Informações:
Sinopse
Jon and Eric have worked in the security space as developers, architects and leaders for more years than they care to count. At some point Jon said, "we should do a podcast", and here we are. From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job. From beekeeping adventures to hiking mountains to shows on Netflix, there's always something fun to wrap up the show.
Episódios
-
212: Medicinally Speaking
01/01/2022 Duração: 47minEric and Jon are enjoying a bit of downtime over the holiday; the JWST was launched successfully, and you might not realize "encouraged" meant "required" in China. More Log4J followup, Shutterfly hit with ransomware, phishing for stock info, and building automation systems attacked. For fun we have self replicating xenobots (what could go wrong?) and potential vaccines for addictive substances. 0:00 - Intro 1:10 - James Webb Launch 15:17 - "Encouraged" 17:22 - CISA Alert 21:28 - Shutterfly Ransomwared 26:37 - Phish to Market 30:39 - Building Automation System Hack 38:09 - Self Replicating Xenobots 41:32 - Opiod Vaccines
-
211: I'm Exploiting Them Myself
24/12/2021 Duração: 46minHoliday prep and Jon is easily distracted all episode without any help from Eric. Spiderman is seen in the theaters and Eric's height changes by a couple inches. Money is stolen for Bitcoins and IoT Honeypots distract Jon. IAM is still hard and Jon updates on the Log4j issue. Eric wonders how fast the universe is expanding and Jon talks about touching the sun. 0:00 - Intro 12:01 - Money for Bitcoins 14:55 - IoT Honeypots 23:04 - IAM is Hard 26:11 - Log4j Part 1 29:02 - Log4j Part 2 - Happy Holidays! 35:34 - Universe Expansion Rate? 40:39 - Touch the Sun?
-
210: Forest Of Uniform Trees
18/12/2021 Duração: 52minEric and Jon are ready for the Holidays. Apple releases an Android app (!!?), NPM expunges discord stealing packages, Log4Shell is the vulnerability of the week (year??), and reverse engineering NSO Groups zero click iMessage exploit. For fun we have the forgotten Heroines of Chaos, and linking increased rates of dementia to noise pollution. 0:00 - Intro 11:10 - Tracker Detect 13:51 - Discord Token Stealers 17:59 - Log4Shell Part 1 27:38 - Log4Shell Part 2 30:30 - NSO Zero Click Reversed 42:03 - Hidden Heroines of Chaos 47:04 - Dementia Linked to Noise
-
209: It's A Good Unit
10/12/2021 Duração: 38minEric sleeps, reads (and listens) to books and gets holiday'd up; Jon decorates with Star Trek ornaments. Eric talks about how Apple AirTags are marking cars to steal and Jon shares articles on government playing offense and defense in cybersecurity. Eric shares the story about a Graphing Calculator and Jon talks about seeing back in time to 50 million years after the Big Bang. 0:00 - Intro 10:24 - AirTags for Theft 15:43 - Offensive Cybersecurity 18:46 - Defensive Cybersecurity 23:42 - The Graphing Calculator 29:28 - James Webb Telescope
-
208: Bee Spit
04/12/2021 Duração: 54minEric has a traditional Thanksgiving, and Jon disappoints Eric with cold pizza. What exactly is Fake Honey? REvil associate found in Barnaul, should IT remain a separate business function, the Ubiquiti hack from an insider, HP releases a patch for wormable bug, and the internet truly is held together with (bee) spit and baling wire. For fun Eric visits Golden Spike National Park, and Jon shares what may be the cause of death by sleep deprivation. 0:00 - Intro 10:15 - Fake Honey? 11:32 - Netflix Show 15:32 - REvil Unmasked 17:50 - Get Rid Of IT? 19:28 - Ubiquiti Trusted Insider 26:05 - HP Wormable Printer Bug 29:53 - Spit and Baling Wire 39:09 - Golden Spike National Park 42:35 - Yelp Review Posters 45:52 - Sleep Deprivation Kills
-
207: Leave The Audio Running
24/11/2021 Duração: 42minEric and Jon share thoughts on Wheel of Time, Dune and other media. Eric goes to grandma's house and Jon goes camping for Thanksgiving. A Zelle Scam, a GoDaddy WordPress breach and an NPM Flaw. Eric shares a little family history and Jon chats about Chainsaw (but not that kind of chainsaw). Then things get a little loopy while discussing Right Whales. 0:00 - Intro 13:14 - Zelle Scam 20:32 - GoDaddy Data Breach 24:41 - NPM Flaw 30:29 - The Peach City 34:15 - Chainsaw 37:33 - Right Whales 40:40 - Tahora Tracker
-
206: Never Trust The Client
20/11/2021 Duração: 41minConcerts are back, and movies are good. Jon almost (?) breaks down and buys a car. An FBI site allows anyone to send an email from the FBI, the head of Instagram gets his account memorialized, and Emotet is back. Two things can be true: solar and vegetable farming. An amazing visual of the size of space, and editing audio and video by selecting and editing text. 0:00 - Intro 10:36 - Red Notice 19:32 - FBI Email Gateway 23:32 - In Memoriam 27:42 - Emotet is Back 32:38 - Solar Energy Vegetable Farming 36:13 - The Size of Space 39:42 - Edit audio and video by text
-
205: Do You Know The Word "Yeet"?
12/11/2021 Duração: 39minJon drives a Ford and Eric is Jealous. Eric and Jon talk about ransomware reward money and a botnet. Eric goes and visits the only vertical street in North America and plugs his WiFi Check app. Jon wants to yeet stuff into space and butchers the french language discussing a really, really, really, really, really, really old company. 0:00 - Intro 10:16 - Ransomware Reward Money 13:49 - Meris Botnet 17:47 - Revil Ransomware 23:29 - Oregon City Municipal Elevator 27:37 - WiFi/Check 28:53 - Spinlaunch 35:07 - Bazacle
-
204: Scramble Of Letters
06/11/2021 Duração: 53minEric fights water and Jon finishes his hay feeder. Eric watches Dune a second time while Jon holds to his principles. NSO added to export ban entity list, 2FA bots are on the rise, CISA releases a registry of known exploited vulnerabilities, and the Trojan Source vulnerability may or may not matter. For fun -- did you know DOS was still a thing? Listen to Disturbed's Sound of Silence, wireless electric car charging, and a detailed toxic map of the US. 0:00 - Intro 7:47 - Hay Feeder 12:22 - NSO on Entity List 17:04 - 2FA Bots 22:59 - CISA Registry 28:19 - Trojan Source 34:06 - Trojan Source Rebuttal 38:17 - LiveWired Followup 39:23 - Dune Screenplay Author 41:59 - The Sound Of Silence 43:56 - Wireless Car Charging 47:41 - ToxMap
-
203: An Episode Of Tangents
29/10/2021 Duração: 46minEric goes driving, Jon builds a feeder. 007 Spoilers. GPSd loses 1024 weeks. Docket enumerates Covid records. Email providers DDOS'd. Petrol Station Ransomware. Eric is happy to see Dune, Part Two greenlit and Jon shares a Chainsaw CNC video and fascinating details about Brains. 0:00 - Intro 15:43 - GPS -1024 19:51 - Docket COVID Security 25:26 - Email DDOS'd 28:37 - Petrol Ransomware 33:05 - Dune, Part Two 36:01 - Chainsaw CNC 39:12 - Amazing Brains
-
202: Elf Miner
22/10/2021 Duração: 47minEric and Jon go to the movies. Jon gets stung in the face. An open source tractor?!? Check your biometric logins, a phishing attack against Coinbase, more NPM package coinminers, and the largest Deepfake voice fraud yet. For "fun" we have micro plastics, Cloud Cuckoo Land, and dinosaur shrimp. 0:00 - Intro 10:11 - Jon's Eye 13:21 - Open Source Tractor 15:22 - Check Biometrics 17:35 - Coinbase Phishing 25:41 - Malicious NPM Packages 28:07 - Deepfake Voice Fraud 28:42 - Episode 91 Link 33:45 - Micro Plastics 38:04 - Cloud Cuckoo Land 41:45 - Triops Emerge
-
201: Hang With Some Aliens
16/10/2021 Duração: 33minPeople actually still got their news despite the Facebook downtime and there's still something funny about a shaved alpaca. Eric talks about web site hacking and Jon shares his thoughts on SMS spam from hacked routers. Eric finds a couple planets and Jon find a math problem. 0:00 - Intro 11:00 - What to do with Facebook down 12:03 - NSA's ALPACA recommendations 15:12 - Missouri takes on "hacking" 20:08 - Routers that do SMS go boom 25:16 - Space! 27:40 - Math!
-
200: Don't Look A GriftHorse In The Mouth
09/10/2021 Duração: 51minEric's furnace is fixed, and Jon ekes forward the x-carve project. Quite the "quiet" week this week. The GriftHorse pun was right there, Twitch is doxed, Facebook blows their 9's, and Apple and Visa do not agree. For fun, images of a Mercury flyby, life advice from nerds, and defunct hyper compound eyes. 0:00 - Intro 14:48 - GriftHorse 20:02 - Twitch Dox 23:22 - Facebook Outage 34:30 - Apple Pay Visa Vuln 39:28 - Mercury Flyby 42:11 - Life Advice 47:20 - Hyper Compound Eyes
-
199: The Safety Was Engaged
02/10/2021 Duração: 36minEric is lazy and gets really cold, Jon fixes his CNC and gets his roof done. Tracking autodiscover websites, following bots that steal 2FA, scouting masked emails and chasing zero-day details. Eric ❤️ Van Gogh, Jon ❤️ justified text. 0:00 - Intro 15:36 - Autodiscover Followup 17:49 - Telegram Bots Stealing OTP 20:55 - 1Password+Fastmail=Private Emails 23:24 - Record Zero-day Hacks 28:31 - Van Gogh Art 31:46 - Super Metroid, Justified
-
198: To Our Surprise
25/09/2021 Duração: 45min(Anything *but* surprising ...). Eric and Jon are both excited about the rain, for different reasons. And a lot of "Security Bites (or Bytes)" tonight. A lock screen bypass, how to go passwordless, Facebook being evil in multiple ways, and an Autodiscover credential leak. For fun we have converting light to matter and a very hopeful look at the cost (or incredible, potential lack thereof) of a rapid transition to renewable energy. And a couple of book references along the way. 0:00 - Intro 11:59 - iPhone Lock Screen Bypass 14:03 - Passwordless Microsoft 17:07 - Facebook Blocking Watchdogs 20:33 - Project Amplify 21:36 - Autodiscover Leak 30:50 - Light to Matter 34:08 - Project Hail Mary 35:15 - The Man Who Solved The Market 38:19 - Oxford Study
-
197: That Was The Boom
18/09/2021 Duração: 38minJon remembers he's no longer 25. Eric cleaned and went to a movie. Microsoft followup, a Walgreens Website Whoops and of course you would call a cyberweapon "Karma". Eric's fun is all space and Jon's fun is waiting for him to be able to come out and play. 0:00 - Intro 10:58 - CVE-2021-40444 Follow Up 16:37 - Covid Test Website Whoops 22:47 - Karma 28:04 - Inspiration 4 30:37 - LCRT 31:36 - DuAxel Robots 32:52 - X-Carve
-
196: Track, Don't Whack!
10/09/2021 Duração: 44minJon does plumbing and tail light repair, and Eric has a culinary weekend. Jailbreak detection evasion, spooky side channel of chrome, and two zero days, one in Microsoft and one in Zoho. For fun, the Perseverance rover has attained a core, an Asian Giant Hornet nest eradicated in Washington, and the "mythology of Bee Keeping" starring Jason Statham (??!?). 0:00 - Intro 14:37 - Jailbreak Detection Evasion 17:59 - Spoooook(y) 22:19 - MSHTML Zero Day 28:38 - Zoho Server Zero Day 33:06 - Perseverence Core (Dump) 35:59 - AGH Nest Discovered 40:50 - The Beekeeper
-
195: Give the Tree a Break
04/09/2021 Duração: 55minEric does some electrical work, Jon chats with a police officer about his car. More Cryptocurrency is (are?) stolen. Apple has a double agent and can give you a digital driver's license. Azure has a bug and some more NSO iPhone hackery discussed. Eric finally knows what happened to the Red Delicious apples and Jon is looking forward to details from Venus. 0:00 - Intro 14:07 - More Cryptocurrency Theft 16:48 - Apple's Double Agent 20:23 - Apple Wallet Driver's License 26:45 - Azure Cloud Bug 36:35 - iPhone Exploits 45:25 - Red (not) Delicious Apples 49:39 - Going to Venus...
-
194: Punk Seals
27/08/2021 Duração: 45minEric returns home, and Jon goes Fishing. Why you should keep home and work on different computers, a man tracks down his digital (bitcoin) muggers, a local privilege escalation in a Razer installer, and a location vulnerability in the Bumble app. For fun we have nuclear batteries and how to roll your own handwriting recognition machine learning model. 0:00 - Intro 10:26 - Church and State 15:01 - Digitally Mugged 19:34 - Razer Local Privilege Escalatiom 26:01 - Bumble Vulnerability 32:37 - Nuclear Battery 38:35 - Handwriting Recognition Example
-
193: Now More Delicious
20/08/2021 Duração: 48minEric drinks New Coke Zero. Jon gets less honey than he had hoped. Collisions in Apple's CSAM, a T-Mobile breach, a Covid testing site breach and Blackberry QNX bugs. Eric aspires to visit Machu Picchu now that he knows how old it really is and Jon talks about really hot tiny things and woolly mammoth travel tracking. 0:00 - Intro 14:36 - Apple CSAM collision 20:06 - T-Mobile breach 24:34 - Covid testing site breach 29:47 - Blackberry QNX Bugs 36:46 - Machu Picchu 40:02 - National Ignition Facility 43:42 - Mammoth Travels