Podcasts about srsly

Tom Uren and James Wilson talk about the European Union's digital sovereignty push. A divorce from US tech giants is on the cards, but building sovereign infrastructure and chip capacity will be hard. From an American perspective this is an entirely predicable own-goal. You can have internationally competitive tech giants or you can have an aggressive and coercive foreign policy. You can't have both at the same time. They also discuss the reanimated corpse of NSO Group. It's in a hole, but it just keeps digging. This episode is also available on YouTube Show notes

Tom Uren and James Wilson talk about Tom's trip to NATO's Cyber Conflict conference. NATO countries want to bulk up their cyber efforts, and the pair discuss what that could look like. They also look at the US military's admission that commercial location data was used to target personnel involved in Epic Fury, the US war on Iran. This is not surprising at all, and is just the most visible manifestation of the national security risks of this kind of data sloshing around. If Iran is analysing this data in wartime, China is doing it in peacetime for intelligence and counter-espionage purposes. This episode is also available on YouTube Show notes

Tom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging systems for internal government use. These efforts are motivated by concerns about phishing and sovereignty, but the solutions being adopted are imperfect and will come with their own set of problems. Signal fills a space that can't be filled with sovereign capability. They also talk about Fast16 malware. We are only now learning about the second arm of a mid-2000s campaign to delay Iran's nuclear weapons program that included the infamous Stuxnet worm. This episode is also available on YouTube Show notes

Tom Uren and James Wilson talk about the argy bargy within the Trump administration about AI regulation. They cover who is fighting, what is at stake and what the real areas of concern are. They also cover low earth orbit satellite constellations. Russia's building one, the EU has plans and China is building two. They are the new must-have accessory for any country with global ambitions. This episode is also available on YouTube Show notes

Tom Uren and James Wilson talk about the sudden drive to put regulation around the releases of new AI models because of their cyber security implications. A standardised approach is desirable, but clamping down too hard won't achieve as much as might be hoped. Experts with older or even open models can get just as far as novices with the latest models. They also discuss Australia's new Cyber Incident Review Board. It has been hamstrung and won't be as successful as it could be because it can't assign blame. This episode is also available on YouTube Show notes

Tom Uren and Amberleigh Jack talk about the US government stepping in to fight ‘distillation attacks' by Chinese AI labs. These are methods used to steal the special sauce of frontier AI models simply by asking questions. They also discuss the wide-spread shift amongst Chinese threat actors to using botnets for all aspects of their operations. It's a problem for defenders, but also a disruption opportunity for authorities. This episode is also available on YouTube. Show notes

Tom Uren and James Wilson talk about the French criminal investigation into bias and illegal content on X. Elon Musk and former X CEO Linda Yaccarino didn't appear for voluntary interviews scheduled this week, but refusing meetings won't make X's problems go away. European countries are concerned about X's influence and regulators will be exploring all other options beyond criminal investigations. They also discuss the fight to renew authorisation of Section 702 collection. It's a valuable intelligence source, but in the past the FBI pointlessly overused it. This episode is also available on YouTube Show notes

Tom Uren and Amberleigh Jack talk about a new Citizen Lab report into Webloc, a tool to identify and track mobile devices. It demonstrates how the collection and sale of mobile phone geolocation data presents privacy and national security risks. They also discuss a deep-dive into how a single hacker was able to breach nine Mexican government agencies in just weeks using AI assistants. They enabled the attacker to move much faster. This episode is also available on YouTube Show notes Citizen Lab's Webloc report Gambit's Mexican hack analysis

Tom Uren and Amberleigh Jack talk about the State Department taking to X to counter foreign propaganda. US Secretary of State Marco Rubio dismantled the State Department's counter-propaganda office when he took charge, but it turns out that giving adversary states free reign online is a bad idea. They also discuss how America's lawful intercept systems are high value targets for Chinese hackers. It's a big deal that part of the FBI's lawful intercept system has been breached and it is high time that the security of these systems was reviewed. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about how incredibly good AI models have gotten at finding and exploiting vulnerabilities. That will upend the cyber security industry and it has implications for state cyber organisations such as NSA and Cyber Command. They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing access to Starlink, Russian forces are doubling down on using equipment from American company Ubiquiti. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about FBI Director Kash Patel admitting to Congress that the Bureau is buying American's location data and using it to generate valuable intelligence. That's concerning, because commercially available information can be used in tremendously invasive ways and the FBI can buy it without needing a warrant. They also discuss the FCC's surprising move to ban foreign-made consumer routers. It's not about security, it is just about reshoring manufacturing. And finally they discuss the Trump administration's plan for unleashing the private sector. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about how successfully achieving America's war goals could force Iran to double down on cyber power. It's resilient to bombing and is the cheapest, quickest way for the regime to get some wins post-war. They also discuss Meta stepping back from end-to-end encryption on Instagram's direct messages. There is a time and place for E2EE messages, so good riddance. Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about the newly released Trump Cyber Strategy for America. The ideas in it are fine and occasionally even game-changing, but many of its goals have been undercut by the administration's actions to date. They also discuss the Coruna exploit kit, which is now known to have leaked from a US defence contractor. Exploits are so valuable that it is unrealistic to expect they can be kept secret. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about how cyber operations were used in the first hours of the US-Israeli attack on Iran. They were instrumental in the attack on Iranian Supreme Leader Ali Khamenei, but they didn't last long. The Iranian regime implemented an internet blackout within four hours of the first bombs. They also discuss how threat actors are using AI. It's not game-changing so far, but it is very much altering the balance between attack and defence. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons. They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don't have the political will to strike back, having a magic cyber weapon doesn't really make a difference. They also talk about ‘distillation attacks'. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead. This episode is also available on Youtube. Show notes

We recount the Valentine's goings-on and discuss your comments. I want to try eyedrops that improve your vision and Daniel craps all over the idea. A listener has signature scent suggestions for Daniel and he's getting compliments on his physique. Plus Danimal's Animals and more. Plus we did a round of JMOE, HGFY and Podcast Pals Product Picks. Get yourself some new ARIYNBF merch here: https://alison-rosen-shop.fourthwall.com/ Subscribe to my Substack: http://alisonrosen.substack.com Podcast Palz Product Picks: https://www.amazon.com/shop/alisonrosen/list/2CS1QRYTRP6ER?ref_=cm_sw_r_cp_ud_aipsflist_aipsfalisonrosen_0K0AJFYP84PF1Z61QW2H Products I Use/Recommend/Love: http://amazon.com/shop/alisonrosen Check us out on Patreon: http://patreon.com/alisonrosen   This episode is brought to you by FACTOR. (Use code alisonrosen50off for 50 percent off and free breakfast for a year) Buy Alison's Fifth Anniversary Edition Book (with new material): Tropical Attire Encouraged (and Other Phrases That Scare Me) https://amzn.to/2JuOqcd You probably need to buy the HGFY ringtone! https://www.alisonrosen.com/store/ Try Amazon Prime Free 30 Day Trial

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella's messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products. They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations. Finally, they talk about what we've learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Google's cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please. They also discuss SpaceX's rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about the Pall Mall Process, an international effort to reign in abusive spyware. Tom thinks the US has already stumbled into a viable carrots and sticks style strategy that will shape the industry more than coming up with standards will. The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise. They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about the Chinese government's reactive approach to tackling scam compounds. It's driven by bad news on domestic media and therefore focusses on the compounds that are targeting Chinese citizens. Rather than eliminating the industry, that may instead be shaping the industry to focus on other countries and particularly Americans. They also discuss the role of disruptive cyber operations in the US's raid to capture Venezuelan President Nicolás Maduro. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about America's increasing dependence on Chinese manufacturers for electrical sector equipment. This doesn't seem like a good idea when China is hacking electric utilities for sabotage and PLA researchers are dreaming up ways to attack the grid. They also discuss the possibility that the US was responsible for a cyber attack on Venezuela's state oil company and how Russian state-backed hacktivism is so dumb. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations. They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship. And finally, we are not reassured by China's white paper about being a good cyber citizen. This episode is also available of Youtube. Show notes Assessing Irresponsibility in Cyber Operations AWS on state actors bridging cyber and kinetic warfare

Tom Uren and Amberleigh Jack talk about new research that shows the Chinese-made DeepSeek-R1 AI model produces insecure code when prompts include topics that the Chinese Communist Party dislikes. It's interesting research, but the CCP doesn't have a monopoly on imposing AI bias. They also discuss the complete doxxing of the Iranian cyber espionage group known as APT35 or Charming Kitten. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Anthropic's discovery of an “AI-orchestrated” cyber espionage campaign. To Tom, it feels a research project, but it's pretty clear it will be really useful for threat actors that aren't focussed on specific high-priority targets. Think ransomware, Chinese intellectual property theft and North Korean hackers. But it won't be so good for Western intelligence agencies. They also discuss Google's legal disruption of the China-based Lighthouse phishing as a service operation. Surprisingly, it seems to be working! Finally, they talk about why the memory safe Rust language has been a triple win for Android. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about a new Reuters' report that reveals how Meta is knowingly raking in cash from scam advertisements. It's around $16 billion worth, and in documents Meta calculates that it outweighs the costs of possible regulatory action. They also discuss recent state-backed supply chain attacks that have, so far, remained targeted and responsible. Finally they look at the UK's decision to stop sharing intelligence with the US about suspected drug boats in the Caribbean. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about aggressive US cyber operations targeting the Venezuelan government in President Trump's first term. These were narrowly successful in that they achieved their immediate operational goals, but they didn't achieve Trump's broader policy goal of ousting Venezuelan leader Nicolás Maduro. They also talk about why the adtech ecosystem is a national security problem all round the world and how cybercriminals are collaborating with organised crime to steal cargo from logistics companies. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Peter Williams, the general manager of vulnerability research firm Trenchant, who has pleaded guilty to selling exploits to the Russian 0day broker Operation Zero. It's a terrible look, but it doesn't mean the private sector can't be trusted to develop exploits. They also discuss a new report's recommendations to empower the Office of the National Cyber Director. It's a good idea, but it won't make up for the cuts in funding and personnel across the Trump administration's cyber portfolio. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense. They also talk about how the ransomware ecosystem is splintering, and one operator's relatively quick journey from being an affiliate to a platform operator. This episode is also available on Youtube. Show notes From Chaos to Capability: Building the US Market for Offensive Cyber Devman's RaaS Launch

Tom Uren and Amberleigh Jack talk about First Wap, a Jakarta-based company that is selling surveillance-as-a-service. The good news is that it appears that government and media attention has had an impact on high-profile spyware vendors like NSO Group. The bad news is that these smaller players are flying under the radar and aren't afraid of selling to sketchy customers. They also talk about how the Chinese government has harnessed the power of its exploit development community with hacking contests. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about the Clop ransomware gang. It is interesting because the group has arrived at a strategy that rinses a whole lot of enterprises at once and comes with a decent pay day, But it's actually the least damaging kind of ransomware. Tom wonders why can't more gangs be like Clop? They also discuss the US government having second thoughts about ignoring foreign influence operations. Its adversaries run them all the time, so perhaps just sticking its head in the sand isn't the best strategy. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about different ways foreign intelligence services are finding to recruit local proxies. These methods could be too risky for Western intelligence agencies, but for some state's services they just make sense. They also discuss a report into DOGE and how speed was prioritised over robust governance. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about how the funnel that turns kids into cyber criminals has evolved over the last decade. Cybercrime's reach has broadened, it is more lucrative and more violent. They also talk about new thinking about deterring America's cyber adversaries. This episode is also available on YouTube Show notes CSIS's Playbook for Winning the Cyber War Bloomberg reporting on Scattered Spider

Are you looking to achieve high performance and mastery, in service of your neighbours, community, and society? Itching to increase your competence, effectiveness, and impact, with just Three Easy Steps? The Srsly...

Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed. They also discuss the in-principle agreement for TikTok to remain in the US. It's a win-win: a win for China and a win for TikTok, but not so much a win for US national security. This episode is also available on YouTube. Show notes

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm. They also talk about Apple's Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It's a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace. They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That's a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government. And it turns out that Apple's dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about proposed legislation that would allow the President to license private sector hackers to go after cybercrime groups. The bill won't pass, but letting hackers loose on industrial-scale scam farms actually makes sense. They also talk about Microsoft's blind spot regarding China. It has trusted China-based engineers with sensitive work, and is now only just realising that China's security interests are not compatible with Microsoft's. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country's invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy. They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It's about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years. They also discuss Microsoft's involvement in an Israeli surveillance system and the head of Australia's security organisation's blunt warning about espionage. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn't deter Chinese hackers, so it is time to try something different. They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Huawei's contract to manage storage for Spain's lawful intercept system. News broke this week that Spain had signed a €12 million contract, but it turns out Huawei has been involved in the system since 2004! They also discuss arrests in the UK of four individuals associated with Scattered Spider. The criminal resumés of two of the suspects support the idea that there are key individuals with outsize impact. But they also reinforce that the online communities they are involved in act as training grounds for cyber criminals. Arrests will slow hacks, not stop them. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about our developing understanding of the group that people call Scattered Spider. Independent security firms agree that there are a small number of key people that are driving the group's outrageous success. That gives us hope that targeted action might stem the bleeding. They also talk about data leaks from China's cyber espionage ecosystem that are for sale on a data leak site. These look to contain actionable information from a counterintelligence point of view. And Tom wonders if a market for espionage-as-a-service will develop? This episode is also available on Youtube. Show notes

Mark and Bill are joined by two north-of-the-border podcasters, Shawn Vulliez and Aaron Moritz, who incorporate both improv and philosophy in their dirty leftist podcast. We simulate conversation as competing knowers-of-the-good-life and talk about using improv for political purposes. Note that this was recorded back in December when we were in the thick of Luigi Mangione fever and not yet consumed with daily Presidential antics. You can choose to watch this on unedited video, if you choose. Hear more at philosophyimprov.com. Support the podcast and listen ad-free at philosophyimprov.com/support. Check out other Evergreen Podcast offerings.

Gather your family around the tape player for the yearly tradition of listening to the SRSLY WRONG christmas special,. In this classic sketch episode, we follow Jelcinda, the personal lawyer of an embattled and controversial Santa Claus, as she discovers the true meaning of christmas.