346: Hackers Can Spy on You... (No Webcam Required?!)

Episode 346 February 08, 2024 01:09:48
346: Hackers Can Spy on You... (No Webcam Required?!)
Technado
346: Hackers Can Spy on You... (No Webcam Required?!)

Feb 08 2024 | 01:09:48

/

Show Notes

This week on Technado, Microsoft confirms the impending arrival of Windows Server 2025 (and the inevitable death of WordPad). In other "way of the dodo" news, Apple declared the last MacBook Pro with an optical drive (read: CD player) obsolete. And in Linux news, GRUB2 has some things in the works, including TPM2 automatic disk unlock.

In the world of cybersecurity, the FBI issued some covert commands to remove Chinese malware from routers - but is this anything more than a Band-Aid solution? Then, AnyDesk fell victim to a breach - but exactly how bad the breach was (or when it happened) no one seems to know for sure. Finally, the return of the TinFoil Hat segment: hackers can still spy on you even if you tape over your webcam - or don't have a webcam at all.

View Full Transcript

Episode Transcript

[00:00:00] Speaker A: You're listening to Technato. Welcome, and thanks for joining us for another episode of Technato. I'm one of your hosts, Sophie Goodwin. Keep in mind, you can use that code, Technato 30 for a discount on your it pro membership. Thanks to our sponsor, ACI learning. Once again, I'm Sophie, and I'm very excited to jump into today's news. I went ahead and read some of the articles, and, you know, some of them are. Well, I mean, I really got in depth, and I was like, oh, what's this? And I scared myself a little. So that should tell you what's coming. But I'm not alone here, luckily. Otherwise, I'd be terrified. Don Pezette to my left. Don, how are you doing today? [00:00:37] Speaker B: I am doing great. Excited about today's episode. It's been a while since we've had a solid tinfoil hat segment, and we've got one coming up later on in the show, so you'll definitely want to stick around for that. [00:00:46] Speaker A: Yes, that is the one that scared me, so you will want to stick around for that. Daniel, how did you feel about that? Just give us a preview. [00:00:51] Speaker C: Oh, I don't get scared, okay? I'm already, like, a card carrying tinfoil hat wearer. [00:01:00] Speaker A: Okay. Yeah. [00:01:00] Speaker C: I was just like, yes, that's just the news. [00:01:03] Speaker A: Okay, well, all right. I can't really add to that. [00:01:08] Speaker C: I've already gone through the gamut of emotions necessary to be able to process new scary stuff. [00:01:16] Speaker A: Yeah, I feel like you would be more likely to be the scarer, not the scary. [00:01:21] Speaker B: I don't think Daniel worries about secret surveillance, because, I mean, he's got an onlyfans page, right? [00:01:26] Speaker C: Please subscribe. Only dance. Yeah. [00:01:31] Speaker B: It's just the difference of whether you pay them $5 a month or not. That's it. [00:01:36] Speaker C: I literally like the way your knees, like, bend normal. Be a shame. [00:01:43] Speaker B: We're just strong armed people. [00:01:45] Speaker A: Explain that one to my mom later. Thank you for that. We'll go ahead and jump into our articles here before I get into trouble. This one comes to us from the register, and it's all about Microsoft. Microsoft confirms Windows server 2025 is on the way. Plus, this is a fun little caveat. It kills off wordpad once and for all. And I do believe I remember us talking about that a while ago about that going the way of the dodo heresy. I guess this is the end of the line for Wordpad. But more importantly, that's not really the focus. That's just what I chose to zero in on Windows Server 2025. Good news, right? [00:02:13] Speaker B: Yeah, I had a bit of a betting pool going on on what the name of the next version of server would be because Microsoft is all over the place with their naming convention. I would not have been surprised for it to be like Windows Server 2025. H two moment four series eleven. And that's just one name. [00:02:34] Speaker C: And if you don't say it in its entirety, then you've got the wrong distro. [00:02:38] Speaker B: Yeah, it's all wrong. Microsoft has switched to this release cadence where they are constantly releasing new builds and just every now and then they pick a build and they say, all right, that's the one, ship it and we'll make that one gold. And that's now the next version of server. And then it's out of date within a month because they've already done new updates. Beyond that, in my opinion, that's a good thing. The named builds though aren't as significant as they used to be. It used to be, you get really excited about a new version because it had all sorts of new features and that's kind of changed in the new method, but it looks like they've kind of locked into a pattern of every three years they'll designate a new version because we had Windows server 2019, then 2022 and now 2025. So this will be the version that we run until 2028 more than likely. And it's coming down the line. Not a whole lot of new features to get super excited about. In fact, one of the biggest things that's come across my feed has been the ability to change SMB's default port. SMB has used UDP port 443 for a long time. It is a target of a number of different exploits that are out there. What was the big one, Daniel? Blue something. [00:03:48] Speaker C: Eternal blue. [00:03:48] Speaker B: Eternal blue, that's it. And so there were a lot of people who wanted to change that port up, try and obscure, obfuscate, but it. [00:03:57] Speaker C: Was four, four, five was that was. [00:04:00] Speaker B: Over is four mixing it up with. [00:04:03] Speaker C: That's the UDP port. So the TCP port for SMB is four, four, five. [00:04:07] Speaker B: And that's what eternal blue used. [00:04:08] Speaker C: Yes. [00:04:10] Speaker B: So they're rolling out the functionality where you can change the port, make it whatever you want, have fun, get crazy. What I think is interesting, because I did a little research on it, is they're adding the functionality to the server and I haven't seen where they've added the functionality to the client to get on the right port. So that'll probably come a little bit later. [00:04:26] Speaker C: Probably. [00:04:27] Speaker B: Beautiful it certainly will. [00:04:29] Speaker C: What have you heard? Because I see that it's like you can change it to quick, right, which is a new protocol, and basically quick allows you to transfer data much like TCP, but it's faster, stronger, better. Right. What have you heard about this port protocol? [00:04:43] Speaker B: I haven't heard a ton because it's all still in development. But SMB is really old. Yes, and I mean, it's been updated. We're on SMB three now. Right. And so they've added new things. But when SMB was originally created, it didn't have authentication, it didn't have encryption. [00:04:59] Speaker C: What did? Man, it was the wild west back then, bro. [00:05:01] Speaker B: It really was. So they've added a ton to it, but it shows the protocol is not great for high speed transfers and things, so it's good to see them making some improvements. And quick is supposed to help with some of that. We'll see. Once it gets out in the field, I still find myself leveraging SFTP and other things like that that are a little more tried and trues. I try not to get on the bandwagon of new file transfer super early. [00:05:25] Speaker C: Yeah, bleeding edge. It's nice. It's cool to say I'm on the bleeding edge, but for real production stuff, you probably want to wait until it's a little more mature. [00:05:35] Speaker B: Now, the one thing that has me, I don't want to say concerned, but as an it worker that I have my ears cocked up for is they are making some changes to active directory. So there's supposed to be some big enhancements coming to active directory, but I have yet to be able to find any documentation on what those enhancements are. But I've heard more than one Microsoft rep say it in Windows Server 2025. There's going to be some advancements in ad, and what I suspect is it'll just be further integration into Azure ad and maybe even making it where you're required to use it. But I haven't seen the details yet. Anytime there's a change to active directory for an IT worker, a sysadmin, whatever, it tends to be painful. [00:06:20] Speaker C: Yeah, they don't ask us whether or not we want those changes or not. They just kind of come down all ham fisted style and say, here's your new active directory, enjoy. But you just broke a bunch of my stuff. I don't care. What are you going to do? Not use active directory? Silly person. You. That's never going to happen, so eat it and enjoy. [00:06:40] Speaker A: And I always love looking at what other people have to say, just because there's always somebody that's really angry, even for something like this where I'm like, okay, this is just a normal, like, hey, this is coming. I don't see anything in here that, unless somebody's really passionate about wordpad, I guess. But this person, they didn't specify what they're mad about. They just said fan shitting tastic, which is a new one for me. Another pile of shite nobody needs just fix the existing version. But that's kind of what they come up with. New versions this every couple of years, right. So it's normal. [00:07:09] Speaker B: So they're releasing updates on a very frequent cadence. Right. So every month we get new security patches, every six months we get new feature releases and then they just stick a new name on it every three years. So that person who's saying just fix your product, technically that's what they're, yeah, yeah. So that just means they don't really, and I'm not saying Microsoft is a bunch of. Right. [00:07:31] Speaker C: Oh. [00:07:31] Speaker B: But there's certainly a lot of emotional baggage for things that have happened over the decades and it's hard for people to overcome that. I remember back in the early days of Windows nt when a new service pack came out. You couldn't trust it. You absolutely could not trust it. I think it was service pack three where your servers would reboot. Once a month your server would reboot and in the middle of the day you had no idea what was going on. It would reboot and turned out it was a problem in that service pack and they had to rerelease that service pack. It's not like that anymore. These updates largely, you can trust them and roll them out. You hear about them breaking desktop stuff every now and then, but server has been really solid the last, really like the last eight years. [00:08:11] Speaker C: Good for them. I'm glad to see they're finally catching up with demand and what we actually need out of our server environment and our desktop environments as well, where I do not fear applying my updates. I just want to get it over with so that I can get back to doing what I want to do. And I do love coming into my office on Wednesday morning and going, it was patched Tuesday yesterday because all my stuff is gone. [00:08:37] Speaker B: Now. I will say in our day job we don't use Windows servers for any of our platform product stuff. We use Hyper V servers. So that's all Windows server for our lab platform and we have some on vmware so it's kind of split. So we have both. But as far as operational services, the website and all that, that's all hosted on Linux servers these days. So Windows Server has become a little bit less relevant over the years, even inside of Microsoft. We've reported on CBL Mariner and their versions of Linux in Azure. They launch more Linux virtual machines every day than they do Windows servers. So its relevancy is starting to decline. I don't see anything here that's going to stop that. So I think that trend is just going to continue. [00:09:21] Speaker C: Yeah, wordpad being gone, that's what's up. [00:09:23] Speaker B: Yeah. [00:09:24] Speaker C: You think they would just purchase notepad plus plus at this point and make that the default thing? [00:09:29] Speaker B: Yeah, right. [00:09:30] Speaker C: It's a pretty good tool. [00:09:31] Speaker B: It is. Although I would say there's nothing notepad plus plus can do that vs code can't do. [00:09:35] Speaker C: Oh, that's true. That's a good point. I just recently have adopted working with vs code. [00:09:41] Speaker A: I'm about to start learning it for show notes and stuff. [00:09:44] Speaker C: I know I'm late to the game on that as well, but I mean if it wasn't broke why would I fix it? I know it's cool. [00:09:51] Speaker B: So I know a lot of people that have switched to vs code. I use sublime text. [00:09:57] Speaker C: I've been an atom user for years. [00:09:58] Speaker B: And then they stopped support and I've used Sublime for a long time and the reason I got to it originally was it was one of the only editors that was robust feature wise, but also had a Mac, Linux and Windows version because I moved between all three all the time. So I needed something that was consistent so I could get work done. It's not user friendly software. I've described it before as like an abusive relationship. Yeah, but I stay in it. [00:10:22] Speaker C: Sublime text loves you like Ike love. [00:10:27] Speaker B: Like if I was just starting out today I probably wouldn't pick sublime text, but I've just been in it so long. I talked to emacs, people like that too, where they just use emacs so long there's no way they're going to move away from it. [00:10:36] Speaker C: Talk about a religious yeah, yeah. [00:10:37] Speaker B: But vs code is super robust. [00:10:40] Speaker C: No. My question would be though is isn't it kind of like it seems to run a little less quickly than something like a notepad? Like those kind of stuff is really snappy and for just simple text stuff, do I need to fire up the entirety of vs code to get it? Because there's a lot going on, especially if you got a bunch of plugins and themes and all that you could have going on in the hood. It'd be nice to just have a simple yet more useful alternative. [00:11:04] Speaker B: Yeah. In sublime text, I can open up a five gig CSV file and it just opens and I can scroll straight down and all. It does really good job of handling memory access vs. Code. Not so much, because I think it's built on electron, right? [00:11:19] Speaker C: Yeah, I think so. [00:11:19] Speaker B: Yeah, that'll do it. [00:11:21] Speaker A: Well, going back to the best part. The rabbit trail is the best part. [00:11:26] Speaker C: Sicily, 1923. [00:11:30] Speaker A: As a reminder, Wordpad is dead and Windows Server 2025 is on the way. So there you go. And speaking of things being killed off or declared irrelevant or going the way of the dodo, et cetera, et cetera, this next article comes to us from ours, Technica, and it says, apple declares last MacBook Pro with an optical drive obsolete. And this laptop had not been in sale for more than seven years. But I guess it was just recently that they finally said, this is obsolete. We haven't been selling it for a while, but as of right now, this is useless. [00:11:54] Speaker B: Basically, this one caught me by surprise because I thought it had already happened. You would think I didn't know that any optical drive systems were still supported by Apple. But it turns out it was one thing. [00:12:06] Speaker C: You're like, what's an optical drive like? Light. [00:12:12] Speaker A: For the viewers that don't know, maybe you should give them a brief for the viewers and listeners that don't know. Not me. [00:12:19] Speaker C: Yeah, not you at all. You know all of these things. [00:12:22] Speaker B: I remember when a lot of laptop vendors started dropping CD and DVD drives, right? And they were dropping it for a couple of reasons. The main reason was they wanted to make their devices smaller. You see these things like, daniel, your laptop is so thin, you couldn't put an optical drive in there. Sophie, yours is a little bit thicker. Maybe they could, like on the other side. But they wanted that room for ports. They wanted other stuff to go in there. And the batteries. Yeah. Oh, definitely bigger batteries. But the other problem was that optical media had met its maximum transfer rate. Like, there was no way to speed it up if you ever dealt with these things. They used to advertise the CD and DVD drives, and they'd say it was a 40 x or a 48 x or a 52 x. Yeah, I remember that. And they stopped at 52 x. And what that was was a measure of how fast the disk could spin. And once you get over 52 x. [00:13:12] Speaker C: This thing destroys itself. [00:13:13] Speaker B: The disc breaks apart and shoots out like shrapnel. [00:13:17] Speaker C: I turned my computer into a bomb. [00:13:19] Speaker B: It's like an IED. [00:13:20] Speaker C: I just wanted to watch Stargate. [00:13:23] Speaker B: Now you got pieces of disk stuck in your face. [00:13:27] Speaker C: Worth it. [00:13:28] Speaker B: So with the transfer rate maxed out, there was no advancement there, and Blu ray came out. But nobody, Blu ray did not get the adoption rate that you saw with other stuff. And so it made sense for it to die away. And I thought at the time, I was like, oh man, I have so many discs that I'm going to need access to. I bought a USB DVD drive and it sat in my desk drawer. I haven't broken that thing out in years. [00:13:53] Speaker C: Torrenting became really popular around that time as well. And so I could get a digital copy of, someone could get a digital copy of a movie. [00:14:03] Speaker B: I've heard that, I heard that this. [00:14:04] Speaker C: Was a possibility and that people did it, and then it was like, well, just watch it all on my computer anyway. I don't need to use the optical drive anymore because most of the things I'm watching that I would be or that they would be watching instead is no longer on a disk. [00:14:22] Speaker B: And for a while they were selling tv shows on DVD and you can still buy them that way, but a lot of series aren't released that way now it's going to be on a streaming service. That's the way to do it. So I was surprised to see, though, that there was still one Apple device, a 2012 MacBook Pro that had an optical drive that was still supported. And I actually had that laptop back when we started itproTV, which was in 2012. That was the laptop that I got as my company laptop, used it for three years and then replaced it, I think. So it was a good device, but I probably didn't use the DVD drive back then either. [00:14:58] Speaker C: Right. [00:14:58] Speaker B: It's just not something we really need anymore. [00:15:00] Speaker C: So finally Apple said, why are we supporting? [00:15:05] Speaker B: And if you go and look at Lenovo's today, Microsoft Surface, I don't think any surface ever had an optical disk in it. So I think it's finally that nail in the coffin that just not available anymore. [00:15:18] Speaker C: So I keep one laptop around that has an optical drive in it for the purposes of ripping my movies and putting them on my Plex server. And if I'm like, oh, no one's got this on plex, I'll look through my cases and go, oh, I knew I had this and pull it out and rip it and throw it up. [00:15:36] Speaker B: On the Plex server. I did have to do that. Not too long ago, my youngest son wanted to watch a veggie Tails movie. [00:15:42] Speaker C: That was, I noticed that you had a veggie tails. [00:15:45] Speaker B: I was like, veggie tails? [00:15:47] Speaker C: My kids love it. [00:15:49] Speaker B: I forget it was on Netflix or Amazon prime or whatever, and they removed it from their library, and so he couldn't watch it. And so I was. And so, so I thought, I've heard that people can go and download things on the Internet, and I couldn't find it. And so I was like, fine, whatever. I go on Amazon, $7 for the dvd. I'm like, all right, I'll just buy the DVD. And then I had to remember how to rip a DVD because it's been so long. [00:16:14] Speaker C: Handbrake is easy, super easy. [00:16:15] Speaker B: But you have to add the DCSs Dll to it. I did. [00:16:19] Speaker C: No, mine was all. It was like, install handbrake. Run handbrake. There you go. [00:16:25] Speaker B: Apparently, I'm amateur hour because I had the DCSS library to it and stuff, so I ripped it and threw it on plex. Just because you couldn't get it online. [00:16:35] Speaker C: Any other way, did you just admit to a crime? [00:16:38] Speaker B: I don't think so, because I own the DVD. [00:16:39] Speaker C: Right, right. But you're not allowed to break the encryption. That's what's illegal. This is all. [00:16:44] Speaker A: In theory, yes. All of this is. [00:16:45] Speaker C: You're allowed to have a digital copy, but you are not allowed to break the encryption. [00:16:49] Speaker B: Well, then, yes, I believe I've committed a federal crime. [00:16:51] Speaker C: And the FBI will be notified, knocking. [00:16:53] Speaker B: On your door, and it'll be veggie tails versus don Pezette in the Supreme Court. [00:17:02] Speaker C: That is kind of fun. [00:17:03] Speaker B: I won't be taken down by some talking tomato. [00:17:06] Speaker C: I went to watch the talented Mr. Ripley the other day, and nobody in our circle that I have, we've got. [00:17:12] Speaker A: The talented Mr. Ripley, right? He's ripping dvds left and right. I know most of our viewers and listeners probably are on the level know you're ingrained in this stuff. You know the terms. Keep in mind, I only started working in this space a couple of years ago. A lot of this stuff is stuff that I used, and I just didn't know the proper name for it. So, like, I had a laptop that had what apparently is an optical drive in it. I just always called it, like, oh, the DVD Drive, the CD drive, whatever. I never knew that that was the name for it. So this has been eye opening for me in a way. I didn't know it would be because I hear optical drive, and I'm like, yeah. I'm thinking, what the hell? Did I miss the vote on that? And that wouldn't be surprising, because I missed the boat on a lot of things. That just was before my time. But this is something that, yes, I use and just didn't know that's what it was called. So for those of you that are a little more like me, that are maybe you know the stuff, you're still learning the terms. There you go. Maybe you've learned something. [00:18:03] Speaker B: It's also known as the cup holder. [00:18:05] Speaker C: Yes, the cup holder. So wasn't that part of the sub seven trojan where it was a command control? Right. So if I infected your machine with sub seven, then I had a dashboard of things I could do to your computer, and one of them was cup holder. I think that's what it was. [00:18:30] Speaker A: That would freak me out. [00:18:31] Speaker C: And that's the whole purpose of it, was to freak someone out, make them go. [00:18:34] Speaker A: You could do nothing else to my computer and leave everything else alone. And that would be enough for me to be like, it's haunted. [00:18:38] Speaker C: It's so funny how you can, especially back in the day when we were young bucks in this, you can mess with people because they didn't understand how the technology worked. I worked at the local hospital, workstation support, and that's when we learned about net send. Right. And you could send these messages to people via net send. [00:18:57] Speaker B: Unauthenticated. [00:18:57] Speaker C: Yeah, unauthenticated. Just if they're connected. You could send them a note out there. And a lot of the guys I worked with spent a lot of time in chat rooms at that time. This is the late 90s, right? So spend a lot of times trying to meet people on chat rooms. And one dude was kind of annoying, so I sent him a net send message. Like, why would you send that to me? And you could say it came from this person. And he thought that we had said inappropriate things to some girl he was trying to talk to on the Internet. [00:19:30] Speaker B: Nice. [00:19:30] Speaker C: And I would just keep sending him messages. He's like, I can't stop this from. I was like, I'm a hacker, and I hacked your computer. It was hysterical. [00:19:41] Speaker A: That's very in character for you. [00:19:42] Speaker B: I feel like the good old days. [00:19:43] Speaker C: Yeah, it was fun. [00:19:45] Speaker A: Well, there you go. Like Don said, it seems like this is something that it's been out of use, I guess, or out of common use for a long time, but I guess this is the official end of that era. Rest in peace or rip. Let's pour one out to finish it on a rip. That note, that was a joke. You can laugh. This next article comes to us from. Yeah, he laughed. He just waited. He was off camera to do it. Silent laugh comes to us from Pharonics Grub. Two working on TPM, two automatic disc unlock, trench boot and more. And I will be totally honest, this is something that I might need you to help me kind of parse through because I read through it and a lot of it is acronyms and stuff that I'm just not familiar with. [00:20:26] Speaker B: And I don't think you would have used any of this because Grub, if you run Linux, the odds are you run grub, right? Grub is the default bootloader for most Linux distros that are out there. So when you boot up your computer, your UeFi bios kicks in. It goes to find the operating system. It typically finds your grub bootloader. The Grub bootloader identifies the different distros that are running on your system. And Grub can boot windows, it can boot macOS, even it can boot Linux. If you just have Linux installed, this might all get skipped for you and just goes right into your os. But otherwise it lets you pick. So like I have my laptop set up where I can pick between windows and Linux. And so Grub is what displays that Grub doesn't get updated very often. In fact it just got updated at the end of December and that was the first update in over two years. And we don't normally report on it because honestly it's Grub. [00:21:19] Speaker C: Who really cares your operating system. [00:21:21] Speaker B: But there was a conference in Europe just last week called Fosdem 2024 and the Grub team made some announcements on what they're working on this year. And one of those things was really important and I wanted to get the word out on it. And that is automatic disk unlock. If you use disk encryption on Linux, it's super duper frustrating, right, because of the way it's implemented. And you kind of have a choice. If you do like Lux disk encryption, typically you're going to power on your computer and you have to manually type in a decryption key to be able to unlock the disk to finish booting. And then you still have to log into the system and go in. You can do custom authentication modules and try and do things like I had mine set up to use a UB key at one point, which was nice, at least I didn't have to type in big key, but it was still annoying to have to go through that process. When you look at macOS and you look at Windows and how they're able to boot up and you just authenticate one time, use your user account and the key to unlock the disk is stored in the TPM and Linux has not had great support for that. There have been ways to kind of force it in there and it's never been very reliable. I haven't trusted it. And if you google around, you'll find tons of instructions where people say, oh yeah, it's really easy to make grub do the unlock. What you do is you take your encryption key and you put it in your Fstab file so when it goes to mount it, it can decrypt it. [00:22:41] Speaker C: That's a mistake. [00:22:42] Speaker B: Yeah, because the FStab file is not encrypted. [00:22:45] Speaker C: Yeah. [00:22:45] Speaker B: So if somebody, like, if I steal somebody's computer, I can just stick their hard drive onto my computer and go into that Fstab file, get the key and off we go. We just blew the encryption away. You might as well not encrypt. But the grub team is finally putting a focus on this. They're looking at the TPM two support to say, we want you to be able to store the encryption key in the TPM just like the other operating systems do. And that way when you boot up, you just have to authenticate one time and now you can have your full disk encryption much more reliably. That's something to be excited about. And if they get it done this year, that's something you'll want to adopt quickly. [00:23:17] Speaker C: Yeah, that'll be a really good step in the right direction for Linux operating systems out there in the world. Right. Because then you become parity with the others and might give you a little more market share. Not that you got a ton, but whatever I can have, I want it. [00:23:33] Speaker B: All right. [00:23:35] Speaker A: Somebody in the comments had mentioned, and again, some of this is stuff that I wouldn't be familiar with because, just because I don't use Linux, I don't use a lot of this stuff. But a couple of people had. Well, among other reasons. But a couple of people had mentioned that they were even more excited about the upcoming argon two support. Is that something that you all had heard about or something that was on your radars at all? It's not on my radar either. [00:23:58] Speaker B: Yeah, the argon two is. Isn't that a raspberry PI case? [00:24:04] Speaker C: I have no idea. [00:24:05] Speaker B: Which has a weird boot system on it. I've got an argon one. Let me make sure I know what I'm talking about here before I say, what is an argon? [00:24:15] Speaker A: I did not mean to throw you a curveball. I'm not familiar with a lot of the terms so something else that people were saying was I'd much rather distros commit to using system debute. Like a lot of people had mentioned. [00:24:25] Speaker B: That an argon two is a memory hard key derivation function. All right, so it's another way of hashing a password. I'm not familiar with that one. So yeah, apparently that person's excited about it. [00:24:37] Speaker A: Yeah, okay. It was mentioned a couple of times and then other people saying like what's the point? Just commit to using system debute. And I'm not familiar with that either. So unfortunately it's hard for me to parse through this stuff sometimes. But when it comes to Linux, I can generally follow along with windows and Mac and things. But it's just an operating system. I don't use a ton. [00:24:55] Speaker B: And this article came to us from the people at Pheronix and the, the guy who runs it, Michael Thereabelle, really intelligent guy. But then all the people that post on there are really knowledgeable, especially when it comes to hardware drivers and stuff. So the comment section is a little more advanced than like on a Tom's hardware or someplace like that. Okay. [00:25:17] Speaker A: And I guess this is where a lot of times folks that are listening and watching, sometimes they're able to know, oh hey, you guys were talking about this. Here's what that means. So if you're familiar with argon two, for instance, and you've got something to say about that, feel free, drop a comment, let us know. Because I do go back and read them and it helps me a lot when there's things that are like, oh, Sophie, this is actually what that means. And I don't know, it's helpful. [00:25:38] Speaker C: Some of them just make you cry. [00:25:39] Speaker A: Some of them do maybe not cry. [00:25:42] Speaker C: Be kind in the comments section, people, please. Is that too much to ask? [00:25:46] Speaker A: Talking about I got nerves to you. [00:25:48] Speaker C: We're just having fun here. It's a good time, seriously. [00:25:51] Speaker A: But yeah, it does seem like based on the comments, even though I can't maybe parse through every specific that they mention, general excitement about this, general good vibes, good news. [00:26:02] Speaker B: It's nice that they share the roadmap and there's some good stuff on there that's worth getting excited over. [00:26:06] Speaker A: Yeah, absolutely. Well, that is going to do it for our tech news. Don't worry though, we've got security news coming up in the second half and like I said, some of it did give me a bit of a fright. So if you want to know more about that, you'll just have to stick around for the second half. Of Technato tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible? The answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development in a manner that fits today's expectations, entertaining, convenient, and effective. Our exam aligned courses inspire the full potential of your team. Visit virtual instructor led training at ACI learning for more info. Welcome back for more Technato. Thanks so much for staying with us through that break and whether you're watching on YouTube, joining us from Spotify, Apple Podcasts, wherever you're listening or watching from, thank you so much for being here. And if you haven't already, feel free to subscribe so you never miss an episode of Technato in the future. We also have webinars live on social events that live here on the channel. If you are joining us from YouTube, we've got a webinar this week. It's actually later today. Has to do with it, getting into it, building your resume and things like that. So feel free to join for that. I believe that's going to be Lauren that's on that Lauren deal, and she'll have a guest, so should be a lot of fun. Tune in. And of course, every other episode of Techno lives on this channel, so you never run out of material to watch. That being said, we've got more Technato for you today. We've got a couple of security articles we're going to get into, and this first one comes to us from ours, Technica. Are you guys feeling prepped? Ready to jump in? [00:27:41] Speaker B: I think so. [00:27:42] Speaker C: Security thing bad. [00:27:43] Speaker B: And for those of you in tv land who wonder what we talk about during the break, I just want to answer a question for us. That Miley Cyrus's net worth is currently $160,000,000, so not a billion. [00:27:53] Speaker C: I mean, these are the things we. [00:27:54] Speaker B: Talk about she's doing. [00:27:57] Speaker C: But if Taylor Swift woke up with Miley Cyrus's money, she'd probably have a real problem. [00:28:03] Speaker B: Yeah, she would. She would. [00:28:04] Speaker A: She'd be crying. [00:28:05] Speaker C: How is she supposed to afford two private jets? [00:28:08] Speaker A: There would be teardrops on her guitar. [00:28:09] Speaker C: I just saw yesterday that she's being, like, attacked because she has two private jets and she could have three. Her carbon footprint is apparently not great. [00:28:19] Speaker A: Yeah, it does hit a little weird when it's reduce your carbon footprint and then you see people that have two jets and it's like, I'm not the problem here. [00:28:27] Speaker B: But anyway, you know who is the problem? Chinese hackers. Right? [00:28:31] Speaker C: They dance. There are good segue. [00:28:33] Speaker A: Yes. Gosh. Crazy coincidence. That's a question for them. But speaking of chinese hackers, that's where our next article is going to take us. It comes to us from Mars Technica. Chinese malware removed from Soho. Routers after FBI issues covert commands. Says routers are about time. Yeah. Routers are being used to conceal attacks on critical infrastructure. Isn't it always? Every time there's an attack, it's always like critical. It's always something like huge. Because if it wasn't, it wouldn't be huge. Very big. Anyway, so it says chinese malware removed. So I guess that's good. But what happened here? [00:29:12] Speaker B: So a couple of interesting things coming out of this article. And the first off is that the FBI is actively accessing citizens routers and removing malware from them. Right. There are people who argue that that's a bad thing. [00:29:26] Speaker C: It's an interesting idea. [00:29:28] Speaker B: I view it as a public service. Personally. I appreciate that they're doing it. They did have to get a seizure warrant. So this isn't like a warrantless thing. They didn't just go and do it. And the way the warrant is, the US legal system is not designed to handle situations like this. And so a seizure warrant says they're allowed to go in and take the router. So they could have gone out to hundreds of american households and just taken the router and walked out the door. That's what the warrant says. But that's not what they did. Instead, they remotely accessed these devices and removed the chinese malware that was put on them to prevent that from being exploited. Now, that's one part of what happened. Now, the other part I think is really interesting because a number of new sites are describing this as a botnet being taken down. And when I think of a botnet, maybe this is just a me thing, but I think of thousands of zombie computers that are now going to be used for like a distributed denial of service attack. But that's not what these were being used for. What they were being used for was each of these routers were building a VPN tunnel back to China. That's how they know where this was sourced from. And it allowed hackers in China to traverse the VPN and then perform attacks from us ips. So it was ip addresses right here in the US accessing critical infrastructure. So that's a problem. There's a code red right now or whatever the color system is that we're supposed to be getting an overwhelming attack from China and Russia on the cybersecurity front. In the next whatever panic window of time they want to give, know we're seeing some actions being taken right now to help prevent that. So this one's pretty neat. They didn't disable any functionality on the routers. Even if you had your own VPN set up, they didn't disable that. They were able to just target the malware piece and remove it. But in all these cases, they were linksys or Cisco brand at the time and Netgear routers that had reached end of life. So the vendors were not putting out updates for it. So even if the home user wanted to do the update, they couldn't. There just wasn't one available. They would have to buy a new router. Well, the FBI has stepped in and kind of solved a problem. [00:31:31] Speaker C: So a. They actually didn't solve the problem. [00:31:34] Speaker B: Oh, no. [00:31:35] Speaker C: Right. Here's fun fact in this article. It says that if these routers are rebooted, then the FBI pushed fix goes away and the routers are again vulnerable. [00:31:48] Speaker B: I missed that part. [00:31:49] Speaker C: That's real fun. Yeah, real disappointing. So if they were to have sent FBI agents with a tech geek with a new router in hand and went and took that router out of the, and put a new one in and set it up for the person, that would have been a better solution. [00:32:04] Speaker B: Yeah. [00:32:04] Speaker C: One that was not vulnerable. [00:32:06] Speaker B: That's not going to happen, though. They would go and they would take the router and that would be that. [00:32:10] Speaker C: We spent a bunch of stupid money on stupid stuff anyway, so let's. Why not this? It's only hundreds of routers, it said. So I feel like this was a project they could have gotten behind and just said, these Routers, bad garbage time, and we're going to put this router in and don't get that one out of the garbage anymore because it's bad. [00:32:30] Speaker B: And then it ends up out of the garbage. [00:32:32] Speaker C: Yeah, some kids like, whoa, a new router. [00:32:35] Speaker A: Sweet. [00:32:37] Speaker C: I can game. But, yeah, that was the fun part about this. I was like, okay, so I'm kind of like with you on this, as far as I'm not a huge fan of the government doing things, but the fact that they got warrants and this was more of a public service than it was them trying to go. I'm fearful of slippery slopes that government tends to take. What do they say? Once the exception, once you make an exception to the rule, the exception becomes the rule kind of thing. So I worry about that. But there's only a couple of hundred. Again, maybe it's all one grain of rice on the heap, right? As it continues, there's arguments to be made on both sides on whether or not this morally or ethically was correct to do. Obviously, why not go to the industrial controls or the critical infrastructure places and say, let's block these ips, right? Instead of knocking people's taking control of other people's router and then sending those people some sort of information. Your router has been hacked. You need to take steps to remedy this. Go buy a new router. Here's a couple of we suggest, and maybe here's a check for $100, go buy a new router. Yeah, right? There's so many other things they could have done that would have been technically more effective, because as soon as they get a power outage or, hey, the Internet is not running really great, reboot the router, their fix goes bye bye. [00:34:12] Speaker B: I think in the medical industry, they have a phrase, and you've all probably heard this before, you don't treat the symptom, you treat the cause, right? If you want to fix it, if you just treat the symptom, then it's never going to go away, right? [00:34:24] Speaker C: So that's exactly why they do that. [00:34:27] Speaker B: Well, I guess when money fuels the medical industry. So the symptom here, we've got a couple of symptoms, right? So our critical infrastructure is not secure. That's one symptom. We've got home users are unable to update their routers. That's a symptom. The routers have vulnerabilities. That's a symptom. The cause is we've got hackers that are attacking the system. If the hackers didn't exist, it wouldn't matter if these systems were updated or not. But if you look at the FBI, for example, and say, what can they do about those chinese hackers or whatever country they're from? Doesn't matter, right? Hackers in general, not a lot. Without really breaking our freedoms, right? They could pull a China and say, we're going to put a great firewall around the United States and not allow traffic to other countries, which honestly might be a good thing. But at that point, it really starts to tread on freedom of information and so on. [00:35:24] Speaker C: So let's go to a hot war. [00:35:26] Speaker B: Which, no, don't do that, and I do think they're making efforts on the critical infrastructure side. There's a lot of money going into that right now to try security around critical infrastructure, but it's so bad it's going to take a while. [00:35:41] Speaker C: It was such a monolith, and it was built with no real security in mind because of how it was designed. Right. It wasn't designed to be connected. And then we said, you know what we should do? We should connect these things because I like working from home. Totally get that. But you see that you got to do that risk matrix thing, right? What is that? The likelihood versus probability or whatever. [00:36:08] Speaker B: Probability and impact and impact. [00:36:10] Speaker C: There you go. Impact. And that's going to score high on that scale. So we should probably do other things like build security first and then connect, not slap security on some crappy connection solution that you decided to go with. [00:36:28] Speaker B: Well, it kind of ties into what we were talking about in the first half of the show with SMB. [00:36:32] Speaker C: Right. [00:36:32] Speaker B: Where SMB or FTP for that matter, they started out with no security on them and it's been bolted on, and that shows it's not great. [00:36:41] Speaker C: Right. [00:36:41] Speaker B: So is it time to create new protocols, create new system? It is, absolutely. People aren't doing it. [00:36:47] Speaker C: Yeah. And that's because it's really hard to do that. A and that's true. That is a true statement. It is hard to create new protocols, get wide adoption, but it's got to start somewhere. It's one of those things where it's the journey of 1000 miles, right. It starts with a single step. You just have to get going. You have to start creating the protocols that have that advanced layer of security built into them, designs that have security in mind. And then every new thing we do starts to adopt that as we slough off the old and we hobble it along and we bolt and modularize as much as possible until we can move away completely from that so that it can be a part of the system until I don't need it anymore. But if you never make steps toward it, you're just leaving yourself. I don't get it. Why are we not. We have so much money, we have so much capability, we have so much infrastructure. We could be doing it. Would we blow money on dumb crap that means absolutely nothing in the long run because we want the m one money stock to go up. [00:37:49] Speaker B: Yeah. I don't want to turn this into a political podcast or whatever, but I think when you look at our leadership here in the United States, where the average age is, these are not people that grew up with computers. [00:38:04] Speaker C: That's true. [00:38:05] Speaker B: Right. And so they don't think that way. And they probably have staffers that did grow up with computers that recognize this as a threat and they're trying to do things. But I think that's a big part. [00:38:14] Speaker C: Of the old guard kind of goes away. [00:38:16] Speaker B: Yeah, but that keeps us behind the. [00:38:18] Speaker C: Eight ball for so much longer. [00:38:20] Speaker B: If you're a senator and you literally fought in a real war and really had to shoot at people, it's hard to get upset about somebody, like, remotely turning your light on and off. Yeah. And so I think that's a big. [00:38:32] Speaker A: Especially if you don't understand the implication that it's not necessarily turn the light on and off. What's the big deal? Okay, but the fact that they can do that and they have access to do that, I could see somebody that's that age being almost a big deal and not understanding the implication. Now, I'm curious. I was poking around in the comments because I like to do that, and somebody had mentioned what was more disturbing to me than hackers is that these routers have covert commands to begin with. COVID commands, in this case, seems to be a polite euphemism for a backdoor. Do you think that that's pretty accurate of a statement to make? [00:39:02] Speaker C: It's not impossible. It's not even, like, horribly improbable. [00:39:08] Speaker A: Yeah. [00:39:09] Speaker C: It is probable that they. I mean, most of these things are made in China. It is quite possible and even probable that that is the case, that they have backdoored these things. And unless we're doing some sort of security due diligence to look for, um, when you create a device that has to meet FCC regulations, you have to submit a bunch of testing and paperwork that goes along with that. And you can kind of look that up. You look at your router and you see the FCC id on the bottom of it. You can actually look that id up, and it will show you the internals of the device and some of the schematics and specs that go along with that. But I don't think that they require any kind of security testing on the device before it is approved for sale in the United States. So it does seem kind of weird that we would purchase devices from a country that we're not that friendly. And that seems odd to just, I'm not just talking home routers here. We buy, like, electrical transformers from China. [00:40:16] Speaker B: All of them? [00:40:17] Speaker C: Yes, all of them that run computers that have technology built into them, and they don't run through any security tests, they just plug it in, turn it. [00:40:25] Speaker B: Know, Bruce Schneier was pushing for this a couple of years back, where we have underwriters, laboratories, ul. So if you get a battery from overseas, you want to make sure that it's ul rated because otherwise it's going to explode when it charges or your electrical devices and stuff. You want to see those logos on there to know that it's been tested. We have that in place because we were getting dangerous products from other countries. But we don't have that for software. There's no software equivalent on that. And we are trusting. Just go on Amazon. You know this better than anybody, Daniel, go on Amazon and look at the wireless webcams. And when you're buying a Yondu brand that you've never heard of before, do you think they really invested in secure software for that webcam? No. They did the bare minimum to get it operational, and then they selling it for $15 on Amazon. There's no way they have a security team and so on. [00:41:17] Speaker C: No. Again, it goes back to the idea if we were super friendly with China, and China was very, not very militaristic against us, but unfortunately they are. They absolutely are. We are obviously being attacked by them on a daily basis. Why in the world would we have business with them? That just doesn't make sense. They are literally your enemy. And you're going, no, if I meet you on a battlefield, I'm going to shoot you right in the face. But hand me that stuff. Are you building that cool stuff over? Let me get some of that. I'll pay you. That doesn't make sense. If I'm your enemy, I'm going to go, oh, heck, yeah. Let me get you some of those. Here you go. It's all good, man. I mean, battlefield, I'll kill you. [00:42:06] Speaker B: But I forget what it was the other day. I was shopping for something and somebody had made a post annual. I'm not going to buy that one. I want to buy american. And somebody else replied and said, okay, which brand is made in America? [00:42:19] Speaker C: Because none of them were not. [00:42:20] Speaker B: And so a lot of times we don't have a choice. You just have to do. [00:42:24] Speaker C: I mean, we kind of got ourselves into this position by getting rid of manufacturing in America, right? Because it became really cheap. Thank you, politics. I know this has become like a political show all of a sudden, but these things are what have caused the issues that we're looking at. This is what has made it possible for these hacks to occur. So if we don't address kind of like what to don's point. If we don't address the cause, we're just fighting symptoms at that point and that's all we'll ever do. [00:42:54] Speaker B: Yeah. [00:42:54] Speaker A: I would argue that regardless of how you feel politically, I think a lot of people agree that it's tough to have a lot of representatives that are quite a bit older just because agree to have somebody that's maybe a little bit younger, a little bit, maybe you don't want somebody that's 16 in there but somebody that maybe has a better idea. Current problems, right. Current issues like that as opposed to just things that have been issues for years, things that are upcoming issues. But did you find the average age? [00:43:18] Speaker B: I did look it up. Yeah. In the house, the average age is 58 years, which is high, but not. [00:43:26] Speaker A: As high as I would have been. [00:43:27] Speaker B: Crazy. [00:43:27] Speaker C: We've had a couple of rounds within the last few elections that have got. [00:43:31] Speaker A: Bring down the average people. [00:43:32] Speaker B: But in the Senate, the average age is 65 years. And so if the average age is people that are at retirement age, like 65 is the retirement age in the United States, those are not people that grew up with computers. And when you're at the end of your career, you're not like, oh, I'm going to learn some new technology. Most people aren't. Right. It's not what they do. So. Yeah, when that's what you've got leading the initiatives, you're not going to get cutting edge stuff. [00:43:56] Speaker C: Yeah. Back when I was an in classroom trainer, I loved when I did like a computers basics courses or whatever, and there would be older people that came in, they're like, I'm learning this stuff. I'm sick of not knowing how to do the normal everyday things that my kids can do and my grandkids can do. And I have no concept of this. So I want to learn this stuff. I'm like, you're the kind of person that is awesome, right? You rock because you are not satisfied to rest on your laurels and just fade off into the sunset. [00:44:24] Speaker A: Right. [00:44:24] Speaker C: You want to be a part of the solution and not a part of the problem. I doubt highly that you are going to be the kind of person that gets scammed or things like that because you are keeping your ear to the ground, staying informed. [00:44:35] Speaker B: You're staying informed, right? [00:44:37] Speaker A: Yeah, absolutely. Well, it does seem like this is kind of a, you'd kind of mentioned it's a fix, but not really a permanent fix. This could easily be undone. So bandaids don't fix bullet holes. No, they don't anyway. But I guess it's good that they're trying to fix this. And we'll have to see if this pops up later in a deja news segment. [00:44:55] Speaker C: Yeah. To me, that was more of like a temporary solution to a permanent problem. And they need to come up with a permanent solution to that problem. [00:45:02] Speaker A: Yeah, it's a bandy solution. But moving on, we've got a couple of fun segments here coming up. And this first one is one of my favorites. It's who got pwned? Looks like you're about to get that in my ear that time. Sometimes I hear it and sometimes I don't. This one comes to us from bleeping computer. Any desk says hackers breached its production servers and reset passwords. And I'm scanning through this article, I'm scrolling and I'm looking for, like, the apology or like, the weirdly phrased apology. Like, we regret that this happened. Anyway, I didn't really see any of that, I don't think. But I did see the situation is under control. We know that it wasn't that big. [00:45:40] Speaker C: Of a problem, but one in the playbook. Right? [00:45:42] Speaker A: Exactly right. So is this just damage control? Is it really not that big of a deal? Or is what they're saying, oh, it's not that big of a deal. Is that just damage control? [00:45:49] Speaker B: It's a big deal, yeah. So any desk got breached? If you're not familiar with any desk, what they do is they provide remote desktop access for enterprise organizations. So it's not something an end user would sign up for. Like, I just want to access my computer at home, like, go to my pc or something like that. It's designed for enterprises where you have a help desk and you want the help desk to be able to remotely view the computer screen of the employees so that just randomly, I don't seem, like, creepy. [00:46:15] Speaker C: That happens, right? [00:46:17] Speaker B: We have seen that it does happen. But you get a call from an end user and they're like, hey, I'm trying to do this in word, and it's not working. The help desk person can say, hey, all right, hang on, I'm going to bring up your screen. And they bring up the screen, like, walk me through it. And you kind of walk through and see what's happening. It makes tech support way easier. [00:46:34] Speaker C: I don't know how you would do it without that kind of thing. I've had to. VNC didn't work or any desk didn't work for whatever reason. And you're like, okay, so here's what you need to do. It looks like this. Click that, tell me what you see, and then have to paint you a mental picture. It's not fun. So these things are really nice to have. [00:46:54] Speaker B: So in this case, it was a full breach. The attackers were able to gain access to the network. They were able to reset passwords on accounts and gain administrative access, and they were able to export digital signing keys, the private keys used to sign the. Anydesk software. Anydesk software, actually, any screen sharing software has two parts, right? There's the software mechanism that drives it, the user interface, and all of that. But then there's usually a hardware driver piece behind it because it'll create a fake monitor. It's mirroring your desktop to a fake monitor, and that's how it transmits, that's how almost all of them work. And the digital signing key, it can be the same for both. It looks like it was the same for both. In this case, doesn't matter even if it was two, because the hackers would have been able to get access to both of them. But they got access to the keys, which means that the attackers, one, can reset passwords on accounts to gain access to them, and two, they could create malicious versions of the any desk client and push it out digitally signed. Your system would automatically trust it. [00:47:53] Speaker C: That sounds like a supply chain attack, Don. [00:47:55] Speaker B: It is. Straight up. [00:47:56] Speaker C: Dang it, not again. [00:47:58] Speaker B: Every time, rinse and repeat, any desk came out and said, hey, we found this happened allegedly. They found it on their own. It wasn't reported from a customer, so that's a good sign because that means customers weren't seeing unauthorized access. They immediately took the system offline. They had it offline for about four days, and in that time, they fixed whatever the attack vector was. They haven't told us the attack vector yet, but they also are in the process of cycling out their signing keys. As far as I'm aware, as of the filming of this episode, they actually haven't revoked the prior key yet. They said they're going to, but they're pushing out software with the new signed key, and it's a different key, and so they're giving customers a chance to update first before they revoke it. So by the time you listen to this podcast, it might already be revoked. We'll have to see. But they're also resetting the password for everybody's account, so you have to go through that. And then they're telling people, hey, it's fine. Any desk is totally safe to use. You can keep using it. Everything's good. Don't worry about it. In their statement they said, I got to find an actual, they just have outlook. [00:49:08] Speaker C: We got breach template that all these companies are sharing with each other. [00:49:13] Speaker B: So one thing they said, and this is really suspect is they said, and this is a direct quote, any desk is designed in a way which session authentication tokens cannot be stolen. [00:49:27] Speaker C: Right. Because they're stored on the end user's computer and not on a server anywhere. [00:49:32] Speaker B: And that totally makes sense. Right? So the attackers can't steal a token. Right, fine. But they can generate new ones. [00:49:39] Speaker C: Yes. [00:49:40] Speaker B: Right. If I reset Daniel's password and I log in as Daniel, it's just going to generate a new token. [00:49:46] Speaker C: That's true. Right. [00:49:46] Speaker B: So yeah, I can't steal his existing token, but I can sure as hell generate a new one and connect up. Right. So that's where you have to be really careful when you read these things. They're not lying. They're telling the truth in a very specific parts out. What is that called? [00:50:03] Speaker A: Lying by omission. [00:50:04] Speaker C: By omission. If you're leaving parts out, you're lying by omission. [00:50:08] Speaker B: Yeah. [00:50:08] Speaker C: That's effective for the purposes of misleading you. That's what you got. And that's exactly what it seems like they're doing there, Don, where it's like, let me craft a narrative that doesn't make us look bad, that gives you truth pieces, and then I'll let you draw your own conclusions about what that means based off of the verbiage that I use and all that, and I'll frame this in a way that makes everything seem okay. And honestly, if this were maybe two years ago, I'd have been like, oh, yeah, cool, man. But we've seen this happen so many times now. That's why we're making jokes about this being step one in this playbook, because we know next week or the week after or whatever, they're going to be like, so here's the thing. You know how we told you like that? Well, here's the problem. But good news, they always got to end it with good news, right? But good news is that this is an easy fix. You apply this or you do that or whatever steps they give you, and everything's fine. You don't have to worry about data breaches. Nothing, no customer data actually got compromised, and then a couple of weeks later they go, here's the thing. [00:51:15] Speaker B: Yeah. [00:51:17] Speaker C: So it's basically Armageddon for us. There's blood out as high as a horse's mane. In the streets. That's what it says in the book of revelation. [00:51:27] Speaker A: Okay, I must have missed that one. [00:51:29] Speaker C: Armageddon. Yeah. [00:51:30] Speaker B: Okay, so if you use any desk and you're wondering, have I been updated? Do I have the new certificate or whatever? They actually did something interesting here, which I appreciate. The previous version of the software was signed with a certificate that was issued from Philandro Software GmbH. They're a german company. GmbH is like their core type name. So Philandro Software and their new one is signed by Anydesk Software. Now, I've seen this a lot where companies start out under one name. If you go way back in time. ItproTV originally was called Edutainment Live, and our original certificate was issued by edutainment Live. And then the website was itprotv. Well, I get frustrated as a customer. I actually do look at the signatures on Software that I download, and when I see something, I'm downloading any desk. Philandro software. Who the hell is that? Now I got to go and google it and figure out who this is. Okay. That's just the company that develops this. That was their old name. They rebranded whatever, because they did something. [00:52:31] Speaker C: Horrible or they went out of business. [00:52:34] Speaker B: Or maybe it was on the up. They just rebranded and never updated the certificates. But as an end user, it's hard enough already to train people to look at the certificates. But when the names are completely out of left field like that, you make it super difficult. It is. And so I do think if you are a software developer out there and you publish signed software, please use a name on the signature. That makes sense. [00:52:58] Speaker C: A contemporary naming system that lines up in some way where I can go, yeah, that's them. And not, who the heck is this german company? What are they doing here? [00:53:09] Speaker A: Now, maybe I missed it in this article, but I could not find anything that said, I know it says when they learned of the attack, and it says it was a recent cyberattack, but there's no information as of yet, or at least it's not shared here of actually when this breach occurred. I don't think this is not the. [00:53:24] Speaker C: Breach you were looking for. [00:53:26] Speaker A: Move along now. [00:53:27] Speaker B: So they have not released that. Right. So we don't really know. But there's some hypotheses we can do, because they did go offline for four days. Okay, so that is likely when they detected the issue. And I think that started December 27. Do either of you know? [00:53:44] Speaker C: I do not. [00:53:45] Speaker B: I feel like it was December 27. I could be wrong on that. But they went offline for four day. Oh, I am wrong. Suffered a four day outage starting on January 29. [00:53:54] Speaker C: There we go. [00:53:55] Speaker B: So, January 29, which is just a few days ago, they went offline for four days. So that's likely when they detected the breach, right? [00:54:02] Speaker C: Contained. [00:54:03] Speaker A: We don't know. [00:54:04] Speaker B: They could have been in there for years for all we know. [00:54:06] Speaker C: Right? We should do a pool, right? We should come up with a grid and like. All right, I want phishing link. VPN access. Six months ago. [00:54:23] Speaker B: Yeah. Phishing to VPN access is like, that's the winning chip. If you don't do multi factor authentication for your VPN access, you really need to. That's something that you can't skip out on. [00:54:38] Speaker C: But, don, that sounds like a lot of work. [00:54:40] Speaker B: It is. We had to replace a firewall because it didn't support really? It supported MFA, but not MFA against a system that we already used. And so that's why we hit the dumpster then. So we had the Cisco ASa that was in place, or. No, it wasn't ASA. It was a PF sense. And it wouldn't do MFA against our azure ad or authentication against our azure ad. And so we had to switch it to a Palo Alto firewall that would. And so you may have to replace hardware to get exactly what you want, but you need it. And cybersecurity insurance almost always requires this today. So. [00:55:18] Speaker C: Good. [00:55:18] Speaker B: If your company has a cyber insurance policy and you're not doing MFA on VPN connections, they will not pay out on the policy. So you might be paying for insurance. [00:55:28] Speaker C: What's telling me is, if I'm negligent in my cybersecurity, then my cybersecurity insurance is going to be like, well, you didn't do the bare minimum that we require, and therefore, no, if you disable. [00:55:42] Speaker B: The airbags in your car and don't wear your seatbelt and get in the car accident, they're not going to pay. [00:55:49] Speaker C: Off from your sticking insurance company. Right. [00:55:51] Speaker B: And that's how cybersecurity is. [00:55:52] Speaker C: Unless you're in fault state. Right, then. [00:55:55] Speaker B: Glorious Florida. Yeah. [00:55:56] Speaker A: I want to do, like, a compilation of all the fun facts that come up that are relevant, but maybe not directly, like, the thing about the insurance and everything. Not the car thing, but before. Yeah. If I disable my airbags and don't wear my seatbelt, okay, I get in an accident, I can't really. I don't have a leg to stand on, probably literally. But anyway, we could take all the fun facts we learn and do a compilation. The more you know, with Don Pezette. Yeah, we'll have to see if that's something we can do in the future, but, yeah, hopefully this doesn't reappear in a bad way. I guess, hopefully, if it does come up again, it's a positive development guarantee. We hear more about great, awesome, awesome. I love that positive demeanor over there on the other end of the desk. Well, I did mention earlier that I had fear stricken into my heart before the show, and you're about to find out why. This is an old favorite segment. We haven't had one of these in a while. Tinfoil hat. [00:56:47] Speaker B: The moon landing was fake. [00:56:48] Speaker A: Paul McCartney's been dead since 1966. [00:56:51] Speaker C: Dogs can't see color. [00:56:52] Speaker B: 5G causes syphilis. Do you understand that? [00:56:56] Speaker A: They even put an Alex Jones at the end. I don't think I recognized. I don't think I realized that was him. This one comes to us from Tom's hardware. Taping over your webcam might not be enough to stop hackers from spying on you. They can now use a device's ambient light sensor. And when I first read this, I was like, what do you mean? If I'm covering my webcam, even if they can see that there's movement, it's not like they can really see what it is. And I'm looking at the pictures, they've got the visuals of, like, they hold a hand up and you can tell that it's a hand. I'm like, oh, that is kind of creepy. So it freaked me out a little. Is this a genuine concern? Is this something that I should be a little bit worried about? [00:57:30] Speaker B: So, a lot of times I see things like this where they say hackers can analyze the sound of your keyboard to know what you're typing. And it's a BS attack that's way too hard for anybody to carry out. [00:57:40] Speaker C: It's just highly improbable that it will be carried out. [00:57:43] Speaker B: It would take Tom Cruise and mission impossible to be real to pull that type of thing off. Or the hard drive light can exfiltrate data out of a data center. Yeah, it's possible, but it's just so unlikely. You'd be better getting prepared for a meteor to hit you than for somebody to take advantage of that. But in this case, there's actually some real merit to this, and there's a few reasons why. So, first off, a lot of laptops these days, I'm on an iPad right now. So it doesn't have this, but have a Shutter switch. Oh, so for yours does, where if you don't want to use your webcam. If you're not using your webcam right now, you flip a little switch and it covers the lens. And now it doesn't matter if a hacker gets in or not. I mean, it doesn't matter, but if they pull up the camera, they just see black. That's it. Right. But a lot of devices have an ambient light sensor that's not covered by that shutter. That ambient light sensor is still exposed because it controls the screen brightness on your system. Right. If the room gets dark, the monitor's brightness goes down. If the room gets bright, the monitor's brightness gets brighter. That's an ambient light sensor. Almost every device has these, and they're considered a low security device. In other words, you don't have to have administrative privileges to access them because what are you going to do? It's just the brightness of the area. [00:58:57] Speaker C: Should the screen be bright or not? Yeah, that's what it does, basically, is dim the screen to an appropriate level. [00:59:03] Speaker B: And it can be used for other things, too, like sensing when it's nighttime and removing certain colors from the screen and so on. But some creative security researchers said, well, wait a minute, it's looking at light. It's got a light sensor in it. And much like a camera, the light sensor can reproduce a picture. Now, it's really, really low fidelity, right? It's not like no detail, not a 60 megapixel camera or anything like that. So not a lot of detail, but they showed where you could hold a hand up in front of your monitor and do various gestures. And while monitoring the ambient light sensor, they're able to show to recreate what those gestures were. And I was thinking about what the attack vector is here. And I really thought about cell phones. On cell phones, if you've got a pin number to unlock your phone and they've got access to the ambient light sensor, they could, through the motion of your fingers, figure out what the pin number was to unlock the device. Now, this is where Apple can say, oh, we're safe. No touch screens on our laptops. Right. But iPad, iPhone, they certainly do. So this one, I wouldn't discard this one as conspiracy nut stuff like some of the other ones. There's some real meat to this. [01:00:14] Speaker C: It'll be interesting to see. Obviously, it's in its very initial stages on what they are able to do with this. I guarantee, given time and effort, they're going to increase the fidelity, I think is what you used of the picture and give it some interesting things. Can be done with these weird attacks. I think of. There's one that the government uses that the radiation of your monitor. I always forget, I always want to call it sonet, but I know it's not Sonet. It's like that though, man. It's escaping me. I hate that. I hate that I got Sonet stuck in the brain. But it allows you to recreate the screen, what was on the screen from a distance based off of the radiation emanating from the device itself. [01:01:08] Speaker A: I'm furiously googling put in keywords Tempest. [01:01:12] Speaker C: It's called tempest. [01:01:13] Speaker B: Tempest. Tempest. Yeah. [01:01:18] Speaker C: There'S a little more gaslight, and. [01:01:20] Speaker B: There'S more than one type of tempest attack. Like, they can intercept the radiation coming off of a cable, right. And recreate the data that's going over it. And there was an optical one too. That was a fiber based attack, which really surprised me. Yeah, there's a handful of crazy stuff. [01:01:33] Speaker C: That they can do. I just kind of falls in line with that stuff. [01:01:36] Speaker B: When you have a limitless budget and. [01:01:39] Speaker C: Someone who says, just build stuff, get it, whatever it takes, get it, get the people you need, and here's anything you need, just let me know and I'll get it for you. And, yeah, then they can build things that do these kind of things. That's why when you asked me was I scared when I saw it, I'm like, nah, I've seen this kind of stuff before with horses. [01:01:59] Speaker B: So the joke here is, if you've got a cover for your webcam now, you might need to get a second cover for your ambient light sensor. Now, two problems with that, right? One, if you cover your ambient light sensor, the odds are the brightness on your screen is going to go down. So now you have to manually control your brightness. Two, most of the time, I don't know where the ambient light sensor is. On an iPad or iPhone, you know where it is? It's right by the camera. Mine's right there, but on your MacBook. I'm looking over at Sophie's laptop, and I know it has an ambient light sensor. I don't know where it is. And so you'd have to put your thumb over various places until you figure out where it was. [01:02:38] Speaker A: Would that be publicly available information? Like, if I tried to look it up, do you think that could. [01:02:41] Speaker B: Yeah, if you pulled the text, totally look that up. There's three holes in the top of your laptop up here. One or two of them are certainly microphones, but maybe one of those is the ambient light sensor. You could place your thumb over each one until you see the screen go dim and find it. [01:02:54] Speaker A: Yeah, I see. I wonder. [01:02:56] Speaker B: And then once you've figured that out, then you could cover it up. But it does still require the attacker to install software on your system. But it doesn't have to be as aggressive. It doesn't need administrative privileges because the ambient light sensor is not normally protected. [01:03:10] Speaker A: I don't know, I could probably sit and try to cover stuff up all day. So far I'm not seeing anything. But yeah, maybe I'll google it, see if I can. [01:03:17] Speaker B: It happens to me by accident. Anytime I turn my phone sideways, I'll end up putting my thumb, just by accident over the camera and the sensor. And then as I'm watching a video or whatever, it'll start to get dim. I'm like, oh, shoot, I'm covering. [01:03:29] Speaker C: I hate when I take my laptop outside or something, or maybe even my phone. It's like, oh, it's bright. Dim the screen. [01:03:34] Speaker A: I'm like, no, the opposite of what. [01:03:36] Speaker C: I cannot see, the sticky thing. [01:03:37] Speaker A: Now, a lot of people, it kind of confused me when I started looking at the comments, which is the danger of looking at the comments, but lot of people that were like, well, just don't buy a monitor with a webcam. Unplug your webcam. Cover your webcam. That's not the issue, right? Because even if you are using a separate webcam that's not built into your computer and you don't have one, it's still going to have an ambient light sensor, and that's what they're using, right. They don't need a webcam to do this. [01:04:00] Speaker B: And you might have more than one ambient light sensor. If I stick an external webcam on my laptop, then I likely have two now at this point, one for the webcam and one for the laptop, because it's got its own stuff field. [01:04:10] Speaker C: So I think that the real moral of the story here is where there's a will, there's a way, right? If you make security around the webcam, okay, well, that's cut off for me. What else do I got, right? And people get creative, they get real ingenious when it comes to figuring out stuff. And that's why, again, going back to the moral of the story of there being a will, there needs to be a will that says, everything I build has security. Everything I build has a security first philosophy, right? An ideology that no matter what it is, I could use this in some way. Let's get creative and start trying to figure that stuff out. How could this be used? Why would this be used that way? What are its capabilities? That's what hackers do. You've got black hats, you've got white hats, you got people in the middle that sit with their gray. But ultimately, every one of those people for different purposes are trying to figure out, okay, this is what this does. What can I make it do, and how can I leverage that to my own purposes if we're not doing that? And that goes back to our router talk and everything else that we've talked about throughout the years of Technato. If we do not start taking a security first mindset, this is going to continue to be a problem and new and weird and creative ways of getting to your data. Do you know that personal information, data is more valuable than oil or gold? Yes. It is the number one valued product in the world because it costs next. [01:05:46] Speaker B: To nothing to mine, I guess. [01:05:49] Speaker C: But, man, they sure want it. Yeah, right. It is as number one. So I would start making it more valuable by putting some hedges around it. If you had a pile of gold, you wouldn't just go stick it in your backyard and go, no, nobody wants. Yeah, right. They absolutely want know. [01:06:05] Speaker B: I didn't pick the article, but Mozilla released a new know. Mozilla is trying to find a way to make money because they think Google money is about to dry up. And so they're releasing a new service where you basically give them your PiI, and then they scour the web, and anywhere they find it, they do the takedown notices for you to try and clean. You basically sanitize your Internet presence and reduce everywhere you have data stored. There's another service called optory that does the same thing. It's been around a while, so Mozilla is trying to compete with that. They charge something ridiculous, like $9 a month, and I don't think the average person would do that. But it just shows, though, there is value to that data that's out there that you've given to Facebook and Twitter and other places. And now there's a whole business model around getting that data back out again. And it's hard to put the genie back in the bottle. Is that the. And that, that's where we're. [01:06:58] Speaker A: It's. I didn't realize this, but somebody said, I guess the last two generations of thinkpads, ambient light sensors are rare, so maybe I don't have one. I'm trying to find specifically for this model and stuff, and I'm finding nothing. People are asking, oh, I like my thinkpad. How do I add an ambient light sensor? Because I want the auto dimming, so I might not have one, which would really just sway my fears. That would be great. But I still use an iPhone. [01:07:24] Speaker B: And your phone definitely has one. [01:07:26] Speaker A: Yeah, exactly. So we're all doomed. [01:07:30] Speaker C: Nothing like getting black pilled at the tech data. [01:07:33] Speaker A: But I'll have to look into that a little bit more later. But I know that reading this, it definitely was a little. It was kind of freaky at first, but one of the things that I thought of was, like you said, if there were, there's a will, there's a way. It would be so lovely if there was a way to repurpose this information and how hard these people are working to supposedly use this into something good as opposed to spying on people. There's so much potential there. I feel like a first grade teacher. You have so much potential. If you could just use it for good instead of evil. [01:08:04] Speaker B: But just wait, Sophie, another ten years. Give the world a chance to beat you down. [01:08:09] Speaker C: You'll be cynical. Both Don and I, you guys have. [01:08:14] Speaker A: Definitely given me a head start, so thank you for that. But, yeah, definitely a lot of good news this week. And like you said, there were even some things that, like the Mazola thing that were happening, know it's impossible to cover everything. So if there's something that happened this week that you guys are curious about, want us to COVID leave a comment. Let us know if you are watching on YouTube. If not, hop over to the channel and leave that comment. And if you haven't already, if you enjoyed this episode, maybe leave a like and let us know. Hey, I've had a lot of fun sitting here chatting with you guys. And thanks again, of course, to our sponsor, AcI learning. If you don't know, that's actually our day job. We make those videos during the day, those courses, to help you learn, and it is super fun. You can see he's got the. [01:08:49] Speaker C: We're sporting. [01:08:51] Speaker A: Yeah, I'm not branded, so I don't have the shirt with me. But right there. Look at that right there. So our sponsor, Aci learning, are the folks behind it pro. If you are listening from the Technato website, you can look for that sponsored by button. Click on that and that'll take you to the IT pro website where you can use that code, Technato 30, that I mentioned earlier to get a discount on a membership. If you want to see more of us doing that stuff in our day jobs, I think that's pretty much going to do it for me. We'll be back, of course, next week with more techno. Anything I'm forgetting? Anything I'm missing that we need to go over? [01:09:23] Speaker C: Pork chop sandwiches with applesauce. [01:09:25] Speaker B: Get the heck out. Awesome. [01:09:28] Speaker A: All right, that's probably another reference that I missed, so I'll google that when we shut down here. But thanks so much for joining us for this episode of Tech NATO, and we'll see you next week. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.
Previous Episode
Next Episode

Other Episodes

Episode

November 28, 2017 01:18:09
Episode Cover

ITProTV Podcast 21: Recapping BSides Delaware Part 2

Wrapping up our coverage from the BSides Delaware Security conference, Don and Peter take a look at interviews from some of the conference speakers....

Listen

Episode

September 10, 2019 00:54:07
Episode Cover

The Technado, Episode 116: Don & Peter’s Tech News

Things are almost back to normal at the ITProTV studios. With the new video equipment up and running, Peter and Don discuss the week’s...

Listen

Episode

June 16, 2022 00:48:22
Episode Cover

Technado, Ep. 260: New Hardware Roundup

It was a busy week in hardware news, as the Technado team looked at Microsoft's move to ditch HDD boot drives, a new Quantum...

Listen