Synopsis
Jon and Eric have worked in the security space as developers, architects and leaders for more years than they care to count. At some point Jon said, "we should do a podcast", and here we are. From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job. From beekeeping adventures to hiking mountains to shows on Netflix, there's always something fun to wrap up the show.
Episodes
-
252: Splitting Nachos
08/10/2022 Duration: 48minEric has a new driver and hutch-free-garage, and Jon has AAPL frustrations. Both Google and Facebook ahem Meta release AI driven text-to-video examples this week. The EU votes for USB-C, wifi cameras are easy to jam, Microsoft copes with two new Exchange zero days, and Mandiant finds novel malware VIB files loaded into ESX servers. For fun we have the longest running webcam on the internet (SFO Fog Cam) and the Steam game Slipways. 0:00 - Intro 19:25 - Imagen Video 22:25 - EU Votes for USB-C 25:37 - Jam the WiFi 28:39 - Exchange Zero Days 32:22 - Bad VIB(e)s 39:16 - Fog Cam 42:54 - Slipways
-
251: Not with a Whimper, but a Bang
01/10/2022 Duration: 43minEric rambles about photography, teaching his boy to drive, furniture items nobody wants, endangered flowers and sleeping with the watch. Jon has a boring, beeless, bachelor weekend. Deep Fakes with Real People, Python bugs from 2007 and License Plate tracking for Fun and Profit. Eric eyes a new island while Jon denotes the DART damage. Finally, read up on the Tripitaka Koreana. Magnificent. 0:00 - Intro 12:47 - Deep fakes with Real People 22:05 - Trellix (re)finds bugs from 2007 27:34 - Tracking License Plates 33:21 - New Island 35:45 - DART 37:28 - Tripitaka Koreana
-
250: Speed Pillows
24/09/2022 Duration: 46minEric battles CO2 and gets his Speed Pillows installed, and Jon's fridge is still broke. Beware remote controlled insulin pumps, and congrats (?) to the Solarium Commission; a story of industrial sabotage, and a critical Oracle Cloud vulnerability. For fun we have the makeup and history of a QR code, and can we use AI to understand whales? 0:00 - Intro 17:04 - Insulin Pumps Vulnerable 18:32 - Solarium Commission 23:48 - Industrial Espionage 30:25 - Oracle Cloud #AttachMe 36:03 - Makeup of a QR Code 39:10 - How to Speak Whale
-
249: Texts and Cat GIFs
17/09/2022 Duration: 41minEric is haunted by spiders and Jon is on a hunt for jeans. US Congress hears from Mudge, Apple introduces Lockdown Mode, the US Government sanctions people and entities for their roles in conducting cyber attacks, and Glassdoor has a Cache Poisoning. Eric follows up with how spiders fly, Jon finshes with a Cosmic Tarantula and the Phases of Water. 0:00 - Intro 11:58 - Twitter Whistleblower 15:45 - Lockdown Mode 22:40 - Sanctions 26:20 - Cache Poisoning 32:05 - Electric Flight of Spiders 35:35 - Cosmic Tarantula 37:26 - The Phases of Water
-
248: Thumbtack And String Covered Corkboard
10/09/2022 Duration: 42minEric's back in the kitchen and the kids are back in school. Apple holds an event to #takeJonsMoney, and USB4 naming can get more complicated -- who knew? The IRS lets taxpayer data sit in the open for a year, and Facebook tweaked its URLs so the tracking parameters can't be removed by browsers. A 14 year old boy cracked the Australian Signals Directorate challenge coin in an hour, and rest in peace Peter Eckersley. Far too young. 0:00 - Intro 15:10 - Apple Event 21:47 - USB4 Version 2.0 SuperSpeed Gen 42 27:28 - IRS Data Exposure 31:01 - Facebook URL Scheme 36:39 - ASD Challenge Coin 39:25 - Thank You For Let's Encrypt
-
247: Punch Us In The Face
02/09/2022 Duration: 46minEric walks his week backward from hiking Mt. St. Helens to becoming a Twitch celebrity. Jon gets a Dream Machine. Krebs follows up on Ubiquiti, Eric tweets #TwitterWhistleblower and notes that Plex is Too Good. Jon eyes an 0ktapus and then the whole show goes hilariously awry. Eric goes nuclear. Jon finds soft body physics and admires CO². 0:00 - Intro 4:18 - Eric on Twitch 10:21 - Ubiquiti followup 12:01 - #TwitterWhistleblower 15:15 - Plex Password Reset 20:00 - Phishing, Continued 27:53 - When the Show Goes Awry 36:07 - Modular Nuclear Reactor 42:06 - Soft Body Physics 43:23 - J Webb finds CO²
-
246: Honey Hand Sanitizer
26/08/2022 Duration: 42minEric cooks and desperately waits for a kitchen, and Jon harvests his honey for the year and goes camping. Go look at the JWST images of Jupiter! Amazon releases cybersecurity education videos, Apple releases patches for serious vulnerabilities across all its platforms, a long standing heap reuse bug to get priv escalation in Linux, and Cellebrite has years of emails exposed in a legal filing. For fun join Rocket League Old Farts or play Call to Adventure. 0:00 - Intro 17:29 - JWST Jupiter Images 19:07 - Protect, Connect 21:38 - Apple Security Bug 24:22 - DirtyCred 27:44 - Cellebrite Legal Doxing 33:49 - Rocket League Old Farts 37:48 - Call to Adventure
-
245: Reminiscent of Meat
20/08/2022 Duration: 38minEric crosses a bridge and Jon's bees escape. Twilio and Cloudflare disclose on phishing attempts while Deere, well, its not a good look. Eric tempts Jon with Fake Bacon and Jon talks about GPS Jamming which is neither GPS nor Jamming. 0:00 - Intro 6:37 - St. John's Bridge 14:38 - Phishing Targets 19:22 - Deere in the Headlights 26:00 - Fake Bacon 32:08 - GPS Jam
-
244: Dead Spider Claw Machines
12/08/2022 Duration: 39minEric paints and Jon does #nothingMuch. Riot profits more from *not* mining BitCoin (thanks #texas!), Microsoft releases 121 fixes for patch Tuesday, and a way to read uninitialized memory from CPU cache. For fun we have the Ig Nobel Prizes, and (thanks #science) how to use dead spider bodies as claw machines. 0:00 - Intro 11:57 - Riot Power Credits 13:47 - Hacking Fuel Pumps 19:43 - Patch Tuesday 23:07 - Æpic Leak 29:55 - Ig Nobel Prize 35:06 - Dead Spiders
-
243: Game Of Thrones In Space
05/08/2022 Duration: 45minEric and Jon are both back from vacation; Jon still recovering from Covid. Apple shows how Passkeys will be used outside the Apple ecosystem, a dating site for the unvaxxed has its data exposed, some practical suggestions to assist in the fight against ransomware, and some interesting malware stats and search tips from VirusTotal. For fun we have the series Red Rising by Pierce Brown, and Jon gets his DALL-E invite. 0:00 - Intro 12:30 - Practical Passkeys 15:48 - Unjected Exposed 20:15 - Ransomware Suggestions 25:28 - VirusTotal Dorking 33:31 - Red Rising 36:26 - Jon DALL-E 40:58 - Eric DALL-E
-
242: Mostly Fun, Vol. 1
29/07/2022 Duration: 29minJon and Eric were unable to connect this week - so Eric takes a look back at a few of the "Something Fun" topics over the last several years. Enjoy! 0:00 - Intro 0:32 - Episode 8 1:11 - First Amazon Purchases 4:51 - Jon's Beekeeping Journey Begins 6:30 - Episode 42 6:51 - 42 9:23 - Episode 96 9:53 - Hacking Passwords 13:48 - Crazy Sauce 18:42 - Episode 156 19:27 - Star Wars Scroll Creator 22:20 - Arecibo Collapse 25:18 - Chapel of the Ancients 28:15 - Human Nature 28:59 - Outro
-
241: Kafkaesque
23/07/2022 Duration: 28minJon is in Germany touring cathedrals and Eric is unable to spend money. Cybersecurity apprenticeship programs, Rust-based ransomware and yet another breach. Eric finds hacking fly brains interesting and Jon admires Reims Cathedral. 0:00 - Intro 8:27 - No Sale for NSO Group 9:15 - Cybersecurity Apprenticeships 12:42 - Rust Ransomware 16:09 - Debt Collection Ransomware 20:25 - Hacking Fly Brains 23:28 - Reims Cathedral
-
240: Mystery Pipes
15/07/2022 Duration: 43minEric enjoying summer and Jon stressed out. Honda key fobs vulnerable to replay attacks, if you mine bitcoin in texas you're cut off, and how to sell a billion dollars in fake Cisco hardware. And (drumroll....) the first images from the James Webb Space Telescope are in, and they're stunning. Enjoy! 0:00 - Intro 21:37 - Rolling-PWN 27:51 - Bitcoin Shutdown in Texas 32:48 - Fake Cisco Hardware 38:49 - First Images from JWST!
-
239: Humans are Expensive
09/07/2022 Duration: 42minEric has a rollercoaster week, Jon counts his bees. Instagram is a ghost, North Korea adds targets to ransomware attacks, and Lawyers hire hackers to get information for litigation. Eric share Absurd Trolley Problems and Jon asserts Code is Just. 0:00 - Intro 14:54 - Boo, Instagram 24:38 - NK Ransomware Attacks 28:56 - Hacking for Lawyers 33:54 - Absurd Trolley Problems 36:21 - Code is Just
-
238: Washing Dishes In The Bathtub
01/07/2022 Duration: 40minEric feeling better and reading more, Jon fighting squirrels and bees. Are mass resignations incoming? How about some job applicants using Deepfakes then. The price of bitcoin may be hurting North Korea, and if you own the webview you can extract critical data. For fun we have a media hat trick: a podcast (The Joy of Why), a video (Japanese nail-less (de-)construction), and a book (Kaiju Preservation Society). 0:00 - Intro 14:58 - Resignations Incoming? 19:47 - Deepfake Job Applicants 23:17 - Bitcoin Crash Hurts North Korea 26:42 - WebView2 Apps 32:21 - The Joy of Wh(y) 34:44 - Look Ma, No Nails 36:01 - Kaiju Preservation Society
-
237: Stop Whacking the Mole
24/06/2022 Duration: 38minJon got surprised by last minute concert tickets and has moar internet. Eric gets ill and reads a lot. A US defense contractor wants NSO group tool and some Modified Elephant followup. FBI chases a LinkedIn cryptocurrency scam, scammers chase unpatched Confluence servers, and the US DOJ catches a Russian botnet. Eric appreciates Lava Lamp Encryption and Jon follows up again on CRISPR. 0:00 - Intro 13:35 - NSO technology takeover 15:20 - Elephants planting evidence 18:44 - LinkedIn cryptocurrency scam 24:44 - Confluence bug exploit 27:32 - RSocks proxy seized 30:32 - Lava lamp encryption 34:50 - 100% effective so far!
-
236: Dripping Blue
18/06/2022 Duration: 43minEric builds bee boxes and Jon's bees aren't doing so well. Oh, and bees "can be included under the law's definition of 'fish'." Three named vulnerabilities this week: PACMAN, SynLapse, and Hertzbleed. Although two of them shouldn't be much of a concern for most of the #realWorld. For fun we have a frustrating game, a beaver internet outage in Canada, and a faceID patent to detect the veins in your face. 0:00 - Intro 10:56 - Bees Are Fish? 13:52 - PACMAN 18:14 - SynLapse 27:00 - Hertzbleed 34:05 - QWOP 37:43 - Leave it to Beaver 40:29 - Face (veins) ID
-
235: A Leaky Bike Bucket
11/06/2022 Duration: 46minEric has no kitchen, Jon misses the symphony and almost catches a swarm. More "Death to Passwords" talk from Apple, an S3 Bucket exposed, and CISA warns about the top PRC exploits. Eric dives into a new book series and Jon watches more YouTube. 0:00 - Intro 16:00 - Apple Passkey 29:46 - Mobike Bucket 33:52 - CISA Alerts 38:49 - Cradle Series by Will Wight 43:39 - Out of the Woods YouTube
-
234: Mutant Tree Ent Overlords
04/06/2022 Duration: 47minJon fails at grafting and a Weekend at Eric's. Come for the Bad Guys, stay for the animation. Future cyber predictions, WSL malware, and the Polonium actor group. For fun we have lab grown wood products and the new AI artist in town. 0:00 - Intro 9:15 - The Bad Guys 15:54 - Cybersecurity in the Future 25:09 - WSL Malware Increasing 30:09 - Exposing Polonium Activity 35:54 - Lab Grown Wood 40:51 - AI Can't Spell
-
233: A Pleasant Trip To The DMV
28/05/2022 Duration: 41minJon talks bees, Eric has a boring weekend. Good news for "Good Faith" hackers. How to steal open source libraries "for science" and the Verizon Data Breach Investigations Report. Eric ponders stolen NFTs and Jon considers Viking Ships. 0:00 - Intro 13:08 - Good Faith Hackers 16:41 - Library Theft 19:13 - Sock Puppets 25:55 - Verizon Report 31:36 - Stolen NFTs 36:43 - Viking Ship