Mostly Security

Eric travels for Thanksgiving and Jon goes there and back again. Adversarial ML against LLMs, whether generated code is secure (it's not), the demise of a Crypto Drainer, and a complaint against Meta's new policy of pay-us-so-we-don't-track-you. For fun we have the California Railroad Museum and a video explaining just how Apple's Thunderbolt 4 USB-C cable can cost $130 (with CAT scans!). 0:00 - Intro 7:16 - LLM Adversaries 8:11 - Generated (In-)Security 14:58 - Inferno Drainer Demise 17:43 - Meta "Privacy Fee" 22:04 - California Railroad Museum 25:50 - Thunderbolt 4 CAT Scans

Happy Thanksgiving Everyone! Eric goes to visit family in California, Jon does a lot of driving and preemptively eats pumpkin pie. Fidelity National Financial has an ooopsie. Something something OpenAI something something. Binance is fined despite not being a US company. Eric takes the family to see the aftermath of the Oroville Dam and Jon explores the volcanic Io. 0:00 - Introduction 7:55 - FNF Oops 11:40 - Open AI had a strange week 14:56 - Binance Fines 20:01 - Oroville Dam 23:41 - Volcanic Io

Jon constructs and Eric cleans house. Let google send your spam, bipartisan (??) surveillance reform bill, and how AI may change democracy. Quantitatively adults have better attention spans now than 30 years ago, and you should read Seth Ring's novels (start with the Titan series). 0:00 - Intro 10:41 - Quiz Spam 15:32 - Surveillance Reform 21:27 - AI for Democracy 31:44 - Better Attention 35:10 - Seth Ring (Terra Nova)

Eric wrote some code and was reminded what "at the speed of government" means while Jon did some travel and acquired discount Halloween candy. Google introduces a real-time code analysis for side-loaded Android apps and Krebs drops some education on how criminal reshipping services work. Eric suggests you check out neal.fun again while Jon avoids fun for a landmark real estate ruling. 0:00 - Introduction 8:11 - More Android Security 15:04 - Criminal Reshipping Services 25:23 - Neal.fun Internet Artifacts 29:14 - Real Estate Verdict

Eric hobnobs with forecasters and Jon has an Electrical Mystery. How Kaspersky intercepted 'Operation Triangulation', Apple's new iMessage contact security, what if YouTube just used the tag, and maybe Microsoft shouldn't be putting 'generative AI engagement polls' next to *all* articles. For fun we have the wild flavors of Coke Creations, and the first CRISPR treatment (for sickle cell) is up for FDA approval Dec 8th. 0:00 - Intro 15:07 - Triangulation Interception 21:05 - Contact Key Verification 24:31 - 32:32 - AI Poll 40:31 - Coke Creations 43:50 - Exa-cel up for FDA Approval

The rains have returned, Eric's Electric Car Experiment continues, Jon eats weeds and becomes tired. Despite an Oktaober event, 1Password is ok. IOS (the other IOS) has some issues to work through. A Space Winnebago is looking for a reentry permit from the FAA and Jon wants to buy some uncomfortably cool chairs. 0:00 - Introduction 9:00 - Okta-ober Suprise 12:35 - 1Password is Ok 15:11 - IOS XE Ooopsie 21:20 - Space Winnebago 30:14 - Chair Trek

Eric gets a car and Jon doesn't quite get into an AirBnB. Sourdough and roast failures. Virtual gaming company hacked via Discord, a part time DJ selling fake or unqualified airplane parts, and Slack's Google Drive integration allows information disclosure. For fun we have roll your own ambient audio (chaos!) and a Marsquake that didn't come from asteroids. 0:00 - Intro 14:35 - Shadow Discord Hack 20:06 - Fake Airplane Parts 24:06 - Slack's Drive App 28:43 - Ambient Chaos 32:10 - Marsquake!

Eric gets some 100 year old sourdough starter and Jon gets an oboe fixed despite the Jason mixup. Microsoft reveals more on a CVE. Have you been squatted? Here Come the Passkeys! Confluence gets a perfect score. Cloud providers weather a DDoS. Eric reveals some astroid dust while Jon goes to watch an eclipse. 0:00 - Intro 9:24 - Microsoft Stuffs 10:24 - Have I Been Squatted? 12:33 - Here Come the Passkeys! 15:17 - A Perfect 10! 19:17 - HTTP2 Rapid Reset DDoS 22:42 - OSIRIS-REx Reveal 27:22 - Annular Solar Eclipse

Eric crochets and Jon ... doesn't. Deep fakes of Hanks, Gayle King, and Mr. Beast, Google to enforce eMail security standards to send to gMail users, and highs and lows of reproducing a tricky zero day in the libwebp library. For fun we have the Nimbus EV -- a small three wheeled, two seater electric vehicle and the Nobel Prize in Medicine is given to Karikó and Weissman in recognition of their mRNA work that led to the covid vaccines. 0:00 - Intro 9:32 - Fake Hanks Teeth Shills 14:38 - Google to Enforce Mail Standards 26:13 - WebP Zero Day 33:48 - 3-Wheeled Chariot 40:59 - mRNA Nobel

Eric goes on a trip to Chicago while Jon drops in at College. Complicated hotel scam and new security features in Windows 11. Eric checks in on OSIRIS-REX and Jon talks about non-Bee Bees. Finally, from the Mostly Security Book Club: We Are Bob and Warbreaker. 0:00 - Introduction 15:06 - Hotel Booking Scam 20:07 - Win11 Security Features 30:01 - SPACE! 32:41 - To bee or not-to-bee... 36:08 - We Are Bob 38:25 - Warbreaker

Eric wins the Oregon Zoo Volunteers Cornhole Tournament and Jon visits the Tillamook Forestry Center. A Linux malware was served for more than 3 years without notice, food companies battling Mexican label requirements, stopping trains by playing three tones, and identity theft from 1965 discovered by facial recognition. For fun we have inverse vaccines (!!) and the obit of a Bletchley Park codebreaker. 0:00 - Intro 11:21 - Linux Malware 14:36 - Kellogg's Nutrition Label War 20:51 - Radio-stop Polish Trains 23:33 - Long Term Identity Threat 26:06 - Inverse Vaccine 28:39 - Margaret Betts

Jon spends the weekend waiting for the fence guy, Eric watches a movie. The International Criminal Court at the Hague will prosecute cyberattacks. Microsoft blogs a bit about Storm-0558. Eric finds a really fast EV and Jon discusses fluid dynamics. 0:00 - Introduction 8:50 - TMNT: Mutant Mayhem 12:15 - Cyberwar and the ICC 16:21 - Storm-0558 25:09 - 0 to 100km/h in less that a second 29:04 - Bottle Flip Physics

Jon goes fishing and Eric potlucks. The Momas (meals) and the Papas (pals) both have security problems of different sorts. The government goes on a Duck Hunt to shut down QakBot. For fun we have the New York Times word game 'Connections' and a new method to create adult stem cells by resetting the epigenome. 0:00 - Intro 13:40 - Mom's Meals 17:29 - Papa's Pals 22:09 - Duck Hunt 29:12 - Eric Fun 33:16 - Jon Fun

School is back in session! FYI - kites won't fly without wind. Cryptocurrencies continue to make the news for all the wrong reasons and credit companies skirt the law with your personal data. Eric (might) like Open Range while Jon ponders whether insects feel joy and pain. 0:00 - Intro 13:13 - Crypto Startup loses 40 million 17:11 - SIM Swapping for Money 22:41 - Doxing for pennies... 30:11 - Open Range 34:11 - Do insects feel joy and pain?

Eric goes camping and Jon repairs his dishwasher. Apple is supporting California's right to repair law, the UK may outlaw end to end encryption and companies are threatening to remove features for residents (see Facebook vs. Canada), and Canary Tokens are awesome. India lands on the moon and you should see the movie Your Name! 0:00 - Intro 10:26 - Apple supports Right to Repair 17:12 - UK Tipping Point 21:15 - See: Canada+Facebook 23:21 - Canaries For All 30:02 - Chandrayaan-3 Lands 32:38 - Your Name

Eric spends 3 times as much to make better rotisserie chicken than Costco while Jon educates on bees and saves some hydrangeas with a couple trips to Lowes. The CSRB looks at Microsoft, Canon printers and Teslas have something in common, great profile of Window Snyder, and Colorado schools lose some data. Eric remind Jon about TV shows and Jon finds a fort off the coast of India. 0:00 - Introduction 8:51 - CSRB + Microsoft? 11:55 - Canon Printers... 14:30 - ...and Tesla 15:52 - Window Snyder 19:18 - Colorado... 22:25 - Foundation Season 2 25:52 - Murud Janjira

Eric and Jon return from (mostly driving) trips. Eric visits Crater Parks. A settlement for the family of Henrietta Lacks, and no immediate relief from app store fees. Second hand experience of a bank scam, and the most accurate acoustic side channel attack yet. For fun Eric visits Craters of the Moon (and Crater Lake), and an internet superconductor validation race. 0:00 - Intro 11:38 - Lacks Settlement 15:50 - No App Store Relief 19:19 - Sophisticated Scam 25:53 - Acoustic Attack! 32:20 - Craters of the Moon 36:35 - LK-99

Jon and Eric are both out this week - enjoy a look back at a few of their favorite Something Funs! 0:00 - Introduction 0:47 - Bees Survive Notre Dame Fire 2:05 - Fake Good News 4:09 - Where's Waldo 5:20 - Those Damming Beavers 8:47 - Hidden Heroines of Chaos 14:05 - Nikon Small World

Eric at the Night Market and his Schrödinger rotisserie; Jon at the coast. Microsoft makes useful logs more available, the SEC will require breach notifications within 4 days on an 8-K, and the JumpCloud breach is attributed to North Korea. For fun we have Red Rising book 6, and the space strategy game Stellaris. Enjoy! 0:00 - Intro 6:58 - MSFT Expanded Logging 9:17 - 8-K Breach Disclosures 13:21 - JumpCloud DPRK Link 18:45 - Jon's AI Experiment 23:43 - Red Rising book 6 26:27 - Stellaris

Eric is tricked into seeing part one of a movie and plans a baseball trip. Jon does pickles. Look for the US Cyber Trust Mark soon! Is your VM licensed for Java? AI summarizes an article with a few hallucinations. Eric enjoys romance novels and Jon hunts neutrinos. 0:00 - Introduction 12:18 - Brisket Saga Followup 13:30 - US Cyber Trust Mark 18:58 - Java Licensing Shakedown 22:54 - Government Backed Hacking 29:43 - Yumi and the Nightmare Painter 34:08 - Sparse Convolutional Neural Network Fun