October 17, 2025 • 26 mins
Skynet-1A: Military Spacecraft Launched 56 Years Ago Has Been Moved By Persons Unknown
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Hey, guys, have you ever noticed how many towns are
named after their water towers?
Speaker 2 (00:05):
No?
Speaker 3 (00:06):
Quite popular. I don't think so water is important.
Speaker 1 (00:10):
Yeah, you know, you come to a town Mystic Connecticut.
Speaker 3 (00:14):
It's right there on the tower and it.
Speaker 1 (00:15):
Says Mystic Connecticut on the water tower.
Speaker 2 (00:17):
What like?
Speaker 1 (00:17):
What? All right, we got eight stories to get through.
Let's get started. Hackers exploit off bypass in serber finder
WordPress theme our old friend WordPress.
Speaker 3 (00:36):
Not WordPress not a theme. I'm always surprised where there
are themes. Like to me, themes are how the how
the site looks and images? Yeah, not like Oh and
by the way, it has all sorts of weird functionality
because I.
Speaker 2 (00:51):
Think they theme around the administrative stuff and they've they've
opened it up.
Speaker 1 (00:55):
Must there must be JavaScript involved.
Speaker 3 (00:56):
So that they can actually yeah so yeah, into entirely true.
So in this particular case, there was an improper validation
for the original Underscore user underscore ID cookie and the
service underscore finder Underscore switchback function which allowed the users
to bypass authentication. And what's dangerous there is because it's
a theme, it is access to the filesystem and the
(01:18):
ability to upload files and that sort of stuff, including
PHP files. So we're talking total control of the system,
so Nobuena world domination. According to word Fence, there are
thirteen thousand, eight hundred exploit attempts since August first. That's
exploit attempts. So we're starting to see this grow quite
(01:40):
a bit, you know. And it's listen, it's the same thing.
Anytime there's a WordPress exploit out there and somebody writes
a POC for it, script, kiddies go, they'll run it
against every word Press site they can find on the internet.
So yeah, so this one's simple.
Speaker 1 (01:55):
Go patch, yeah, or just don't use word Press the internet,
pay attention.
Speaker 3 (02:01):
Cease fire.
Speaker 1 (02:02):
Oh I'm getting an email from Wordpress's lawyers right now.
Speaker 3 (02:08):
Your two users have complainedst I'm sorry.
Speaker 1 (02:12):
Use WordPress. It's awesome. Go go and install as many
themes as you possibly can.
Speaker 3 (02:17):
I joke about our two users, but we did have
three users live last week.
Speaker 1 (02:21):
That was really fun.
Speaker 3 (02:24):
That was awesome.
Speaker 1 (02:25):
Those three users got to sit around and pick you
guys's brain for an hour after we stopped recording. Tell
me they didn't get a good deal and.
Speaker 3 (02:34):
Got lock picks out of the deal. Yeah, yeah, security
the Greek lock picks. So yeah, we're glad you came
to see us.
Speaker 1 (02:39):
So we want everybody to attend next time. Yes, all right,
next one, Azure outage blocks access to Microsoft three sixty
five services and admin portals. This is from October ninth.
Speaker 2 (02:53):
So d Dos is in two of our stories today.
So it's de Doss's coming.
Speaker 3 (02:57):
Back, I think so. Well. I guess it depends, right.
Lots of times there are either criminal syndicates or botnets
or whatever who are looking to see how far they
can push the envelope and if you can drop somebody
like cloud Flare, like you're doing really well, and what's
neat about that? Is a lot of times. Have you
ever seen those old nineteen eighties movies where some arms
(03:20):
dealer goes over to the Middle East is like, hey,
I want to sell you these weapons and they're like
I want to see a demonstration. They're like, fine, we'll
take out this building. Right. That happens on the internet
with d DOS botnets where they go oh, okay, how
good are good are you?
Speaker 1 (03:34):
They did that with They did that in Star Wars.
They did do that with an absolutely true.
Speaker 3 (03:43):
So we see it all the time, and we see
it with cyber weapons as well, where they go. Okay, great,
show that you can show that you can d d
us cloud flare, even if it's for ten minutes, and
then then then we'll talk right and we'll pay you
for access.
Speaker 2 (03:56):
Yeah, and Microsoft three sixty five is definitely a protected
service in a and a hard target.
Speaker 3 (04:01):
Absolutely, So I wouldn't I wouldn't be surprised because a
lot of people will ask me, like, what's the gain
in doing this? Like why would you do it? We
would ask that you stop asking for those demos. Strain,
I'm willing to pay it, but take Microsoft off live.
Speaker 1 (04:15):
It just meant a simulation. I didn't mean actually blow
up the planet. Come on now, all right, So is
this a go patch or is this just a story
of interest.
Speaker 3 (04:25):
Just a story of interesting. Okay, it's a story of interest,
and it's one of those things where I wanted to
like talk about Sometimes these d doss is, we can't
figure out why they're doing it. And it's not because
they're not doing it for the d dos. They're doing
it to prove that they can so that they can
charge a greater value from their customers and dedossing people. Okay,
So this might have just been in a in a
(04:46):
show and tell, not sure, just.
Speaker 1 (04:48):
Be careful out there, and we don't even know what
that means. So all right, next one cloud of war,
the AI cyber threat to US critical infrastructure. Interesting, what
is this all about?
Speaker 2 (05:01):
Well, if you're cynical, you probably there's no news here
because it's like, oh, so the rest of the world
is just going after our stuff and we're not defending it.
What we've said before is when they look back at
this ten years, they're going to say, oh, well, the
cyber war was already going on and they just didn't realize.
We're like the frogs in the water, the boiling water.
(05:22):
And this is just a report that says agentic weapons
are going to be more prolific, they're going to be
used by state sponsors. They're going to be used to
like rip through networks faster and easier. They're going to
find zero day vulnerabilities. That it's becoming more fraud Well,
this has happened almost every year or every couple of
years forever. It just keeps getting more and more and
(05:44):
more intense. If you look at the types of phishing
emails you're getting, they're getting better, but they've been getting
better for a decade, they're going to keep getting better.
So this is an important report. It's an important information,
but it just means we have to raise our game. Unfortunately,
in the US and the West in general, the government
doesn't get involved in securing small businesses or even defense contractors.
Speaker 3 (06:09):
They tried that in the eighties. It didn't work out.
Speaker 2 (06:10):
Yeah, and so therefore we're kind of on our own,
and that's the way we like it. If I told
you the government's going to come and secure your network,
could probably say no, they're not. And so because of that,
we have to up our game, and especially critical infrastructure
has to up its game. These water treatment plants can't
be using things that they assume no one cares about,
(06:31):
because they're becoming targets.
Speaker 1 (06:32):
I want to go off on a brief tangent. I
know Dane has something to comment to agentic AI. This
is basically where a developer gives an AI, LM or
something the power to go do things on its behalf agency,
and so it might you might give it access to
your database, you might give it access to your email.
(06:56):
All of these things are the next step in the
robots take over the world. And you think I'm kidding
but I'm not. I mean, giving AI the keys to
do harmful things is not a good idea, I don't think.
But in very limited scenarios where the goal is narrow,
(07:17):
you know, and the systems are well defined and the
guardrails are well defined, that can be very powerful.
Speaker 3 (07:23):
It can be.
Speaker 2 (07:23):
But everything, everything that can be used for good, can
be used for bad. Right, Yeah, it's just the way
nuclear energy, nuclear weapons, the internet, the internet.
Speaker 3 (07:33):
The Internet. I mean, there's a bad version to everything,
and sometimes it's itself.
Speaker 1 (07:37):
Well, well, give you an example of this really quick.
This is with my customer. My customer is looking for
some LLLM stuff built in so that they could have
a user send them a paragraph of text and then
the LLLM would turn that into something like that. We
can use it to put data in the database. We
(07:59):
would not get the AI the ability to write it
directly to the database, but we want it to create
I don't know, JSON files or SEQL insert queries or
something like that that a human can then validate.
Speaker 3 (08:10):
And you can parameterize that.
Speaker 1 (08:11):
That's a Yeah, it's a really good example of Yeah,
go ahead and use AI, but you don't want to
give it access to things yeah, because now you're responsible
for everything it does and it may act.
Speaker 2 (08:24):
And there's more cases where if you put a chat
bought up and it quotes a price that you can't support,
you're still you're still liable for it, right, And so
there's ramifications and as long as we keep the ramifications
of mind, we'll probably do the right things. The problem
is people forget and they get they get caught up
and oh this would be great. You got to think
about the negatives as well as the positive.
Speaker 3 (08:41):
I mean, the other thing I would say, any other
concern here is not only yes, where there are attackers
that are moving towards using AI, which is helping them,
but it's also outstripping their knowledge. You don't need to
be a super technical attacker anymore, right, you can leverage AI.
And the big problem there is if they get it
right right, I don't know. There was a small percentage
(09:03):
of when we when we lit the first nuke off
that the atmosphere on the planet would burn off. There
was a percentage. It was non zero. It was a
non zero percentage. So the thought right now is they're
playing with nuclear weapons and if they get it just right,
they don't understand that there's no kill switch. It just
goes out and does things right, and even the attacker
(09:25):
won't have control anymore. And that's kind of one of
the bigger concerns too.
Speaker 1 (09:29):
Yeah, I agree, all right, So if you're not sufficiently
scared now you should be all right. So the last
one before the break Windscribe VPN just made wire guard
even more quantum resistant. What is wire guard and was
it quantum resistant before this?
Speaker 3 (09:51):
So WireGuard is a virtual private tunneling network software allows
you to connect to your home from when you're traveling,
connected the office from home.
Speaker 1 (10:02):
That sort of stuff sounds convenient.
Speaker 3 (10:03):
On man Access resource.
Speaker 2 (10:04):
So yeah, absolutely, yeah, Well, actually it's not a bad
concept because it means if you're in an unsecure public
Wi Fi or hotel or something like that, all the
traffic from the device is encrypted, and then the endpoints
your house, which hopefully is secure. What was the firewall.
Fire Wall had a little device called a purple that
(10:25):
you could grab. You could throw it on Wi Fi,
plug in your device, and your device all your traffic
would go to your house and then go out. So
if you wanted to watch Netflix, it didn't matter whether
you were in Europe or not. You could watch Netflix
because it was all going through your house. The news
here is that they've it's good news. They just took
their product and they've swapped out the encryption protocols to
(10:49):
be quantum resistant. Now that doesn't mean they're based on
quantum technology. It means they're the modern NIST recommended protocols
that are not known to be vulnerable to quantum computing.
So when a when a big quantum computer comes out
in five or ten years, it's going to be able
to break r SA and Diffie Hellman, an elliptical curve
and all the stuff that we're using today, especially for
(11:10):
asymmetric encryption. They're using newer geometric based like MLKM and
mL DSA instead, and that's good news. And Signal did
the same thing.
Speaker 1 (11:22):
That's one of those chemicals that RFK is trying to ban.
Speaker 3 (11:26):
Can't use it anymore.
Speaker 2 (11:27):
But but this is good because like Signal did it,
and now it's a race. So now vendors are starting
to get on the act and do this. Now we
need our critical infrastructure to do the same thing and
would be in better shape. So this is good. This
is a good news story. And again we're going to
start hearing about. This is the second week in a
row we talked about post quantum cryptography. It's going to
start bubbling. It's going to start happening more often.
Speaker 1 (11:48):
Yep. All right, And with that, we're going to take
a little break and we'll be right back and we're
back security this week. I'm Carl Franklin's, Patrick Hines and
Duane Laflatt. Next story, criminals using crypto ATMs to scam victims.
Here's what to know. I can tell you what.
Speaker 3 (12:09):
Don't use crypto or ATMs. It's a continent.
Speaker 1 (12:14):
It's a redundant statement.
Speaker 2 (12:16):
Have you ever seen a crypto ATM in any place
that you would like, buy food or not. It's not
the sketchiest place you've ever been, No, I have.
Speaker 1 (12:24):
I've seen them in convenience stores. There's one in the
convenience around for me.
Speaker 3 (12:28):
Yeah, okay, convenience. I didn't realize you lived in that
kind of area.
Speaker 1 (12:33):
It's a convenience store.
Speaker 3 (12:38):
This so crypto is the wild West still.
Speaker 2 (12:42):
It's starting to get regulated at starting, but it's it's
a big deal to rip off ATMs. The FBI will
definitely get involved and will definitely be on your doorstep
crypto ATMs. I think it'll eventually get investigated. I'm sure
there's somebody whose job it is, but they might be
one agent per region that's dealing with this kind of thing.
(13:02):
So it's still kind of a marginal a crime, I think.
Speaker 3 (13:05):
Well, and the and the other thing we see is
like right now, a lot of the way that the
scammers are getting money right is they're conning a lot
of old people into going to their bank and withdrawing cash,
right and they're like, listen, I won't be on the
phone with you going to the bank, say you're withdrawing
it for somebody else, blah blah blah whatever. But they
still need to get that cash to the attacker. And
(13:26):
the quickest and most anonymic way canonymic and anonymously and anonymously.
I was bic, did you like, I'm going to use
it and.
Speaker 1 (13:38):
Damic every time I don't have enough iron That makes sense.
Speaker 3 (13:43):
The way to do that is to take that cash,
drop it into one of these these ATMs, get the
ethereum out or bitcoin or whatever it is, into a wallet,
and then just give that wallet and password to the attacker.
And it's entirely untraceable at that point right as to
who who actually has it, because really the person who
put the money in had control over the wallet and
(14:04):
gave it away to somebody they don't know.
Speaker 1 (14:06):
So I thought one of the benefits of using these
cryptocurrencies was that it was traceable, that there's a public
ledger that shows the transactions.
Speaker 3 (14:13):
So there's a public ledger of the transactions, they'll know
where the money goes, but they won't know who owns it, right,
So a lot of times it's like, Okay, I can
tell what wallet's in, and I can see the wallet's
getting pushed over to the only listen as a criminal
career advice. It's the only if you really do want
to buy things with crypto that nobody knows about, use
(14:36):
Monaro because what happens is all the purchases get bundled together,
and all of the all of the people putting crypto
in get bundled together, and you're not sure who bought what.
It's like a cloud of purchasing.
Speaker 1 (14:49):
Manaro is named after a Puerto Rican tripe stew.
Speaker 3 (14:53):
Monaro or boy band. Yeah, actually thinking menudo.
Speaker 1 (15:03):
Yeah that's it. Sorry, I got confused.
Speaker 2 (15:05):
Well, they're more technical there's a version of them that
sings techno and that's manaro.
Speaker 3 (15:09):
Oh yeah, manaro.
Speaker 1 (15:10):
So the funny thing about this story is it's eyewitness
news ABC Channel seven.
Speaker 3 (15:16):
Right.
Speaker 1 (15:17):
The fourth paragraph is one sentence quote, I don't trust
anything anymore, said a mother from New Jersey.
Speaker 3 (15:27):
You can't tell this is just it's like one step
above the inquirer.
Speaker 1 (15:34):
Yeah, it says that your average New York Times or
Wall Street Journal kind of reporting here.
Speaker 3 (15:40):
We bring you all the news people, whether we have
to describe the bottom of the barrel or not. So
you're getting it.
Speaker 1 (15:46):
All right. So yeah, okay, I'm kind of laughing, but
I'm crying instead. All right, So this story is from
proton dot me seventy thousand government IDs leaked in Discord
data breach. We talked about the Discord data breach last week. Yeah,
and this is a continuation of that story, I think, right.
Speaker 3 (16:06):
Yeah, it is.
Speaker 2 (16:07):
So Discord was playing around with doing the name the
age verification because in some countries it's necessary for websites.
In some states it's becoming necessary for certain riskue not
safe for work content. So it's definitely something you want
your name and passport identified with. Right, Just like the
(16:27):
Ashley Madison thing. People, this is not to buy bibles.
Speaker 3 (16:31):
I'm sorry, what was that site?
Speaker 2 (16:33):
Patrick, Ashley Madison? You remember that preach? So this is
one where you probably don't want to be associated with
what you were doing. Now, in this case, it was
Discord's probably not the big deal, but it shows us
what's going to go wrong in the future. So seventy
thousand images of government issued IDs, So that means somebody
took a picture, took a scan of their passport and
(16:54):
uploaded it and that got breached.
Speaker 3 (16:56):
Yeah. Yeah, and so it's a big deal.
Speaker 2 (16:58):
It's mostly I think from the UK and Australia, and
it happened early earlier this month and now we're getting
more about the scope of it and how big it is.
But this whole age identification, I get it. I understand
why you know you need that, but every time you
add a protection, you add a vulnerability, it just seems
(17:18):
like it's it's a slippery slope here.
Speaker 1 (17:21):
Yeah, and in this case, people were stealing like license
pictures and that kind of stuff, right, photos of licenses.
Speaker 2 (17:28):
Yeah, yeah, it's a big deal. If somebody gets I
think it's a big deal. If somebody gets a picture
of that.
Speaker 1 (17:33):
I think, so yeah, where you know, because I was
going to say something about college kids everywhere getting more
access to fake ideas through this, but they can't afford them.
All right, So hacker news F five breach exposes big
IP source code, Big dash IP or big dash IP
(17:54):
Nation state hackers behind massive intrusion. What happened?
Speaker 3 (18:00):
Yeah, this one's not gonna be good and we're going
to see probably the fallout of this over the coming months.
So I'm confused. Not good for us, not good for you,
not good for anybody. I don't think the company is
that it learned of the breach on August ninth. This
is pretty reset. That means he didn't get a copy yet.
I know, well, I cannot confirm to deny that I
(18:24):
may have a copy. Russians. Right, We're gonna blame it
on the Russians and hopefully everybody says, yes, well, it.
Speaker 1 (18:31):
Might be related to the missing satellite, which we'll talk about.
Speaker 3 (18:34):
As possible the I mean, I think you mean the
rogue sky net But anyways, yes, So in this particular case,
so Big I p there are a lot of different
devices that they have that are web application firewalls. You know,
Big Fix is in there as well, where it does
fixing and patching and that sort of stuff. There's a
(18:56):
secure routing, there's all sorts of networking gear right that
manages really really large networks. So the thought here and
the concern here is somebody taking all of the operational
code for these devices and then finding a zero day.
Way easier to discover a zero day if you have
the code. I ith just it is, every time we
(19:19):
do a code review, we find something that we would
have taken us a very long time to fuzz and
find from the outside and looking at the code, we're like, oh,
this is pretty obvious. So what we're going to see
here is probably at least one, if not several zero
day flaws coming out as as proofs of concept. And
if you're looking at a nation state, right, let's assume
(19:39):
it's North Korea, or let's assume it's Russia. We've seen
in the Russian playbook. Before they attack somebody, they start
attacking the critical infrastructure and the over the internet and
cybersecurity land, right, So maybe they have a target that's
using big IP systems and they're like, hey, let's just
get the source code, and let's figure it out and
see if we can create something before we start the attacks,
(20:01):
so we'll see what happens. But yeah, this one's this
one's super concerning.
Speaker 1 (20:05):
Yikes, all right, And to get to our final story,
our main story, Skynet one, a military spacecraft launched fifty
six years ago, has been moved by persons unknown. Sky Neet.
Speaker 3 (20:19):
What a good name.
Speaker 1 (20:20):
I've heard of that before.
Speaker 3 (20:21):
Yeah, what a god, what a great name.
Speaker 2 (20:23):
Right, I wonder if I wonder if that's really where
the name came from.
Speaker 3 (20:27):
I wouldn't be surprised. Skynet was launched in nineteen sixty nine.
This way predates the you know Terminator series, a way
predates Terminator, right, absolutely. Oh yeah, so somebody was like, yes,
Skynet sounds awesome, let's use that. So what's interesting about
this is, so there are tons of satellites up there
right just floating around, and some of them are obviously
defunct and sort of hanging out in their orbit. And
(20:51):
in this particular case, this was a geostationary orbit at
forty degrees these longitudes. So what that means is this
satellite is hanging out over the same place on the Earth, right,
so it's actually spinning with the Earth.
Speaker 1 (21:05):
I thought that was geosynchronous.
Speaker 3 (21:07):
No geostationary. Geostationary.
Speaker 1 (21:10):
I thought geostationary was where it's just in one place.
Speaker 3 (21:13):
Oh, maybe maybe it is.
Speaker 1 (21:14):
Maybe I'm confusing, and then the Earth turns and it
stays in that same place.
Speaker 3 (21:18):
Oh, there you go. Yes, geostationary. So either way, it's
only supposed to fluctuate by one or two degrees of
drift over the years, and it's actually one hundred and
five degrees west now, so it is way outside of
the normal it drifted out of.
Speaker 2 (21:38):
Well, there's two solutions here. One is the one they're
asserting in the article, which is somebody moved it, but
it's a dead satellite.
Speaker 1 (21:47):
So well, it's not a solution explanation, I think, is
what you mean to Okay, fine, I think there was
a kid on the that got a pea shooter and.
Speaker 3 (21:56):
Well, actually that's what I was going to suggest. Is
that not that?
Speaker 2 (22:00):
So how did somebody move it? Did they did they
nudge it? Or is it possible that there's a lot
of space.
Speaker 3 (22:04):
Debris space junk. Yeah, a lot of it's.
Speaker 2 (22:06):
Really small but going really fast, like thirty two thousand
miles an hour fast.
Speaker 1 (22:11):
It wouldn't take much, and it.
Speaker 2 (22:12):
Might not destroy the satellite. It might just like embed
and carry it in a different direction. So I think
it's it's sallacious, a good word, right. It's an interesting
take to say somebody moved it. But notice in the
article they say they don't know when or how or who,
So it could be that it started picking up you know, variation.
(22:34):
It's also in the realm of possibility that it got
hit like a couple of different times by small pieces
of space debris, so that pushed you in a direction.
Speaker 3 (22:43):
Here's what I would pause it. Donald J. Kessler in
nineteen seventy nine speculated that if there were small bits
of debris and a particular orbit, it would destroy all
satellites in that orbit over a course of a couple
of hours because of how fast that debris would multiply
(23:03):
and move. So if something were to have hit it,
and maybe it's the perfect bump and nothing breaks off,
but you're talking about a satellite from nineteen sixty nine,
I'm thinking it's entirely possible somebody broke into the protocols
of controlling the satellite because there weren't a lot of
really great protocols in nineteen sixty nine, and the L
(23:25):
band communications is not that hard to start sending communications
up to satellites these days. So I think it's entirely
possible that somebody moved it. Fol's joke.
Speaker 2 (23:38):
Eighteen months after it was launched? Doesn't that mean it
wasn't controllable? So it said it stopped responding eighteen months later.
I don't know if that means.
Speaker 3 (23:47):
You think that's when they took it over. It's entirely possible.
Speaker 1 (23:50):
Was in the early day, what if a piece of
plastic flew off of it, went around the world and
came and hit it in the ass on the other side?
Bunk oh, same moor a bit.
Speaker 2 (23:59):
Well, that wouldn't would The problem is it would be
in the same It wouldn't be able to it wouldn't
have the momentum, it wouldn't have the acceleration.
Speaker 1 (24:05):
I know, I'm just trying to I'm just trying to
make some funny Yeah, so it is.
Speaker 3 (24:09):
But it's interesting Patrick. They do say it stopped functioning
eighteen months after it went out, but they don't define
what that means, like, was it designed, does it spy satellite?
And it stopped functioning. Is that, but it's still had
telemetry and it still had motion. I don't know, right,
So they're speculating it you still could control it and
move it around.
Speaker 1 (24:26):
I think it was aliens.
Speaker 2 (24:27):
And they're saying that when when it they did, it
was where it was supposed to be when they left
it nineteen seventy. Nineteen seventy, when satellite was closely tracked,
it was in geostationary arc at a longitude of forty east.
So it looks like after it stopped functioning, they tracked
it to make sure they knew where it was, and
(24:47):
then they looked away for thirty forty fifty years and.
Speaker 3 (24:50):
They're like, where is that thing?
Speaker 2 (24:52):
Like one does as one does, as NASA does, apparently,
and they looked away and they came back and like, Hey,
that's not where it's supposed to be.
Speaker 3 (24:59):
So I wonder if we have like data about where
it moved to. Probably not, because they're saying it now.
I don't know.
Speaker 2 (25:08):
I think it's it might stay a mystery. Maybe they'll
retrieve it and they'll be able to look at it
to see whether there's marks on it, because it's certainly
something big enough to move it that much would leave
a mark yep.
Speaker 1 (25:20):
Okay.
Speaker 3 (25:21):
On the plus side, there's actually a new framework. Just
like metasplate is a hacking framework, there's actually a new
framework for hacking satellites out yeah, just you know. Consequently,
there's another one. There's a satellite hacking framework that yeah.
Speaker 1 (25:38):
It literally just imagine career criminal career advice. Imagine the
criminal career advice playing right now, starts talking.
Speaker 2 (25:50):
There's actually a brand, there's actually a satellite launched that
you can play with with that framework.
Speaker 1 (25:55):
Yeah, we talked about.
Speaker 3 (25:56):
No no, but there's there's a actual no no, but
there's a new frame work aside from that, like think
metasploit for attackers to put an SDR on your laptop
and hack satellites. Wow. So there's a brand new framework
out there. I'll get you the link to it for
the podcast.
Speaker 1 (26:14):
But it's wow, okay, good stuff.
Speaker 3 (26:17):
Have that it kids, It's called pone SAT. By the way,
pone SAT is the I'm going to give you. I'll
give you the link.
Speaker 1 (26:24):
To it, all right, pone SAT. I guess that's it.
We'll see you next week on Security this week.
Speaker 3 (26:29):
Bye bye, bye bye, guys,
Hey, guys, have you ever noticed how many towns are
named after their water towers?
Speaker 2 (00:05):
No?
Speaker 3 (00:06):
Quite popular. I don't think so water is important.
Speaker 1 (00:10):
Yeah, you know, you come to a town Mystic Connecticut.
Speaker 3 (00:14):
It's right there on the tower and it.
Speaker 1 (00:15):
Says Mystic Connecticut on the water tower.
Speaker 2 (00:17):
What like?
Speaker 1 (00:17):
What? All right, we got eight stories to get through.
Let's get started. Hackers exploit off bypass in serber finder
WordPress theme our old friend WordPress.
Speaker 3 (00:36):
Not WordPress not a theme. I'm always surprised where there
are themes. Like to me, themes are how the how
the site looks and images? Yeah, not like Oh and
by the way, it has all sorts of weird functionality
because I.
Speaker 2 (00:51):
Think they theme around the administrative stuff and they've they've
opened it up.
Speaker 1 (00:55):
Must there must be JavaScript involved.
Speaker 3 (00:56):
So that they can actually yeah so yeah, into entirely true.
So in this particular case, there was an improper validation
for the original Underscore user underscore ID cookie and the
service underscore finder Underscore switchback function which allowed the users
to bypass authentication. And what's dangerous there is because it's
a theme, it is access to the filesystem and the
(01:18):
ability to upload files and that sort of stuff, including
PHP files. So we're talking total control of the system,
so Nobuena world domination. According to word Fence, there are
thirteen thousand, eight hundred exploit attempts since August first. That's
exploit attempts. So we're starting to see this grow quite
(01:40):
a bit, you know. And it's listen, it's the same thing.
Anytime there's a WordPress exploit out there and somebody writes
a POC for it, script, kiddies go, they'll run it
against every word Press site they can find on the internet.
So yeah, so this one's simple.
Speaker 1 (01:55):
Go patch, yeah, or just don't use word Press the internet,
pay attention.
Speaker 3 (02:01):
Cease fire.
Speaker 1 (02:02):
Oh I'm getting an email from Wordpress's lawyers right now.
Speaker 3 (02:08):
Your two users have complainedst I'm sorry.
Speaker 1 (02:12):
Use WordPress. It's awesome. Go go and install as many
themes as you possibly can.
Speaker 3 (02:17):
I joke about our two users, but we did have
three users live last week.
Speaker 1 (02:21):
That was really fun.
Speaker 3 (02:24):
That was awesome.
Speaker 1 (02:25):
Those three users got to sit around and pick you
guys's brain for an hour after we stopped recording. Tell
me they didn't get a good deal and.
Speaker 3 (02:34):
Got lock picks out of the deal. Yeah, yeah, security
the Greek lock picks. So yeah, we're glad you came
to see us.
Speaker 1 (02:39):
So we want everybody to attend next time. Yes, all right,
next one, Azure outage blocks access to Microsoft three sixty
five services and admin portals. This is from October ninth.
Speaker 2 (02:53):
So d Dos is in two of our stories today.
So it's de Doss's coming.
Speaker 3 (02:57):
Back, I think so. Well. I guess it depends, right.
Lots of times there are either criminal syndicates or botnets
or whatever who are looking to see how far they
can push the envelope and if you can drop somebody
like cloud Flare, like you're doing really well, and what's
neat about that? Is a lot of times. Have you
ever seen those old nineteen eighties movies where some arms
(03:20):
dealer goes over to the Middle East is like, hey,
I want to sell you these weapons and they're like
I want to see a demonstration. They're like, fine, we'll
take out this building. Right. That happens on the internet
with d DOS botnets where they go oh, okay, how
good are good are you?
Speaker 1 (03:34):
They did that with They did that in Star Wars.
They did do that with an absolutely true.
Speaker 3 (03:43):
So we see it all the time, and we see
it with cyber weapons as well, where they go. Okay, great,
show that you can show that you can d d
us cloud flare, even if it's for ten minutes, and
then then then we'll talk right and we'll pay you
for access.
Speaker 2 (03:56):
Yeah, and Microsoft three sixty five is definitely a protected
service in a and a hard target.
Speaker 3 (04:01):
Absolutely, So I wouldn't I wouldn't be surprised because a
lot of people will ask me, like, what's the gain
in doing this? Like why would you do it? We
would ask that you stop asking for those demos. Strain,
I'm willing to pay it, but take Microsoft off live.
Speaker 1 (04:15):
It just meant a simulation. I didn't mean actually blow
up the planet. Come on now, all right, So is
this a go patch or is this just a story
of interest.
Speaker 3 (04:25):
Just a story of interesting. Okay, it's a story of interest,
and it's one of those things where I wanted to
like talk about Sometimes these d doss is, we can't
figure out why they're doing it. And it's not because
they're not doing it for the d dos. They're doing
it to prove that they can so that they can
charge a greater value from their customers and dedossing people. Okay,
So this might have just been in a in a
(04:46):
show and tell, not sure, just.
Speaker 1 (04:48):
Be careful out there, and we don't even know what
that means. So all right, next one cloud of war,
the AI cyber threat to US critical infrastructure. Interesting, what
is this all about?
Speaker 2 (05:01):
Well, if you're cynical, you probably there's no news here
because it's like, oh, so the rest of the world
is just going after our stuff and we're not defending it.
What we've said before is when they look back at
this ten years, they're going to say, oh, well, the
cyber war was already going on and they just didn't realize.
We're like the frogs in the water, the boiling water.
(05:22):
And this is just a report that says agentic weapons
are going to be more prolific, they're going to be
used by state sponsors. They're going to be used to
like rip through networks faster and easier. They're going to
find zero day vulnerabilities. That it's becoming more fraud Well,
this has happened almost every year or every couple of
years forever. It just keeps getting more and more and
(05:44):
more intense. If you look at the types of phishing
emails you're getting, they're getting better, but they've been getting
better for a decade, they're going to keep getting better.
So this is an important report. It's an important information,
but it just means we have to raise our game. Unfortunately,
in the US and the West in general, the government
doesn't get involved in securing small businesses or even defense contractors.
Speaker 3 (06:09):
They tried that in the eighties. It didn't work out.
Speaker 2 (06:10):
Yeah, and so therefore we're kind of on our own,
and that's the way we like it. If I told
you the government's going to come and secure your network,
could probably say no, they're not. And so because of that,
we have to up our game, and especially critical infrastructure
has to up its game. These water treatment plants can't
be using things that they assume no one cares about,
(06:31):
because they're becoming targets.
Speaker 1 (06:32):
I want to go off on a brief tangent. I
know Dane has something to comment to agentic AI. This
is basically where a developer gives an AI, LM or
something the power to go do things on its behalf agency,
and so it might you might give it access to
your database, you might give it access to your email.
(06:56):
All of these things are the next step in the
robots take over the world. And you think I'm kidding
but I'm not. I mean, giving AI the keys to
do harmful things is not a good idea, I don't think.
But in very limited scenarios where the goal is narrow,
(07:17):
you know, and the systems are well defined and the
guardrails are well defined, that can be very powerful.
Speaker 3 (07:23):
It can be.
Speaker 2 (07:23):
But everything, everything that can be used for good, can
be used for bad. Right, Yeah, it's just the way
nuclear energy, nuclear weapons, the internet, the internet.
Speaker 3 (07:33):
The Internet. I mean, there's a bad version to everything,
and sometimes it's itself.
Speaker 1 (07:37):
Well, well, give you an example of this really quick.
This is with my customer. My customer is looking for
some LLLM stuff built in so that they could have
a user send them a paragraph of text and then
the LLLM would turn that into something like that. We
can use it to put data in the database. We
(07:59):
would not get the AI the ability to write it
directly to the database, but we want it to create
I don't know, JSON files or SEQL insert queries or
something like that that a human can then validate.
Speaker 3 (08:10):
And you can parameterize that.
Speaker 1 (08:11):
That's a Yeah, it's a really good example of Yeah,
go ahead and use AI, but you don't want to
give it access to things yeah, because now you're responsible
for everything it does and it may act.
Speaker 2 (08:24):
And there's more cases where if you put a chat
bought up and it quotes a price that you can't support,
you're still you're still liable for it, right, And so
there's ramifications and as long as we keep the ramifications
of mind, we'll probably do the right things. The problem
is people forget and they get they get caught up
and oh this would be great. You got to think
about the negatives as well as the positive.
Speaker 3 (08:41):
I mean, the other thing I would say, any other
concern here is not only yes, where there are attackers
that are moving towards using AI, which is helping them,
but it's also outstripping their knowledge. You don't need to
be a super technical attacker anymore, right, you can leverage AI.
And the big problem there is if they get it
right right, I don't know. There was a small percentage
(09:03):
of when we when we lit the first nuke off
that the atmosphere on the planet would burn off. There
was a percentage. It was non zero. It was a
non zero percentage. So the thought right now is they're
playing with nuclear weapons and if they get it just right,
they don't understand that there's no kill switch. It just
goes out and does things right, and even the attacker
(09:25):
won't have control anymore. And that's kind of one of
the bigger concerns too.
Speaker 1 (09:29):
Yeah, I agree, all right, So if you're not sufficiently
scared now you should be all right. So the last
one before the break Windscribe VPN just made wire guard
even more quantum resistant. What is wire guard and was
it quantum resistant before this?
Speaker 3 (09:51):
So WireGuard is a virtual private tunneling network software allows
you to connect to your home from when you're traveling,
connected the office from home.
Speaker 1 (10:02):
That sort of stuff sounds convenient.
Speaker 3 (10:03):
On man Access resource.
Speaker 2 (10:04):
So yeah, absolutely, yeah, Well, actually it's not a bad
concept because it means if you're in an unsecure public
Wi Fi or hotel or something like that, all the
traffic from the device is encrypted, and then the endpoints
your house, which hopefully is secure. What was the firewall.
Fire Wall had a little device called a purple that
(10:25):
you could grab. You could throw it on Wi Fi,
plug in your device, and your device all your traffic
would go to your house and then go out. So
if you wanted to watch Netflix, it didn't matter whether
you were in Europe or not. You could watch Netflix
because it was all going through your house. The news
here is that they've it's good news. They just took
their product and they've swapped out the encryption protocols to
(10:49):
be quantum resistant. Now that doesn't mean they're based on
quantum technology. It means they're the modern NIST recommended protocols
that are not known to be vulnerable to quantum computing.
So when a when a big quantum computer comes out
in five or ten years, it's going to be able
to break r SA and Diffie Hellman, an elliptical curve
and all the stuff that we're using today, especially for
(11:10):
asymmetric encryption. They're using newer geometric based like MLKM and
mL DSA instead, and that's good news. And Signal did
the same thing.
Speaker 1 (11:22):
That's one of those chemicals that RFK is trying to ban.
Speaker 3 (11:26):
Can't use it anymore.
Speaker 2 (11:27):
But but this is good because like Signal did it,
and now it's a race. So now vendors are starting
to get on the act and do this. Now we
need our critical infrastructure to do the same thing and
would be in better shape. So this is good. This
is a good news story. And again we're going to
start hearing about. This is the second week in a
row we talked about post quantum cryptography. It's going to
start bubbling. It's going to start happening more often.
Speaker 1 (11:48):
Yep. All right, And with that, we're going to take
a little break and we'll be right back and we're
back security this week. I'm Carl Franklin's, Patrick Hines and
Duane Laflatt. Next story, criminals using crypto ATMs to scam victims.
Here's what to know. I can tell you what.
Speaker 3 (12:09):
Don't use crypto or ATMs. It's a continent.
Speaker 1 (12:14):
It's a redundant statement.
Speaker 2 (12:16):
Have you ever seen a crypto ATM in any place
that you would like, buy food or not. It's not
the sketchiest place you've ever been, No, I have.
Speaker 1 (12:24):
I've seen them in convenience stores. There's one in the
convenience around for me.
Speaker 3 (12:28):
Yeah, okay, convenience. I didn't realize you lived in that
kind of area.
Speaker 1 (12:33):
It's a convenience store.
Speaker 3 (12:38):
This so crypto is the wild West still.
Speaker 2 (12:42):
It's starting to get regulated at starting, but it's it's
a big deal to rip off ATMs. The FBI will
definitely get involved and will definitely be on your doorstep
crypto ATMs. I think it'll eventually get investigated. I'm sure
there's somebody whose job it is, but they might be
one agent per region that's dealing with this kind of thing.
(13:02):
So it's still kind of a marginal a crime, I think.
Speaker 3 (13:05):
Well, and the and the other thing we see is
like right now, a lot of the way that the
scammers are getting money right is they're conning a lot
of old people into going to their bank and withdrawing cash,
right and they're like, listen, I won't be on the
phone with you going to the bank, say you're withdrawing
it for somebody else, blah blah blah whatever. But they
still need to get that cash to the attacker. And
(13:26):
the quickest and most anonymic way canonymic and anonymously and anonymously.
I was bic, did you like, I'm going to use
it and.
Speaker 1 (13:38):
Damic every time I don't have enough iron That makes sense.
Speaker 3 (13:43):
The way to do that is to take that cash,
drop it into one of these these ATMs, get the
ethereum out or bitcoin or whatever it is, into a wallet,
and then just give that wallet and password to the attacker.
And it's entirely untraceable at that point right as to
who who actually has it, because really the person who
put the money in had control over the wallet and
(14:04):
gave it away to somebody they don't know.
Speaker 1 (14:06):
So I thought one of the benefits of using these
cryptocurrencies was that it was traceable, that there's a public
ledger that shows the transactions.
Speaker 3 (14:13):
So there's a public ledger of the transactions, they'll know
where the money goes, but they won't know who owns it, right,
So a lot of times it's like, Okay, I can
tell what wallet's in, and I can see the wallet's
getting pushed over to the only listen as a criminal
career advice. It's the only if you really do want
to buy things with crypto that nobody knows about, use
(14:36):
Monaro because what happens is all the purchases get bundled together,
and all of the all of the people putting crypto
in get bundled together, and you're not sure who bought what.
It's like a cloud of purchasing.
Speaker 1 (14:49):
Manaro is named after a Puerto Rican tripe stew.
Speaker 3 (14:53):
Monaro or boy band. Yeah, actually thinking menudo.
Speaker 1 (15:03):
Yeah that's it. Sorry, I got confused.
Speaker 2 (15:05):
Well, they're more technical there's a version of them that
sings techno and that's manaro.
Speaker 3 (15:09):
Oh yeah, manaro.
Speaker 1 (15:10):
So the funny thing about this story is it's eyewitness
news ABC Channel seven.
Speaker 3 (15:16):
Right.
Speaker 1 (15:17):
The fourth paragraph is one sentence quote, I don't trust
anything anymore, said a mother from New Jersey.
Speaker 3 (15:27):
You can't tell this is just it's like one step
above the inquirer.
Speaker 1 (15:34):
Yeah, it says that your average New York Times or
Wall Street Journal kind of reporting here.
Speaker 3 (15:40):
We bring you all the news people, whether we have
to describe the bottom of the barrel or not. So
you're getting it.
Speaker 1 (15:46):
All right. So yeah, okay, I'm kind of laughing, but
I'm crying instead. All right, So this story is from
proton dot me seventy thousand government IDs leaked in Discord
data breach. We talked about the Discord data breach last week. Yeah,
and this is a continuation of that story, I think, right.
Speaker 3 (16:06):
Yeah, it is.
Speaker 2 (16:07):
So Discord was playing around with doing the name the
age verification because in some countries it's necessary for websites.
In some states it's becoming necessary for certain riskue not
safe for work content. So it's definitely something you want
your name and passport identified with. Right, Just like the
(16:27):
Ashley Madison thing. People, this is not to buy bibles.
Speaker 3 (16:31):
I'm sorry, what was that site?
Speaker 2 (16:33):
Patrick, Ashley Madison? You remember that preach? So this is
one where you probably don't want to be associated with
what you were doing. Now, in this case, it was
Discord's probably not the big deal, but it shows us
what's going to go wrong in the future. So seventy
thousand images of government issued IDs, So that means somebody
took a picture, took a scan of their passport and
(16:54):
uploaded it and that got breached.
Speaker 3 (16:56):
Yeah. Yeah, and so it's a big deal.
Speaker 2 (16:58):
It's mostly I think from the UK and Australia, and
it happened early earlier this month and now we're getting
more about the scope of it and how big it is.
But this whole age identification, I get it. I understand
why you know you need that, but every time you
add a protection, you add a vulnerability, it just seems
(17:18):
like it's it's a slippery slope here.
Speaker 1 (17:21):
Yeah, and in this case, people were stealing like license
pictures and that kind of stuff, right, photos of licenses.
Speaker 2 (17:28):
Yeah, yeah, it's a big deal. If somebody gets I
think it's a big deal. If somebody gets a picture
of that.
Speaker 1 (17:33):
I think, so yeah, where you know, because I was
going to say something about college kids everywhere getting more
access to fake ideas through this, but they can't afford them.
All right, So hacker news F five breach exposes big
IP source code, Big dash IP or big dash IP
(17:54):
Nation state hackers behind massive intrusion. What happened?
Speaker 3 (18:00):
Yeah, this one's not gonna be good and we're going
to see probably the fallout of this over the coming months.
So I'm confused. Not good for us, not good for you,
not good for anybody. I don't think the company is
that it learned of the breach on August ninth. This
is pretty reset. That means he didn't get a copy yet.
I know, well, I cannot confirm to deny that I
(18:24):
may have a copy. Russians. Right, We're gonna blame it
on the Russians and hopefully everybody says, yes, well, it.
Speaker 1 (18:31):
Might be related to the missing satellite, which we'll talk about.
Speaker 3 (18:34):
As possible the I mean, I think you mean the
rogue sky net But anyways, yes, So in this particular case,
so Big I p there are a lot of different
devices that they have that are web application firewalls. You know,
Big Fix is in there as well, where it does
fixing and patching and that sort of stuff. There's a
(18:56):
secure routing, there's all sorts of networking gear right that
manages really really large networks. So the thought here and
the concern here is somebody taking all of the operational
code for these devices and then finding a zero day.
Way easier to discover a zero day if you have
the code. I ith just it is, every time we
(19:19):
do a code review, we find something that we would
have taken us a very long time to fuzz and
find from the outside and looking at the code, we're like, oh,
this is pretty obvious. So what we're going to see
here is probably at least one, if not several zero
day flaws coming out as as proofs of concept. And
if you're looking at a nation state, right, let's assume
(19:39):
it's North Korea, or let's assume it's Russia. We've seen
in the Russian playbook. Before they attack somebody, they start
attacking the critical infrastructure and the over the internet and
cybersecurity land, right, So maybe they have a target that's
using big IP systems and they're like, hey, let's just
get the source code, and let's figure it out and
see if we can create something before we start the attacks,
(20:01):
so we'll see what happens. But yeah, this one's this
one's super concerning.
Speaker 1 (20:05):
Yikes, all right, And to get to our final story,
our main story, Skynet one, a military spacecraft launched fifty
six years ago, has been moved by persons unknown. Sky Neet.
Speaker 3 (20:19):
What a good name.
Speaker 1 (20:20):
I've heard of that before.
Speaker 3 (20:21):
Yeah, what a god, what a great name.
Speaker 2 (20:23):
Right, I wonder if I wonder if that's really where
the name came from.
Speaker 3 (20:27):
I wouldn't be surprised. Skynet was launched in nineteen sixty nine.
This way predates the you know Terminator series, a way
predates Terminator, right, absolutely. Oh yeah, so somebody was like, yes,
Skynet sounds awesome, let's use that. So what's interesting about
this is, so there are tons of satellites up there
right just floating around, and some of them are obviously
defunct and sort of hanging out in their orbit. And
(20:51):
in this particular case, this was a geostationary orbit at
forty degrees these longitudes. So what that means is this
satellite is hanging out over the same place on the Earth, right,
so it's actually spinning with the Earth.
Speaker 1 (21:05):
I thought that was geosynchronous.
Speaker 3 (21:07):
No geostationary. Geostationary.
Speaker 1 (21:10):
I thought geostationary was where it's just in one place.
Speaker 3 (21:13):
Oh, maybe maybe it is.
Speaker 1 (21:14):
Maybe I'm confusing, and then the Earth turns and it
stays in that same place.
Speaker 3 (21:18):
Oh, there you go. Yes, geostationary. So either way, it's
only supposed to fluctuate by one or two degrees of
drift over the years, and it's actually one hundred and
five degrees west now, so it is way outside of
the normal it drifted out of.
Speaker 2 (21:38):
Well, there's two solutions here. One is the one they're
asserting in the article, which is somebody moved it, but
it's a dead satellite.
Speaker 1 (21:47):
So well, it's not a solution explanation, I think, is
what you mean to Okay, fine, I think there was
a kid on the that got a pea shooter and.
Speaker 3 (21:56):
Well, actually that's what I was going to suggest. Is
that not that?
Speaker 2 (22:00):
So how did somebody move it? Did they did they
nudge it? Or is it possible that there's a lot
of space.
Speaker 3 (22:04):
Debris space junk. Yeah, a lot of it's.
Speaker 2 (22:06):
Really small but going really fast, like thirty two thousand
miles an hour fast.
Speaker 1 (22:11):
It wouldn't take much, and it.
Speaker 2 (22:12):
Might not destroy the satellite. It might just like embed
and carry it in a different direction. So I think
it's it's sallacious, a good word, right. It's an interesting
take to say somebody moved it. But notice in the
article they say they don't know when or how or who,
So it could be that it started picking up you know, variation.
(22:34):
It's also in the realm of possibility that it got
hit like a couple of different times by small pieces
of space debris, so that pushed you in a direction.
Speaker 3 (22:43):
Here's what I would pause it. Donald J. Kessler in
nineteen seventy nine speculated that if there were small bits
of debris and a particular orbit, it would destroy all
satellites in that orbit over a course of a couple
of hours because of how fast that debris would multiply
(23:03):
and move. So if something were to have hit it,
and maybe it's the perfect bump and nothing breaks off,
but you're talking about a satellite from nineteen sixty nine,
I'm thinking it's entirely possible somebody broke into the protocols
of controlling the satellite because there weren't a lot of
really great protocols in nineteen sixty nine, and the L
(23:25):
band communications is not that hard to start sending communications
up to satellites these days. So I think it's entirely
possible that somebody moved it. Fol's joke.
Speaker 2 (23:38):
Eighteen months after it was launched? Doesn't that mean it
wasn't controllable? So it said it stopped responding eighteen months later.
I don't know if that means.
Speaker 3 (23:47):
You think that's when they took it over. It's entirely possible.
Speaker 1 (23:50):
Was in the early day, what if a piece of
plastic flew off of it, went around the world and
came and hit it in the ass on the other side?
Bunk oh, same moor a bit.
Speaker 2 (23:59):
Well, that wouldn't would The problem is it would be
in the same It wouldn't be able to it wouldn't
have the momentum, it wouldn't have the acceleration.
Speaker 1 (24:05):
I know, I'm just trying to I'm just trying to
make some funny Yeah, so it is.
Speaker 3 (24:09):
But it's interesting Patrick. They do say it stopped functioning
eighteen months after it went out, but they don't define
what that means, like, was it designed, does it spy satellite?
And it stopped functioning. Is that, but it's still had
telemetry and it still had motion. I don't know, right,
So they're speculating it you still could control it and
move it around.
Speaker 1 (24:26):
I think it was aliens.
Speaker 2 (24:27):
And they're saying that when when it they did, it
was where it was supposed to be when they left
it nineteen seventy. Nineteen seventy, when satellite was closely tracked,
it was in geostationary arc at a longitude of forty east.
So it looks like after it stopped functioning, they tracked
it to make sure they knew where it was, and
(24:47):
then they looked away for thirty forty fifty years and.
Speaker 3 (24:50):
They're like, where is that thing?
Speaker 2 (24:52):
Like one does as one does, as NASA does, apparently,
and they looked away and they came back and like, Hey,
that's not where it's supposed to be.
Speaker 3 (24:59):
So I wonder if we have like data about where
it moved to. Probably not, because they're saying it now.
I don't know.
Speaker 2 (25:08):
I think it's it might stay a mystery. Maybe they'll
retrieve it and they'll be able to look at it
to see whether there's marks on it, because it's certainly
something big enough to move it that much would leave
a mark yep.
Speaker 1 (25:20):
Okay.
Speaker 3 (25:21):
On the plus side, there's actually a new framework. Just
like metasplate is a hacking framework, there's actually a new
framework for hacking satellites out yeah, just you know. Consequently,
there's another one. There's a satellite hacking framework that yeah.
Speaker 1 (25:38):
It literally just imagine career criminal career advice. Imagine the
criminal career advice playing right now, starts talking.
Speaker 2 (25:50):
There's actually a brand, there's actually a satellite launched that
you can play with with that framework.
Speaker 1 (25:55):
Yeah, we talked about.
Speaker 3 (25:56):
No no, but there's there's a actual no no, but
there's a new frame work aside from that, like think
metasploit for attackers to put an SDR on your laptop
and hack satellites. Wow. So there's a brand new framework
out there. I'll get you the link to it for
the podcast.
Speaker 1 (26:14):
But it's wow, okay, good stuff.
Speaker 3 (26:17):
Have that it kids, It's called pone SAT. By the way,
pone SAT is the I'm going to give you. I'll
give you the link.
Speaker 1 (26:24):
To it, all right, pone SAT. I guess that's it.
We'll see you next week on Security this week.
Speaker 3 (26:29):
Bye bye, bye bye, guys,
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
CrimeLess: Hillbilly Heist
It’s 1996 in rural North Carolina, and an oddball crew makes history when they pull off America’s third largest cash heist. But it’s all downhill from there. Join host Johnny Knoxville as he unspools a wild and woolly tale about a group of regular ‘ol folks who risked it all for a chance at a better life. CrimeLess: Hillbilly Heist answers the question: what would you do with 17.3 million dollars? The answer includes diamond rings, mansions, velvet Elvis paintings, plus a run for the border, murder-for-hire-plots, and FBI busts.