter or whatever

Corey Ham:

it's called.

Ralph May:

I'm not gonna say the word. Did they mention the word as their layoff?

Hayden Covington:

Or Yeah. I think so. Yeah. Because it because it's supposed

Ralph May:

to be Literally.

Hayden Covington:

800 people and then 1,600 of which will impact Xbox today. But they they mentioned it, like, very early. This is through, like, 2027 as well.

Corey Ham:

I just think gonna go through. It's kinda messed up because it's literally the blog or the, like, internal email subject was resetting Xbox. Yikes.

Wade Wells:

Yeah. You gotta remember, like, a little while ago, they bought, like, all the main developers. Right? Because they're going hard on the subscription model.

Hayden Covington:

That was a bad decision. And I think she the CEO mentioned that specifically in her her release was like, this was not the right call to buy up a bunch of studios. That was not the correct decision. I think it

Wade Wells:

would have been the right call if they then gated if they gated all the games. Right? Like, they bought some of the biggest ones. If they would have said, hey, Sony, screw you. Like, then it probably would have worked.

Corey Ham:

Mean, think they just they just didn't make very good games. It's basically what it comes down to. Like, they they spent billions of dollars making games that no one wanted to play. Basically, it's like Yeah.

Hayden Covington:

And I can see the appeals of of Xbox and all that stuff. Right? Like, I play most of the games that I do play on a PC. But I can see the appeal of an Xbox where you spin it up and, like, you don't have to update anything, and everything's ready to go. But now it's to the point where you turn on your Xbox, and it's a 90 gigabyte update for something.

Hayden Covington:

And for some whatever reason, it didn't do it automatically. Like, it's as much upkeep as a computer, but then you're paying you know, they have, like, four tiers for their game pass now or something ridiculous like Netflix.

Corey Ham:

Like, becomes

Hayden Covington:

more and more convoluted. Like, it's hit my download.

Wade Wells:

Last month, I hit my download limit. Much on my ISP? And then they charge you $10 for every 50 gigs over. And I win a 100 gigs over.

Corey Ham:

Oh, Oh, woah,

Doc Blackburn:

There's still a simple solution to this that you're all missing.

Corey Ham:

Is it not game?

Doc Blackburn:

Minesweeper is still free. Is it? Yeah. Like to go to minesweeper.online.

Wade Wells:

Oh, it's online. You still have to be online, though.

Doc Blackburn:

It's not even on the host. It's not behind a paywall. Pay for Minesweeper. I'm all Viva revolution. I'm with you guys if Minesweeper goes big.

Wade Wells:

I'm gonna say that.

Fetus Postin III:

Just go offline and play the the browser based games. You got Dino and Chrome. You got this downhill skiing and edge. You can just go

Corey Ham:

Sure. Off Dino. Yeah. That's right. Browser based games.

Doc Blackburn:

New page source. Just save it. I'm good. Save it.

Fetus Postin III:

Play it

Wade Wells:

again. So I'll I'll

Hayden Covington:

segue us, Corey. What about instead of playing with games, we play with AI instead? Oh, woah. Woah.

Corey Ham:

Woah. No. No. I got a I got

Wade Wells:

a good one. Last one. Last one.

Corey Ham:

More, dude. There's more.

Wade Wells:

There's so many Claude Claude routed Command and Conquer Yes. But they routed all of Command and Conquer Zero and ported it to iPad in four hours.

Corey Ham:

Yeah.

Wade Wells:

What? What? Yes.

Ralph May:

See? Developers got some

Corey Ham:

So that's why GTA six is gonna be taking a year and a half to port is because they're

Wade Wells:

not prod? Pretty much. Yeah. So if you wanna port any game whatsoever, just throw a clot at it with a fable subscription and sit back and relax.

Corey Ham:

This is a broader theme that's happening in software in general, where people are just taking a weekend to rip in some Red Bulls and porting one piece of software into another Yeah. Programming language. Like, someone last a couple weekends ago did SQLite ported into Rust. Well, it's you that how you learned it, Like, every time they do a port

Ralph May:

with Rust, it's always faster though. I every time you see, like, some, like, little port to Rust, it'll be faster. But it'll always be, like, a millisecond faster or whatever. Like, nothing to, like, actually go through.

Corey Ham:

Dude, I

Wade Wells:

get so many Rust, like, port things to Rust ads and stuff to port to and it's because of this podcast, and you guys mentioned it so much. Yes.

Corey Ham:

I mean, the thing is we're gonna port this podcast to Rust someday. Just you wait. Yeah. No. Actually, 75% faster, and it's gonna be memory safe.

Ralph May:

So I actually, to to widen that up just a little bit more though, and I think what Corey's probably hinting at is that we're gonna see a lot more compatibility across different operating systems in games because it's so or not just games, software as well, because it's very inexpensive to do these ports. Right? Like, the large language models are good at looking at already existing code and just modifying it for that other languages. It speaks much

Corey Ham:

Especially for small legacy code bases like this. If it was running on Windows XP, Claude can rip through it in, like, five minutes. Like, you know, like, the code bases are small.

Ralph May:

So then what is Claude five years from now gonna do too? Right?

Corey Ham:

Exactly.

Ralph May:

I mean, you know, let's fast forward and just say but I I think that, you know, here here's the deal. Hey. I made this game. I love it. It works great.

Ralph May:

I I but, hey, I wanna port it for our iOS and I never had the time to do that. Hey, look. Now I can, as a developer, for a very low amount of effort and money. So

Corey Ham:

Totally.

Ralph May:

Yeah.

Corey Ham:

I'm sure app stores are about to pop off. Like, via of submissions. It's probably gonna be the same thing as, like, the HackerOne thing where they just have to shut down new apps because Yes.

Ralph May:

Know? Making apps, like, especially simple apps, I've personally done it for iOS or Android, is incredibly simple with large models. Like, they the the barrier to entry is, like, almost zero. That doesn't mean that it's good or bad or whatever. I'm just saying that you're gonna have so many apps out there that do, like, one thing, which is, like, the joke, you know, where they have the app to turn on the flashlight.

Ralph May:

Like, just the stupid amounts of apps that'll be out

Corey Ham:

there. Okay. So and I think with but let's coin the term slaps right now for AI slap apps. Slap. That's it.

Corey Ham:

The amount of nothing is gonna this this shit is not gonna slap.

Ralph May:

Is not. There's gonna

Corey Ham:

be a way that's why will

Fetus Postin III:

pull an app, but I'll never be able to update it because I vibe coded. No one ever gonna tell me out of can report it back in.

Corey Ham:

Oh, no. No. The other vibe code that can do. That. Just save a little memory for Claude that says, you are an experts senior Yeah.

Corey Ham:

Principal software engineer. Mistakes.

Fetus Postin III:

Make no mistakes.

Corey Ham:

The key I do love people that, like, hard code the number of years of experience in the prompt. It's like, is there gonna be a difference between a senior pen tester with ten years of experience and a senior pen tester with fifteen years of experience? Like, I don't think that prompt is gonna change.

Hayden Covington:

Oh god. Senior player tester with a hundred years of experience.

Corey Ham:

A hundred years of experience. It's like, I don't know what to do. We're breaking time continuum. It's it's more of the like anyway, what else we got? We got let's let's go let's let's dip into some AI stuff.

Corey Ham:

There's the Medtronic breach. This is Shiny Hunters. Not AI. That was a joke. I I tricked you all.

Corey Ham:

Basically, is, I think, my perspective, just your traditional ransomware. This just feels like a it there's kinda thin on details, but unfortunately, some Social Security numbers were disclosed. Not that that really matters anymore because they were all already disclosed. They basically it stolen data has never been exposed, so we'll see, I guess. It's unclear if they paid or exactly what happened.

Corey Ham:

But basically, they disclosed the breach, and the data was never public. So

Hayden Covington:

I mean, the good news is you have twenty four months of credit monitoring. So get

Fetus Postin III:

two years this time. Instead of twelve, you get two years. Yeah. What talking about? Add it add it to the sixty years I already have from other Right.

Fetus Postin III:

Which is exactly good.

Corey Ham:

Yeah. Exactly. Yeah. That that was kinda one. We sort of already talked about this a little bit, but it appears so flipper zero.

Corey Ham:

Does everyone know what that is? It's basically a little

Ralph May:

I know.

Corey Ham:

Device designed to annoy anyone with a Bluetooth compatible device at a security conference, from what I can tell. And basically, it's I'm not sure exactly they, like, stop supporting it? Or I'm just the the article is basically saying like, okay, firmware, you know, is gonna be supported by the community now. But what I'm not clear on is, does anyone know did they stop, like, officially supporting I

Wade Wells:

know there's a new one coming out. Right? There's a new newer version.

Corey Ham:

December 2025 was the latest stable, I guess. And then I after that, they essentially just said, we're stopping we're not releasing any more official firmware versions, but we are going to maintain it basically kind of like, I I would call it like a Linux model ish, where it's like community members submit PRs and things. And, like, there's people from the company that actually review those and merge them, basically. So it's like they're not actually

Fetus Postin III:

If you read something down the article, it states that they they outgrew their team. Like, says 1,000,000 pimpers, zeroes generate too much communication that the smart team can't manage. So they're asking the community to help them manage it, which is why they disabled direct messaging on their social media channels.

Corey Ham:

I mean, it makes sense, especially in the era of vibe coding. Like, can you imagine how many PRs they probably get every week?

Hayden Covington:

I think it's like Open Clog got, like, a 100,000 or some insane number where people could just throw slop at platforms as as easy as they want from their phones too if they want, like

John Strand:

I mean, a lot of times,

Ralph May:

these one off features, though, you don't even need to submit it back. You're like, this one's for me. Right. Exactly.

Corey Ham:

Like, you don't have to PR it. You don't have to.

Hayden Covington:

You can just keep it.

Corey Ham:

You can

Hayden Covington:

keep things

John Strand:

for I mean, but, you know, yeah.

Ralph May:

You could just be like, hey, I I built this thing. It works great for me. It does what I wanted. So now I don't have to complain in the forums. Would someone please build this?

Hayden Covington:

Yeah. Keep your slop code. As yourself. No one wants it.

Wade Wells:

Has anyone has anyone let the like, I I've been wanting to do this but haven't. And I want to clone what what are the Disney things that go on top of the box, Ralph, that play music and stuff?

Ralph May:

Oh, I've already done it.

Corey Ham:

You can but you you straight clone them? You can't

Ralph May:

you can't you can't just you can't destroy they're called Tony's, by the way.

Corey Ham:

The Tony's. Yeah. Yeah. You can't just clone them. The they they You can.

Corey Ham:

You you can There's a whole Yeah.

Ralph May:

You can read them and you can make new figurines and you can redo the tags. They're they're kind of fun because you have to, like, elicit them to actually respond to you. So there's like a code. Yep. So they if you just try to use your flipper, right, to read it, it's not gonna work.

Ralph May:

You know, you're gonna need to Proxmark and, you know, a little bit of time. But yeah, you could totally do it. Yeah. Some there's some fun research into that. So

Wade Wells:

That's well, I wanna just plug plug my flipper into my computer and

Hayden Covington:

just let Claude do it. Yeah.

Corey Ham:

So it's not fake.

Hayden Covington:

I'd go at it, Claude.

Ralph May:

Yeah. So if you ever if you ever wanna do the ad, I built some of these, like, essentially design loops. If you can feed what you want and give it enough tentacles, meaning, like, give it access to all of the things that you could do, you could just have it loop through until it solves the problem.

Fetus Postin III:

Ah, okay.

Corey Ham:

We do not condone biracy on this show, but Never. Never. Go on. Get out. Just type.

Fetus Postin III:

Prompt just reminded you. You don't write prompts. You write loops. You write loops. Continue writing a loop.

Fetus Postin III:

Never write a prompt again. Just write a

Corey Ham:

loop. Always write a while loop that only completes when your agent hacks the Gibson.

Fetus Postin III:

Yeah. Or it runs out of tokens.

Ralph May:

No. Actually, there's there's been a couple actually interesting articles, piracy aside, around just how the technology works usually when something like that happens. And that will be the same, speaking of that, with the PS five and other things like that when they finally are able to exploit it. You know, a lot of people do it not because they are just dying to play this game they can't afford or something. It's because they're just dying to figure out how it works.

Ralph May:

Right?

Corey Ham:

Yeah. I mean, I it'll be really interesting to see what kind of, like, at least right now in security, there hasn't been much of, like, AI infiltration and and bug hunting in, like, the embedded space. Uh-huh. It'll be interesting to see how that evolves over time.

Ralph May:

Boy, it's gonna be a freaking bloodbath. All of

Corey Ham:

those things are and the worst. And all that stuff and, you know, like, protocol fuzzing and I mean, anything AI can I so yeah? I mean

Ralph May:

There was a recent fascinating. There was I don't know how necessarily it was it's pretty recent. Essentially, there was a vulnerability in some of the Bluetooth chips, right, that are used in headphones like the Apple Beats and some other devices. Bose, JBL, a bunch of stuff. Anyways, essentially, the vulnerability allow you to totally compromise these devices remotely because the interface for the communication was just not secured at all.

Ralph May:

And these chips were used and it was so bored.

Corey Ham:

So anyway is like the most dystopian, like, okay. This is the new version of listen to my mixtape. It's like, you're on a you're in a public space. And you're walking around with your headphones and this an AI agent hacks into your headphones and says, hello. It's like, please consider stopping by for some fudge.

Ralph May:

Yeah. You can send firmware updates unauthenticated to these devices. Oh. So, like, I mean, anyhow. But the

Corey Ham:

Dude, I thought SFTP would be a fully or sorry. TFTP would be a fully secure protocol for firmware updates on headphones.

Ralph May:

That's the thing. Bluetooth has its own there's two communication pro protocols that it uses for this. And if you select you in this particular case, they just didn't secure either of them. And so you could, you know, essentially communicate if you're close enough to them. But you could do other things like, you know, change the firmware, monitor what they're listening to, hear what they're talking about if they're on the phone, other things like that.

Ralph May:

So but the wild part is not specifically this model. It's the fact that these embedded chips get put across tons of different devices, and one of these embedded vulnerabilities could essentially affect a whole class of devices that are utilizing them. So I have a

Doc Blackburn:

question for the group here. I'm just wondering, of everybody that's here, do any of you guys actually, like, buy a product and use it for its intended use? Or do you guys just clone it or hack it or whatever? Yeah. I mean, it's like it seems like nobody here actually uses the thing that they buy the way it was intended.

Corey Ham:

It's like, how can we break it? No. It's because we only talk about the interesting ones that we don't use for their intended use.

Wade Wells:

Yeah. I don't wanna tell you about those. I don't want them hacked.

Fetus Postin III:

Alright? Like The answer is always, it depends. Yeah. It depends. What's my mood today?

Fetus Postin III:

Do I tell it as it works, or do I want it as it doesn't? What I was say I was gonna say,

Corey Ham:

to answer your question more seriously, I do intentionally avoid buying the smart versions of things if I can. If I if I if I have a choice of two, like a dishwasher that has Wi Fi or the same version without the Wi Fi, I would probably buy the one without the Wi Fi. You know what I mean? Like I'm still trying to figure out

Doc Blackburn:

why my microwave needs Wi Fi.

Corey Ham:

Yeah. That's just the one that understands. And so it can hot jogging the refrigerator until the stove turn on. It's now it turns cold. Cold.

Hayden Covington:

You turn it on. Warms up the house a little bit.

Wade Wells:

Nowadays, Wi Fi is behind. Right? You have to see if they have MCPs. That's what you wanna do. Right?

Corey Ham:

Like Yes.

Ralph May:

And your microwave needs an MCP.

Wade Wells:

Oh my gosh. I wanna be notified on my phone. Yeah. You piss photos

Corey Ham:

of my research. How to cook a hot pocket?

Wade Wells:

And then I wanted to go and start my laundry for

Corey Ham:

me all at

Wade Wells:

the same time. Alright? And I want the statistics and build a nice tribe that goes on there.

Ralph May:

As you're going down that road with Home Assistant, Home Assistant can connect

Corey Ham:

to some

Ralph May:

different things

Corey Ham:

Same. And then just

Ralph May:

throw the AI model in with that. Right? And then,

Corey Ham:

like Yep.

Ralph May:

You know, the the world's your oyster at that point. Like, all these, like, problems that used to be, like, rabbit holes, you would spend a whole day trying to get to work. You're just like, alright. Go fix that. And so but that dystopian world where you're asking it to do silly things, it could be soon.

Wade Wells:

Ralph Ralph just created Smart House. They just need 1990 Yeah.

Corey Ham:

I didn't do nothing. Ralph just built

Fetus Postin III:

a Grafana dashboard that he can look at for his entire thing through Grafana. Just looked at

John Strand:

Grafana all day long.

Fetus Postin III:

This is how my house is operating.

Ralph May:

I mean, I built I built a a gardening one. I put two cameras over a garden to watch my plants. I put QR codes above all, like, where the plants are so that the model knows what the plant is. It takes a photo, sends it back, and then just does the gardening for me. Says, hey.

Ralph May:

You need to do this. You need to do that. And it has control over the watering, and it has water sense meters so it can just watch the whole thing.

Wade Wells:

Oh my god.

Ralph May:

Get little status updates. I don't do anything. Status updates every day tell me what's going on. Looking Caterpillar detection. Caterpillar

Fetus Postin III:

snake out. We're good to go.

Hayden Covington:

So so doc just asked a minute ago, do any of us purchase or use things for their intended use? I just learned that Ralph is using plants in a weird way to cook

Corey Ham:

all things. Exactly.

Ralph May:

Well, so about growing a garden, we've got all kinds of vegetables and stuff in there, jalapenos, we've got tomatoes, all kinds of fun. So it's fun tokens? As well.

Hayden Covington:

Yes. I'm we eat as well. I'm growing cheese.

Corey Ham:

I can't I I mean, yeah. I I I don't know what the end result of all this will be. Like Yes. At some point, Ralph's gonna have some guy that just shows up to his house unbidden that says he was hired by AI to water the plants because AI is something broken. Doesn't that's going.

Corey Ham:

Hey. I was like,

Fetus Postin III:

he's gonna

Corey Ham:

I gotta find a workaround. I'm in a loop here. I can't stop until the plants are watering.

Ralph May:

Loop. I'm gonna run out of tokens, so I have to hire someone.

Corey Ham:

He's gonna start working something after delivering it to his door for

Fetus Postin III:

him. He's gonna have

Doc Blackburn:

to be He's be shuffling around in Kleenex boxes on his feet and foddling his own urine and stuff like that.

Corey Ham:

Yeah. Psychosis. Okay. So seriously though, you could, like, imagine being the AI agent being like, I've gone on your Amazon account and bought some upgrades for myself so I can better serve you.

Hayden Covington:

I mean, there there is a product now that, like, is almost like a managed Open Claw. Right? But they released some new feature called human. Like, it's their product name and then human. Oh my god.

Hayden Covington:

And then it can allow you to basically tell the agent to elevate that problem to basically a human operator, and then it will basically pass through charges to you, the user of that account. So you could tell it like, hey. I need you to place a to go order from this place and send it to my address. And then it just charges you the cost of that item, I guess, and it's part of that subscription service that

Corey Ham:

you paid for. We talked about rentahuman.ai on this show last night. Yeah. Well, let's we made fun of it back then. Now I'm already a paid customer.

Corey Ham:

No. I'm just kidding. Oh, yeah.

Doc Blackburn:

I'll move on to agentic AI when it finally says, hey. Good news, doc. I got a job. You don't have to work anymore. I'll I'll pay the rent.

Hayden Covington:

It's like and that's when

Doc Blackburn:

I that's that's AI for me.

Corey Ham:

That's condition for your while loop. Just say agent Mhmm. Loop until you can pay by rent. Otherwise, please don't do crime. Slash cool

Hayden Covington:

to get jobs.

Corey Ham:

Don't do crime. Have a I have a

Wade Wells:

reference to this back to the news article. Did you hear that Amazon is stop has stopped accept accepting customers for the Mechanical Turk?

Corey Ham:

Yes. I did see this. Shocker. For those that don't know what Mechanical Turk is, Mechanical Turk was designed not for this use case, actually. It was designed for the use case of AI training, actually, which is essentially, you know, they would basically have some outsourced low cost labor.

Corey Ham:

You say, look at 6,000 pictures of a hot dog and confirm or deny whether it's a hot dog. You know, I I guess did you actually fully read this, Wade? I'm why did did they say why?

Wade Wells:

No. They think they're they didn't really say why, but it feels like they're sunsetting it. That that's what it is. Okay. Over over the time, it's been out for a long time, and they said that service no new services have really come.

Wade Wells:

And with workers and researchers abandon it due to bots and fraud, right? Like, if they don't really know if it's a real person now, it could it could be an AI doing the job.

Corey Ham:

So you're saying it's

Doc Blackburn:

work that I rock.

Corey Ham:

Yeah. Oh my god. The workers can't be verified. They're like, how do we I mean, it seriously does create the whole, like, snake eating its own tail problem because it's like, okay. We have a bunch of workers claiming to be workers.

Corey Ham:

They're actually bots. But then what do we do? Do we hire workers to verify the workers or bots to verify the work like API?

Doc Blackburn:

Isn't this isn't this ironic that I mean, what's wrong with the checkbox on the website that says I'm not a robot? You know? I mean, did we

Corey Ham:

miss that? Just told you.

Fetus Postin III:

A minute. It's the inverse prove you're human. I'm gonna give you a complex equation exactly. Yeah.

Corey Ham:

I mean, that whole the captcha thing, like, I mean, we took a little bit touched on it a couple weeks ago, but it's like, how is the Internet gonna just straight up break? Because you have at this point, who is actually manually using the Internet all the time? Very few people. Everyone's using the Internet through an AI agent. How does that change with captchas and, like, you know, as that evolves, you have people like Ralph who are just having an AI agent buy their groceries.

Corey Ham:

So now all your captcha is a potential way to prevent or I guess that's Hayden that does that. That that basically, you having an AI agent, if it if there's a captcha, you are missing out on Prudential revenue. Right? You are like, if you require someone to buy and then, you know, the AI agents like, I gotta bypass this captcha. What do I do?

Corey Ham:

And, you

Ralph May:

know Yeah. Maybe maybe, like, verified agents. I think that might be something that goes through it. Like, you know, an agent that's tied back to an actual account as opposed Yeah. Just like, you know, malicious.

Ralph May:

Right?

Fetus Postin III:

It's the

Ralph May:

same with, like, your IP address. I mean, there's a lot of indicators to to tell that are inside of captcha that could kinda tell. And one of those you know, one simple one is your IP address. You know, if it's a residential, other things like that. It's not guaranteed.

Ralph May:

It's just like an indicator. And so they should probably they they will probably, to your point, Corey, because everyone's using it, use more of those indicators to figure out whether this is a legitimate agent doing a task or it's a illegitimate agent trying to, you know, harvest a bunch of stuff.

Hayden Covington:

And I'm curious how they're gonna factor advertisements into that. Right? Because as less and less people do the actual browsing, browsing just most websites now is horrendous. It's a terrible experience. There's 40 cookie notifications.

Hayden Covington:

There's ads everywhere that load in and out and move all the page content around.

Corey Ham:

Created this problem, Internet.

Hayden Covington:

Right. You created this. That's why I'm using Claude to Google things for me at this point. Like, you think I'm gonna go through all 40, like, sponsored results and look at Google's sponsored result, which is also full of sponsors? Like, screw that.

Hayden Covington:

Like, Claude's gonna do my people for me. Like, dude, sorry. So weird.

Corey Ham:

Alright. Let's do some quick fire. I know we only have about five minutes left. Actually, Before we do quick fire, let's have Felitus and Doc plug plug what you're here to plug. What you got going on in your lives that you're here to talk about?

Doc Blackburn:

Go, Feliz.

Fetus Postin III:

Yeah. As I said, preshow, not a ton going on. Most of my talks were pre summer. I've taken the summer off from a lot of things. I do have a YouTube channel.

Fetus Postin III:

It's just Feliz Post if you wanna see content. It's usually a lot of sadly, AI slop recently just talking to people about what they're doing and not doing wrong. Strong cyber defense. I do a lot of human centric, so I'd probably bring the human back into everything we're doing. So if you human centric security is something you care about, you'll probably enjoy some of my content.

Fetus Postin III:

Trying to make it out to summer camp. We'll see if I make it out there or not. Still looking for funding. So I'll set up a GoFundMe. You're welcome to send me out there.

Corey Ham:

Alright. Thank you. Doc, what you got going on? You have a pay what you can class. Right?

Doc Blackburn:

I do. I have a workshop going on on July seven seventeenth. Right? Is that what it says? I I should probably put this on the calendar.

Doc Blackburn:

It's it's a class on access control. We're just speaking about the Internet and trying to prove that you're not a robot and that you are a person and who you are and all of that. This class is all about that important stuff, about being able to verify people's identities, about, being able to authorize what people can do, and the accountability of now that they have the access, did they use it? When did they use it? Where weren't they when they use it?

Doc Blackburn:

Things like that. Now I am sure, because I know that a lot of the attendees to these newscasts yeah. You're like, oh, yeah. No. I know about all this stuff.

Doc Blackburn:

Yeah. Do you Do you really? And do you know how password cracking works? Have you cracked passwords yourself before? There are gonna be a lot of really cool things in this four hour workshop that a lot of people think that they know, and they're gonna find out that they actually don't know it.

Doc Blackburn:

And even if you're one of those people that, yeah, I know all that. I'm fine. Been there, done that, have the t shirt. Fine. Tell your friends.

Doc Blackburn:

I don't know about you guys. I know that everybody here in this group, you all know people that say to you, hey. You're in security. How do you get into security? I get asked that all of the time.

Doc Blackburn:

And one of the things that I've done over it's been about a year now that I've really been working on this is to get people the training that they need at a a price point that they can afford. And so pay what you can is a great model for classes like this. Tell your friends, tell your family members, those relatives, that kid that just graduated high school or college, tell them about this course. Because while I'm going to teach next level skills in the course, we assume no knowledge of technology when we start. We build up very quickly, But this class is for those people mainly who are looking to get into cybersecurity, they're trying to understand what those core concepts are.

Doc Blackburn:

And this is just one of several courses that I have. If you click that picture of me, I'll bet it takes my name right above it. It'll take you to a whole bunch of other classes, an introduction to cryptography class, introduction into networking, and how to think like a cybersecurity defender. So check out all of those classes. They're all very affordable.

Doc Blackburn:

They're all, I would like to say, very high level very valuable content. I know Phletus has seen the work that I do. Phletus, can you vouch for me and say, this shit's good? Is this good stuff?

Fetus Postin III:

Depends on the day, but yeah, most of the time.

Corey Ham:

Oh, wow.

Doc Blackburn:

I didn't pay you enough today. No.

Corey Ham:

Didn't pay me enough for this conference. Your agent your agent, your AI agent bid a little low on that.

Hayden Covington:

Yeah. I'm

Fetus Postin III:

still waiting on mortality to come in. It didn't get high enough before you asked the question. No. All serious notes, you will not go away without learning something new. No matter if you've been in the field one day or forty years, doc's going to share a nugget of truth that you'll take away.

Corey Ham:

Nice.

Doc Blackburn:

Thank you for this.

Corey Ham:

Alright. Some quick fires real quick because there were so many articles this week, we didn't get to everything, but there's some fun ones. First of all, hide my email, which is an Apple service, doesn't actually hide your email. What? That article kind of was a sleeper article, and there's no it's a four zero four media article.

Corey Ham:

There are no details as far as why or how the vulnerability works. Luckily, this isn't public. But essentially, they've reported this to Apple. Apple doesn't care or isn't fixing it or I don't know. But basically, this feature that's designed for one explicit purpose doesn't work for its design purpose fully.

Corey Ham:

Good job, Apple. A more quick fire. There was also a Palo Alto was being sued by a company that actually got attributed as a threat actor in an AI report, and then turns out there were falsely attributed. Ouch. And all their stuff was, like, basically blocked from the Internet.

Corey Ham:

This is actually like a crazy nightmare scenario. I'll link it if you want some nightmare fuel. Basically, company called Meeting TV has sued it after basically someone published them claiming an article claiming their Chinese corporate espionage operation, which apparently they're not, or at least they claim they're not. This is absolutely wild. If your AI agent hallucinates and attributes a threat to some entity that it's not attributed to super scary.

Corey Ham:

I don't know exactly what will happen with this. But, yeah, those are my last quick fires. Anyone else have any final quick fires before we shut shut this show down?

Hayden Covington:

I got one. I'm sure you know what it is. If you're using Fable on Claude, you better switch to something else before tomorrow at, like, probably tomorrow night. Because they're gonna pull it, and they're gonna start charging you usage tokens for it. And I think I ran one prompt on that, and it cost me $15.

Hayden Covington:

So I would not recommend you do that until they re add it to your subscription. Yeah.

Corey Ham:

Yes. We didn't even talk about it. It would have been twenty minutes talking about it. But, yes, the export controls are lifted. Fable, you have access.

Corey Ham:

If you're me and you ask Fable if an apple is the same as a potato, it'll say this has been flagged for cybersecurity reasons and you can't You know, like, literally won't have to it on

Ralph May:

mic. Sonic five came out.

Corey Ham:

Yeah. Sonic five is out and it's Probably not

Ralph May:

worth you even switching to be quite honest with you. It's the same. Lot of articles about it. It's not even it yeah. It's the same.

Ralph May:

It's more expensive. Essentially, so Wait.

Corey Ham:

Is it really?

Hayden Covington:

Yeah. I saw benchmarks that said that.

Ralph May:

It's more it's because of the tokenizer. It uses more tokens to do the same amount of work because it's better. So it's essentially just working harder, spending more money.

Corey Ham:

The pricing is the same, but it will cost you more because it uses more tokens.

Ralph May:

Yes. It will cost you as much as Opus. So but the bigger general thing that don't be surprised we're going to see as these models keep coming out is they're gonna somehow be more expensive every time. Every time. As opposed to

Doc Blackburn:

No way.

Fetus Postin III:

Yes. What an epiphany. What an epiphany.

Corey Ham:

They telling me that that graph only goes up into the right?

Hayden Covington:

Oh, it sure does.

Corey Ham:

Someone's got a picture of my

Wade Wells:

Once again, Ralph's local AI is just looking sweeter and sweeter. Alright?

Corey Ham:

That 40 k was money well spent. Alright. Alright. Thank you all for being here and thank you for attending. If you're in the audience, we'll see you next week.

Corey Ham:

I won't be here. I'm going on vacation, but I'm sure someone will be here on the show. So have fun.

Wade Wells:

I'm gonna call in sick.

Corey Ham:

Bye bye.

Ralph May:

Later, Murphy.