Mostly Security

Snow in Oregon! Eric refuses to buy a truck at 20%+ markup, Jon works on building a trebuchet. An old article about Advanced Persistent Manipulators, Twitter deploys an interesting 2FA "strategy," the largest breach of medical records so far in 2023, and the City of Oakland is still coping with their ransomware attack. For fun we have the "cheapest" way to space (so far) and the largest observed gathering of whales in potentially centuries. 0:00 - Intro 16:29 - Advanced Persistent Manipulators 20:13 - Twitter 2FA "Strategy" 25:02 - Regal Medical Group 27:57 - Oakland Ransomed 31:41 - A Perspective 35:41 - Krill Festival

Eric sits in the middle of a play and Jon laments over bees while the both of them watch sportsball for the commercials. Eric's sister chimes in with her review of the podcast and mocks his something fun from last week. For topics this week, walk through the process of decoding a UK Rail Ticket and opine on the FBI's use of Section 702. For fun, Eric talks about Open Source Seeds and Jon goes through the top 5 best Super Bowl commercials. 0:00 - Introduction 11:07 - Decoding UK Rail Tickets 16:00 - Section 702 23:58 - Open Source Seeds 29:35 - Top 5 Super Bowl Commercials

Eric visits the car show and Jon replaces a 17 year old entertainment setup. Ubiquiti Insider pleads guilty, the US secretly passed a medical cybersecurity law, 5 Guys is hit with BlackCat ransomware, and the ESXiArgs campaign enters a new phase. For fun we have a (shaken) new form of (space?) ice and a visual depiction of the dramatic reduction in working poor over the past 30 years. 0:00 - Intro 13:06 - Followup 15:59 - Inadvertent(?) Law 21:12 - 5 Guys Ransomed 23:54 - ESXiArgs 28:45 - Amorphous Ice 33:13 - Visual Capitalist

Eric roasts a chicken and watches a show...(booooring!) Jon reads some stuff without his brain, listens to a violinist, copies home movies, and forgets about this pesky thing called "time zones". Eric piles on LastPass' parent. Jon acknowledges AI assisted articles are an activity allowed and an adumbration of the demise of human authored advice. (Whew...) Also, update GitHub Desktop. Finally, Eric plays Snakes in HD and Jon and Eric argue (well, Eric mostly) over whether a Tractor Beam is just a different word for Gravity. 0:00 - Introduction 11:53 - GoTo lost the keys, too... 15:11 - AI Assisted Advice 21:04 - GitHub Desktop 24:15 - Snakes HD! 26:39 - Microscopic Tractor Beams

Eric's kitchen is (finally!) complete, and hell froze over as he bought a (Windows) PC. Jon gets to (finally!) hear Itzhak Perlman after the concert gets delayed since covid. Malware using Android devices to hack wifi hotspots, a VAST ad fraud takedown, and a financial transaction surveillance program that is (mysteriously!) still funded long after the settlement money has run out, providing multiple law enforcement agencies and departments unfettered access to transaction data without due process. For fun we have the Wonders of Street View and a non profit making high quality, public domain eBooks available to everyone. 0:00 - Intro 10:53 - Android DNS Hijacking 15:42 - VASTFLUX 23:09 - TRACing Everyone 31:13 - Street View Wonders 36:19 - Standard eBooks

Eric has a new car he admires from afar and revisits his Hash/Check app. Jon doesn't do much beyond reading and, something something, peaches. GTP3 takes away phishing indicators. AWS Cloudtrail IAM bypass exposed. Eric ponders poorly photoshopped cats and Jon appreciates shellsplaining... 0:00 - Introduction 10:56 - GPT3 Phishing Emails 17:51 - CloudTrail Bypass 24:38 - Poorly Phototshopped FTW 27:05 - Internet Cats 27:48 - explainshell.com

Eric has another fabulous week, and Jon ... also has a week. Eric's done with his Van Gogh Lego and both get to watch Harry Potter and the OR Symphony. Slack attempts to hide its breach disclosure from indexing, Apple isn't exactly transparent when it finds malware on a device, and an app to coordinate law enforcement agencies that exposed data about suspects, raids, and officers. For fun we have new learnings from JWST, the first ever bee vaccine, and a startup trying to use CRISPR to develop cell lines happy to live in bioreactors. Go Science. 0:00 - Intro 11:09 - Non-transparent Slack 14:54 - Silently Deleted 22:27 - SweepWizard Exposure 28:55 - Un-immature Galaxies 31:50 - Bee Vaccinated 35:28 - CRISPR "Meat"

The holidays are over and its back to work. Eric talks about using facial recognition to deny paying customers entry to entertainment and cheating your Tesla on the autobahn. Jon chats package oopsies with PyTorch updates and hacked Google Home devices. Eric finds science immitating art in the atmosphere while Jon makes ice cream and admires a really big bee. 0:00 - Intro 9:32 - No Rockettes For You! 14:13 - Autopilot on the Autobahn 19:01 - PyTorch Oopsie 23:16 - Hacking Google Home 28:42 - Real Termination Shock 32:58 - Ice Cream! 36:45 - Really Big Bee

Eric has a fabulous Christmas, and Jon's still without power. But both relish nerdly gifts. We learn more about the LastPass breach, men arrested for using hacked Ring doorbells to record (and taunt) police swat teams, a potentially huge data leak from Twitter, and TikTok verified to be tracking journalists. For fun we have printable binary posters and ultra thin solar cells. Happy new year everyone! 0:00 - Intro 13:03 - LastPass Data Breach 16:27 - Taunting while Swatting 22:14 - Twitter API Leak(?) 27:10 - TikTok Spying on Journalists 33:56 - Binary Posters 36:40 - Ultra Thin Solar

Gearing up for the break - Happy Holidays to All! Eric does some christmas light wardriving, Jon has a cookie party and has gifts delivered. Apple introduces new security features and Google encrypts some emails. NIST retires SHA1 and Apple fixes another zero-day. Eric rains on Jon's fusion parade and Jon relives 6 times his mind was blown. 0:00 - Intro 11:00 - Apple Security Features 16:29 - Gmail Encryption 18:26 - NIST Retires SHA1 21:02 - Apple Zero Day 23:44 - Why Fusion Will Never Happen 31:25 - Mind Blowing Quantum Physics

Eric and Jon prep for Christmas and Christmas Concerts; Apple may allow third party app stores, what happens when satellites are compromised, blind users of a medical implant left hanging when the company folds, and (hopefully) future end to end encrypted iCloud backups. For fun, a site about the satellites around earth and fusion ignition: more energy out than was put in. Happy holidays everyone. 0:00 - Intro 6:25 - YOU get an AppStore, and YOU ... 14:13 - Criminals in Space 19:16 - Second Sight Support Suffers 25:11 - E2E iCloud Backup 34:19 - Just a few Satellites 38:36 - Ignition, Fusion Ignition

Jon has a musical week, Eric decorates for the holidays. Android signing certs are compromised, LastPass breach continues and CrowdStrike blogs an attack on telecom companies. Launch Asteroids at Earth and check out the Pillars of Creation. 0:00 - Introduction 9:01 - Android Compromised 13:32 - LastPass Breach Continues 17:21 - Attack on Telecom Companies 25:18 - Astroid Launcher 30:45 - Pillars of Creation

Eric and Jon both have good Thanksgiving meals and breaks, Looney Tunes at the Oregon Symphony, and a recommendation for Glass Onion. iSpoof takedown in the UK, significant fines down under, and trusting your laptop to a repair shop may result in privacy violations. For fun we have a video teaching lockpicking to blind students, and Roal Road, an online portal for authors. 0:00 - Intro 13:00 - Glass Onion 14:39 - iSpoof No More 21:40 - That's not a Fine, this is a Fine 25:13 - Repair Shop Peeps 30:12 - Guelph in 72! 31:25 - Lockpicking Students 34:33 - Royal Road 36:40 - Path Of Ascension

It's Thanksgiving week in the US. More FTX nonsense. Apple's "privacy" is not what you think. Zeppelin ransomware keys. TwitterIsGoingGreat.com is exactly what you think it is. Chicken chicken chicken. Help for Honeybees. Mother Learning books. 0:00 - Intro 11:19 - FTX Nonsense 14:15 - Apple's "privacy" 21:24 - Zeppelin ransomware 26:35 - Twitter is going great 27:15 - Chicken chicken chicken 29:25 - Help for Honeybees 33:40 - Mother Learning

Eric and Jon both go on road trips, Eric goes stargazing, Jon fails to fix his mule. The FTX debacle continues apace, an "accidental" 70k lockscreen bypass bounty, a russian mobile software company masquerading as a US company, and 15k wordpress sites compromised to boost SEO for worthless Q&A sites. For fun we have minutia about the definition and measurement of time, and an AI model trained on scientific papers and textbooks.

Eric goes to a High School play while Jon plays with a laser engraver over a soggy weekend. Eric chats about MFA in Antarctica. Jon talks simple CVEs and order of operations. Web3 is still going great, FYI. Finally, check out a Submarine Cable Map online and decide for yourself if bees have feelings. 0:00 - Intro 0:53 - The Play That Goes Wrong 11:07 - Antarctic MFA 18:15 - Simple CVEs 23:47 - Cryptocurrency Fun! 30:56 - Submarine Cable Map 33:59 - Do Bees Have Feelings?

Halloween passes quickly this year; Eric finishes his kitchen magnetic board project, and Jon finally sets up the laser engraver. Three years later (was episode 70!) Amazon finally builds Eero into 5th gen Echo devices. An act may pass to help the government use open source software better, the FTC takes steps against Drizly CEO to enforce better security practices, and Android droppers found on Google Play. For fun, we have a nearly 2km long train in Switzerland and an obituary for Kathleen Booth, an early computer pioneer and inventor of Assembly Language. 0:00 - Intro 11:26 - Eero+Echo 12:25 - Securing Open Source Software Act 16:50 - Drizly CEO Ordered 22:27 - Android Droppers 27:22 - Not a Short Train 32:21 - Thanks for Assembly, Kathleen!

Jon's Fridge Saga Continues, Eric attends the Oregon AMS Winter Weather Conference. Passkeys are finally(?) here and GitHub Exploit PoCs should come with warning signs. Finally, check out Mark Rober's Squirrelimpics and Nikon's Small World. 0:00 - Intro 12:57 - Passkeys Are Here! 17:56 - GitHub PoC Exploit Fakes 25:43 - Squirrelimpics 3.0 27:51 - Nikon Small World

Jon enjoys Panic! and Eric goes to the pumpkin patch. Equifax uses their data to detect (and fire) the overemployed, a history of the Google Plasma Globe Affair, and how not to encrypt messages. Why some people are more attractive to mosquitos, and how to train a few hundred thousand brain cells to play pong. 0:00 - Intro 11:28 - Equifax Fires Overemployed 15:40 - Google Plasma Globe Affair 19:04 - Failed at Crypto 25:50 - Mosquito Attraction 29:48 - Dishbrain

Jon and Eric are in Texas, eating brisket. Eric's car insurance is about to spike and Jon's symphony visit takes a medical turn. Eric talks about Ikea Smart Lighting, Jon shares info on the US Airport Website hacks and Thermal Attacks for password discovery. Eric talks about Safer Nuclear Energy and Jon trolls Eric with "Fix Wasps". Finally, can CRISPR be used to cure HIV? 0:00 - Intro 10:54 - Ikea Smart Lighting 15:30 - Airport Websites Taken Down 17:30 - Thermal Attacks 22:55 - Safer Nuclear Energy 26:31 - Fig Wasps 31:14 - Cure HIV using CRISPR