Mostly Security

Eric returns from Disneyland and Jon goes back to Corvallis. iPhones could potentially be attacked even when turned off, executives also use bad passwords, and protocol downgrade attacks abound. For fun we have the world's most inconvenient convenience store, and a way to trick your brain into understanding more of what you read. 0:00 - Intro 15:28 - Eric Topic 21:00 - CEO Passwords 25:11 - Correct Horse Battery Staple 26:15 - Protocol Downgrade Attacks 36:18 - Inconvenient Convenience Store 39:15 - Bionic Reading

Eric visits a few states, Jon has a pleasant Mother's Day and they both watch Dr. Strange. A little Patch Tuesday followup, some notes on credit card stealing as a service (CCSaaS), a "Delete All The Things" malware making the rounds and another cryptocurrency hack. Eric chats about his favorite Google IO announcement and Jon shares thoughts on steganography. 0:00 - Intro 7:12 - Patch Tuesday 10:38 - CCSaaS 12:27 - F5 BIG-IP Vulnerability 14:37 - Cryptocurrency Hack 20:46 - Google IO 28:28 - Steganography

Jon and Eric are both on the road this week. Dead whale on a Washington beach reminds us of the famous Oregon video (see link!). Followup on the mite killing fungus, and Pegasus spyware on Spain's PM's phone. Security.txt is official, Microsoft security tips, Chrome 101's security bounties and auto password changes (old, oops!). For fun we have the oligopoly of pop culture, a floating anvil, more about breeding bees, and an asian giant hornet update. 0:00 - Intro 15:49 - Exploding Whale Video 16:41 - Biological Weapons 17:17 - Pegasus Followup 21:16 - Security.txt 25:35 - Microsoft 10 tips 29:00 - Chrome 101 Bounties 32:06 - Chrome Auto Password Changes 35:24 - Pop Culture Oligopoly 40:39 - Floating Anvil 42:12 - VSH Bees 50:16 - Asian Giant Hornet Update

Jon's doing more experiments with bees. Eric goes on another roadtrip. Psychic Signatures in the latest Java, a Super-sized HTTPS DDoS attack, and some chat entertainment. Eric's boy suggests the Astronomy Picture of the Day, Eric grudgingly admires Classic Mac running in a Browser and Jon looks forward to bee fungus. 0:00 - Intro 11:30 - Psychic Signatures 17:21 - 15.3 million requests per second 22:42 - Leaked Lapsus Chats 31:35 - APOD 32:19 - Classic Mac in a Browser 35:15 - Fungus for Bees

Jon gets his new bees and Eric preps for upcoming travel during the Easter weekend. Amazon's log4shell hotpatch made things worse (!!), what to do about mis- and dis-information, an IoT company attempts to perform a vanishing act, and data about exploited zero days in 2021. For fun we have a newly discovered stellar phenomenon: a 'micronova' and a show that started slow and ended (season 1 at least) well ... Severance. 0:00 - Introduction 15:06 - Fixing the Hotpatch 20:20 - Mis- and Dis-information 30:55 - Insteon Vanishes 36:11 - Exploited Zero Days in 2021 45:26 - Micronova 47:00 - Severance

Snow in April. Uh, what? Jon hires an electrician and Eric replaces smart plugs. Eric notes that Apple is finally catching up to Microsoft and Google, but not how they might want. Jon chats LOOPBins, Patch Tuesday goodness and ICS Toolkits. Eric feels bad about Ohm. Jon watches a show and admires a comet. 0:00 - Intro 15:33 - Patch your Apples 19:55 - LOOPBins 24:47 - Patch Tuesday 28:18 - ICS Toolkit 32:59 - Ohm 36:31 - Severance 38:09 - Really Big Comet

Jon is out of commission for a couple of days, but his bees are doing well! Eric is reading, playing with a new Pixel 6 and frustrated with Southwest Airlines (lack of) good password management. GitLab has a static password 'oops', Mailchimp is compromised and phishes crypto holders, and the FBI & DOJ take down a GRU Botnet. For fun we have potential future fluid telescope lenses, The Princess Bride in concert, and a new way of dating buried stone tools. 0:00 - Intro 16:38 - GitLab Static Password 19:44 - Mailchimp Compromised 24:56 - GRU Botnet Takedown 29:21 - Fluid Telescopes 32:36 - Princess Bride + Oregon Symphony 36:34 - Cosmogenic Nuclide Isochron Method

Eric rides a bike and eats a burger. Jon eagerly awaits bees. A few follow ups to Okta, Lapsus, Cryptocurrency losses and a Ukraine hacker. The FBI goes after BEC scams, Exxon mines bitcoin with excess gas, forged Legal requests and a new exploit, logo pending. Eric find CRISPR cows interesting and Jon is looking forward to buying books in the Kindle app. 0:00 - Introduction 10:03 - More Okta 11:09 - Lapsus Mastermind 13:01 - $625 million more... 14:22 - Ukraine Hacker 17:35 - FBI BEC News 19:05 - Excess Gas Bitcoin Mining 21:39 - Forged Legal Requests 29:12 - Spring4Shell 34:22 - CRISPR Cows 37:04 - Apple Reader App News

Jon's on vacation in New Mexico (?) and Eric does Many Mundane Things. Exotic Lily was an IAB for Conti, how to make phishing even harder to detect with browser-in-browser popups, Germany warns against Kaspersky use, and Okta is breached by Lapsus$. For fun we have 9 lines to represent all of physics, a da Vinci exhibit at OMSI, and Mesa Verde National Park.

p>Eric finishes a big book, went to a concert and resurfaced his garage floor. Jon went to the Symphony and ordered some Bees. Risky Biz is joined by a favorite cybersecurity writer, Nvidia "hacks back" and more cryptocurrency is lost to software bugs. Jon chats about a Russian CA and some Node sabatoge. For fun, Jon finds Ernest Shackleton's ship and Eric is excited about Daylight Savings news. Ed. Note: Eric is well aware the Earth revolves around the Sun and not the other way around. He was tired. 0:00 - Intro 12:53 - Risky Biz Bonus 14:04 - Nvidia Hacks Back 15:34 - Math is Hard 17:56 - Russian TLS CA 22:01 - Node Madness 26:43 - Oregon Chorale 27:34 - Daylight Savings??? 30:36 - Endurance 35:26 - 1917

Eric attempts a St. Helens visit and plays with IR filters, while Jon is going to a concert (!!). Google's TAG releases an update about Ukraine related activity, NVidia gets an "interesting" blackmail request from their breach, and NVidia code signing certs are seen signing malicious software on VT. For fun you may soon be able to buy a Purple Tomato, a non-Brandon Sanderson book kickstarter (by Will Wight), and the east coast may be taken over by palm sized flying spiders. Yay.

Eric goes to the Auto Show, Jon didn't build anything or break anything. Eric checks in with Printer Security and Jon chats about security topics related to Ukraine. Eric promotes a couple videos explaining Wordle Information Theory and then proceeds to ruin Jon's fun. 0:00 - Intro 10:23 - Last Day 11:03 - Printer Security 16:25 - FoxBlade Malware 19:00 - Conti Leak 27:53 - Wordle Information Theory 29:11 - The Correction 30:35 - Eric Ruins Jon's Fun

Jon resurrects his pellet grill (with help) and Eric prints components for his security system. Is Immersive Art new, and art? 1Password hooks up with Phantom wallet, NIST initiates cybersecurity labeling programs, and watch out for phishing in Teams. Wordle is (evidently) fun, and please don't use pixelation as a redaction technique. 0:00 - Intro 19:21 - Immersive ... Art (?) 21:20 - Phantom + 1Password 25:09 - Cybersecurity Labeling 29:07 - Phishing Teams 34:52 - Wordle Fun 38:47 - Pixelation Unredactor

The Super Bowl came and went, Eric watched a concert 800 miles away and Jon worked on the farm. Check in with the Red Cross hack, another company doing facial recognition for login, a football team gets ransomwared, an attack led by a Modified Elephant and using BGP to hack crypto wallets. Eric likes Suspicion and Jon drops a crypto presentation and wonders where Webb is. 0:00 - Intro 9:28 - Red Cross Hack 13:45 - More Facial Logins 16:02 - 49er Ransomware 18:30 - Modified Elephant 22:46 - Crypto BGP Hack 27:21 - + Suspicion 31:59 - Graybeard Talks Crypto 35:06 - Where is Webb?

Jon is lazy-ish and Eric has a day at the coast. The IRS backs down from their facial recognition login, Subaru and Kia disable telematics in Massachusetts, the people allegedly behind the Bitfinex hack in 2016 are arrested, and Microsoft disables an install protocol handler being abused in the wild. For fun we have Valentine facts from around the world and a new polymer that's stronger and lighter than steel. 0:00 - Intro 11:06 - Just use login.gov 14:23 - Look MA, no Telematics 19:34 - Bitfinex Thieves 24:23 - MSIX Protocol Handler Disabled 30:42 - Fun Valentine Facts 36:09 - Novel Polymerization

Eric discovers much travel in his future, Jon shares Terrible News. The White House Website shares thoughts and provisions on government networks. Ransomware takes on the Oiltanking in Germany and Hospitals and Heath Care Facilities in the US. Eric looks between the couch cushions for money to send something into space and Jon attempts browser inception. 0:00 - Intro 13:21 - OMB Zero Trust 22:32 - Oiltanking Ransomwared 25:38 - Ransomware Internal Messages 31:57 - Send Stuff To Space 35:27 - webvm.io

Eric and Jon enjoy the (brief) respite from Oregon Winter Rain. Github enables second factor via push to mobile app, a 12 year old Linux privilege escalation, vulnerabilities in the Winter 2022 Olympics app, and remote controlling Tesla car functions via API keys. For fun a high schooler making circuits in his garage, and did you know McDonald's is a Real Estate company? 0:00 - Intro 14:02 - GitHub Push as 2nd Factor 19:47 - Linux Policy Kit Priv Esc 23:50 - Olympics App Vulnerabilities 29:36 - Teslamate 37:15 - Garage Chips 42:37 - McDonald's As Real Estate

Jon vaporizes some expensive bees, Eric creates an icon and is therefore serious. Cyber-Snow Days for Schools, Red Cross is hacked, Russia arrests some hackers and Ukraine has some PCs wiped. Eric's fun is Web3 and Jon's fun is new data on MS. 0:00 - Intro 9:56 - Out with snow days, in with cyber days 12:54 - Red Cross Hack 16:05 - REvil Arrests 20:27 - Ukraine PCs wiped 24:31 - web3isgoinggreat.com 28:42 - MS Discoveries

Eric returns from a wedding and Jon tidies up the apiary. A developer sabotages his own NPM packages, threat actors sending USB devices in disguise, and ransomware in the hardware. For fun, we have navigation by fish, public domain day 2022, and evidence of how lightning begins. 0:00 - Intro 16:23 - Dev Corruption 21:06 - USB in the mail 24:11 - iLOBleed 33:34 - Fish Drives Car 36:52 - Public Domain Day 2022 39:06 - How Lightning Begins

Happy New Year! Jon and Eric chat about cliché resolutions followed by log4j penalties. Eric softballs up a chrome note, a pixel 911 issue and an unlikely HomeKit crash. Jon talks about cryptocurrency contract bugs. Eric moves on to a serial brain and Jon drops a Cars reference while talking about tractors. 0:00 - Intro 9:52 - More Log4J Goodness 12:22 - Chrome Updates 14:00 - Pixel Updates 16:05 - HomeKit Crash 18:58 - Leon Spacewalker 27:24 - Your Brain 30:55 - Autonomous Tractors