Podcasts about uefi

We chat with Material Security about protecting G Suite and MS365. How else are you monitoring the most commonly used cloud environments and applications? In the security news: Google Sues Badbox operators Authenticated or Unauthenticated, big difference and my struggle to get LLMs to create exploits for me Ring cameras that were not hacked Malicous AURs Killing solar farms Weak passwords are all it takes Microsoft's UEFI keys are expiring Kali Linux and Raspberry PI Wifi updates Use lots of electricity, get a visit from law enforcement Sharepoint, vulnerabilities, nuclear weapons, and why you should use the cloud The time to next exploit is short Sonicwall devices are getting exploited How not to vibe code SMS blasters This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to see purpose-built Google Workspace and Office 365 security in action! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-884

We chat with Material Security about protecting G Suite and MS365. How else are you monitoring the most commonly used cloud environments and applications? In the security news: Google Sues Badbox operators Authenticated or Unauthenticated, big difference and my struggle to get LLMs to create exploits for me Ring cameras that were not hacked Malicous AURs Killing solar farms Weak passwords are all it takes Microsoft's UEFI keys are expiring Kali Linux and Raspberry PI Wifi updates Use lots of electricity, get a visit from law enforcement Sharepoint, vulnerabilities, nuclear weapons, and why you should use the cloud The time to next exploit is short Sonicwall devices are getting exploited How not to vibe code SMS blasters This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to see purpose-built Google Workspace and Office 365 security in action! Show Notes: https://securityweekly.com/psw-884

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-883

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-883

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Show Notes: https://securityweekly.com/psw-883

A BIOS password provides a surprising amount of security on a computer -- so much that if the password is lost, chances for recovery are slim.

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Show Notes: https://securityweekly.com/psw-878

Referências do EpisódioTuring Day 2025 – 5º edição - 17/06SMM Callout Vulnerabilities in UEFIPower Automate Elevation of Privilege Vulnerability (CVE-2025-47966)BladedFeline: Whispering in the darkDuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and SurveillanceHacker selling critical Roundcube webmail exploit as tech info disclosedRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

In this podcast, Jon Westfall and I discussed: A significant portion of our conversation centered on the continuing proliferation of AI in consumer products. We noted an increasing sense of "AI fatigue"—the saturation of artificial intelligence in nearly every product and announcement. Although I am personally intrigued by developments in AI-generated video and imaging, especially from Google and Meta, I also find the AI trend overwhelming at times. I am even considering subscribing to Google One's AI Premium offering to further explore these capabilities, particularly for personal creative projects. We also speculated on potential announcements from Apple's upcoming WWDC, especially regarding artificial intelligence and whether Apple will finally deliver tangible AI features, following a less-than-smooth rollout of “Apple Intelligence.” I expressed hope for hardware updates, such as a refreshed Apple Watch Ultra or a more affordable version of the Vision Pro headset—rumored to be called the Vision Air. I noted that I recently began revisiting older episodes of this podcast, some dating back to 2008. I've started re-editing and publishing select episodes as audiograms. One of these featured an interview with the developers of Google Earth for iPhone, recorded in early 2009—just six months after the App Store's debut. It was particularly meaningful to hear the voice of my late friend Mike Morton, one of the app's original developers. We also touched on some of my ongoing technology experiments. I've been attempting to repurpose a 2019 AMD laptop that no longer supports Windows 11. My initial plan to install ChromeOS Flex was thwarted by hardware incompatibility, so I've shifted my attention to Linux Mint. Although I encountered issues related to UEFI preventing boot from a USB drive, I plan to revisit this project soon Jon offered a compelling perspective on the evolving role of AI in higher education. He discussed how he and other faculty are adapting to student use of AI tools such as ChatGPT, emphasizing the importance of transparency, responsible use, and pedagogical innovation. Jon's work in this area demonstrates a balanced, practical approach that integrates emerging technology while preserving academic integrity. We concluded the episode with a broader reflection on the societal implications of AI, particularly the concern that up to 50% of entry-level jobs may be impacted in the coming years. As someone no longer in the workforce, I observe these shifts with a mix of concern and curiosity, especially regarding how younger generations will navigate such disruptions. We acknowledged the historical cycles of technological change—from calculators and word processors to broadband and mobile computing—and how each brought both fear and opportunity.

Another episode recorded during the MVP summit in Redmond. In this episode, Alexander Solaat Rødland talks with Rob Quicken and Frank Buckles from Microsoft, diving deep into the world of security from chip to cloud. They discuss the importance of integrating security at every level, from the silicon in devices to the firmware and operating systems. Frank highlights the unique capabilities of Surface devices, including their custom UEFI firmware and the ability to update microcode through Windows Update. Rob emphasizes the seamless experience for end-users and the importance of keeping devices up-to-date. They also touch on the evolution of security mechanisms like Windows Hello and the significance of the Microsoft Pluton chip. Hosted on Acast. See acast.com/privacy for more information.

Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Dass Windows 10 ab Herbst 2025 keine Sicherheitsupdates mehr bekommt, sollte sich herumgesprochen haben. Doch auch einige Windows-11-PCs hängt Microsoft schon jetzt von Updates ab – sogar welche, die mit Windows 11 verkauft wurden. Wir klären im Podcast, wie man herausfindet, ob man in die Updatefalle hineingeraten ist und wie man wieder herauskommt. Die Hauptursache, erklärt c't-Redakteur Jan Schüßler, sind Microsofts Hardware-Anforderungen an Windows 11, die zum größten Teil eher willkürlich als technisch notwendig oder sinnvoll erscheinen. Was sich vor allem daran zeigt, dass Windows sie bei einer Neuinstallation laxer kontrolliert als später bei Updates. So bekommt man nämlich Windows 11 auf angeblich ungeeigneter Hardware völlig einwandfrei zum Laufen, bis zum ersten Funktionsupdate: Dann kontrolliert Windows plötzlich genauer und verweigert auf den ungeeigneten Systemen das Einspielen von Updates. Der zweite Teil des Problems ist, dass Microsoft jede Unterversion von Windows 11 nur drei Jahre lang mit Updates versorgt, für Privatanwender sogar nur zwei Jahre. Wenn das System also auf der Unterversion 23H2 festhängt, bekommt es nur noch bis zum Sommer Updates, die PCs mit 22H2 und 21H2 sind sogar schon aus den Updates rausgeflogen. Wir erklären im Podcast, wie ihr das Update auf 24H2 höchstwahrscheinlich einspielen könnt, warum auch mit Windows 11 gekaufte Rechner betroffen sind – und wie sich das Upgradeproblem von Windows 10 auf 11 fast nebenbei auch löst. ► Die c't-Artikel zum Thema (Paywall): https://www.heise.de/select/ct/2025/5/2500716443278609757 https://www.heise.de/select/ct/2025/5/2502011510659511876 ► Download des Registry-Hacks und des MCT: https://ct.de/y7vh ► Die c't-Uplink-Umstiegs-Folgen: macOS, ChromeOS: https://youtu.be/pe5VhKpQXa0 Umstieg auf Linux: https://youtu.be/WRqXK7CkI9A So installiert ihr Linux Mint: https://youtu.be/fIqbo1fGV-E Support-Ende von Windows 10: https://youtu.be/EHg9XF16IGA

Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-862

Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul! Show Notes: https://securityweekly.com/psw-862

Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-862

Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul! Show Notes: https://securityweekly.com/psw-862

I'm joined by guests Craig Raw and Rob Hamilton to go through the list.Housekeeping (00:01:11) Ross Ulbricht receives a pardon from President Trump (00:03:44) New Marketing Manager opening at Coinkite (00:03:48) Exchanges added to BitcoinSecurity.guide (00:04:15) Olas - new nostr app (00:04:48) Call for guestsUrgent Vulnerability Disclosures (00:05:58) Ledger co-founder David Balland released after kidnapping (00:12:28) AxeOS CSRF VulnerabilityBitcoin • Software Releases & Project Updates (00:12:58) AnchorWatch (00:47:28) Bitcoin Core (00:48:10) Wasabi Wallet (00:48:15) BDK (00:48:27) Nunchuk Android (00:48:37) Specter Desktop (00:49:02) Bitcoin Keeper (00:49:18) Blue Wallet (00:50:32) BTC Pay Server (00:55:39) Liana (00:55:58) Blockstream Green QT (00:57:58) BoltzExchange (00:58:00) Live Wallet (00:58:11) Kyoto (00:58:19) ESP-Miner (00:58:21) Bitcoin Safe (00:58:40) BTC Map• Project Spotlight (00:58:44) Bitaxe Touch (00:58:51) Coinswap (00:59:20) Scure (00:59:28) Bitcoin Is Data (00:59:43) Qoinstr (00:59:53) TollGateVulnerability Disclosures (01:01:27) 0-click deanonymization attack targets Cloudflare-backed apps (01:02:00) UEFI secure boot vulnerability allows malicious bootkit deployment (01:02:23) Google Ad directs users to malicious homebrew clone (01:03:01) Critical rsync vulnerability on Linux and Unix systems (01:03:31) January 2025 Patch Tuesday (01:03:48) Unsecured tunneling protocols expose 4.2 million hosts (01:03:58) Apple's CUPS printing system vulnerable to spoofing attacks (01:04:11) Thomas Roth demonstrates code execution on Apple's ACE3 USB-C controller (01:05:32) Five dollar wrench attacksPrivacy & Other Related Bitcoin Projects • Software Releases & Project Updates (01:07:17) Tails (01:09:52) Module_17Boosts (01:12:29) Shoutout to top boosters Anonymous, manbyt, agichoote & btconboardLinks & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: producer@coinkite.comNostr & LN: ⚡nvk@nvk.org (not an email!)Full show notes: https://bitcoin.review/podcast/episode-91

In this episode, we cover how to use honeypot data to keep your offensive infrastructure alive longer, three critical vulnerabilities in SimpleHelp that must be patched now, and an interesting vulnerability affecting many systems allowing UEFI Secure Boot bypass. Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] A recent guest diary on the SANS Internet Storm Center discusses how offensive security professionals can utilize honeypot data to enhance their operations. The diary highlights the detection of scans from multiple IP addresses, emphasizing the importance of monitoring non-standard user-agent strings in web requests. https://isc.sans.edu/diary/Leveraging%20Honeypot%20Data%20for%20Offensive%20Security%20Operations%20%5BGuest%20Diary%5D/31596 Security Vulnerabilities in SimpleHelp 5.5.7 and Earlier SimpleHelp has released version 5.5.8 to address critical security vulnerabilities present in versions 5.5.7 and earlier. Users are strongly advised to upgrade to the latest version to prevent potential exploits. Detailed information and upgrade instructions are available on SimpleHelp's official website. https://simple-help.com/kb---security-vulnerabilities-01-2025#send-us-your-questions Under the Cloak of UEFI Secure Boot: Introducing CVE-2024-7344 ESET researchers have identified a new vulnerability, CVE-2024-7344, that allows attackers to bypass UEFI Secure Boot on most UEFI-based systems. This flaw enables the execution of untrusted code during system boot, potentially leading to the deployment of malicious UEFI bootkits. Affected users should apply available patches to mitigate this risk. https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/

In this episode: Justin goes to a birthday party, drives a Tesla, and configures your BIOS. The compliments department is, as always, available at podcast@searls.co. Have some URLs: This is the combination air fryer / grill I bought Microsoft dropped support for non-SecureBoot PC updates last month Aaron's puns, ranked Nobody Cares Things we learned about LLMs in 2024 Judge ends man's 11-year quest to dig up landfill and recover $765M in bitcoin The Consensus on Havana Syndrome Is Cracking (News+) Meta kills diversity programs, claiming DEI has become “too charged” Google kills JavaScript-free searches Sonos still seems kinda fucked 5090s seem kind of like a scam The official Elder Scrolls: Oblivion remake leaked Switch 2 was unveiled Guy with 200bpm heart rate complains his watch isn't working (before admitting his heart isn't working) The Diplomat Conclave Severance Season 2 is out Marvel Rivals is a hit (with the Thirstlords) Indiana Jones and the Great Circle P.T. A Short Hike Transcript: [00:00:29] Well, good morning, everyone. If it's evening, where you are, well, it's not here. So that's just what you get. You get a good morning. You can save it for later, put it in your pocket, and then the next time the sun comes up, you can just remember, ah, yes, someone did wish me a good morning today. [00:00:48] You are currently, your ears are residing inside of Breaking Change, which is an audio production. Not to be confused with Breaking Bad, certainly not Breaking Good, just broken. [00:01:03] You know, now that officially, officially or unofficially, TikTok is down. It's unreachable in the U.S. Aaron has reported, our Seattle correspondent, for the broadcast, that even over his VPN, he can't get to TikTok. [00:01:24] His arms are itchy. He's scratching. He, ah, I hope, wherever you are, I hope that you and your loved ones and your teenagers are okay. [00:01:33] But yeah, anyway, now the TikTok is down. Maybe some of you are here, because you've got nothing else to do, and you need something to fill that void. So thank you for joining. [00:01:45] Something that I've been meaning to do at the beginning of this, of the show, for the last, well, seven versions, has been to kindly ask that you go into your podcast player of choice, and you rate and review the show. [00:02:02] I would prefer five stars on a five-star scale, but if it was a ten-star scale, you know, ten stars would be better. [00:02:10] Thumbs up, or whatever. Write a little review explaining why the fuck somebody would want to listen to an explicit language, you know, tech-adjacent programmer-ish gaming movie, whatever the fuck this is. [00:02:23] Dialogue, uh, because, uh, I have found that breaking change is a really hard pitch, you know, when, when, when, when explaining to people, it's like, oh, this is me talking, just like drive-time AM radio used to be, except instead of talking about a bunch of politically charged propaganda, uh, we're just hanging out, uh, and instead of having a commute, you know, you're walking a dog, or you're doing the dishes. [00:02:50] Although, I guess, you know, maybe you listen on a commute. [00:02:53] I, I, I've heard, I've heard from, from listeners on road trips, listening to entire episodes all in one stretch, and that's something else. [00:03:03] Uh, I have not heard from a lot of commuters, so if you listen to this while you're commuting, shout out at podcast at searles.co, uh, you know, if you're driving, don't, don't try to rate and review, you know, in a distracted fashion. [00:03:16] But, but next time you think of it, you know, you, you, you slam that five-star button. [00:03:20] You know what, it's, it's, I got a lot of subversive elements, you know, in my cadre of people, because I am a total piece of shit, and I attract, I attract the good and the bad, everyone in between. [00:03:32] But some of us, you know, we, we, we appreciate a good troll. [00:03:35] There is no better way to stick it to the man and, and confuse the hell out of people than for all of you to go and give this five stars in, in, in iTunes and, in your podcast player. [00:03:46] And then have a whole bunch of people, you know, have it surface in the algorithm for others. [00:03:51] And then they listen to this, and then they're like, what, what, what the fuck is going on to my ears right now? [00:03:55] Uh, I am very confused. [00:03:57] And if that's you, hell, you know what? [00:03:59] Oh, shoot. [00:03:59] But I'm, I'm speaking from the past. [00:04:01] Maybe this is the, the future where this is a lot of five-star reviews and some, some, some rando outside of Argentina is, is, is getting this put into their feed for them. [00:04:11] And now they're like, four minutes have passed. [00:04:14] What am I doing with my life? [00:04:15] Well, hello. [00:04:16] You are also welcome. [00:04:17] Good morning to you as well. [00:04:18] Uh, by the time you're listening to this, you know, I'm recording Sunday morning. [00:04:24] First thing, uh, I know from experience that it can be hard to pretend to work during a Trump inauguration. [00:04:33] So, uh, I figured that instead of pretending to work, you could be here with me instead if you're listening on Monday. [00:04:41] And if you're, if you're fortunate enough to have Monday off, um, you know, I guess one difference between the, uh, uh, the previous Trump inauguration. [00:04:51] And this one is that the, you know, inclusivity backlash against the Trump admin, you know, that has now recently receded. [00:05:02] If you're to believe the Bezos and billionaire class, uh, uh, has resulted in way, way more people who don't work at post offices getting MLK junior day off. [00:05:13] So I suppose many of us are not working on Monday, but regardless, this is a version 29 of the program titled super switch. [00:05:24] Which, you know, depending on the audience, I think a lot of, you know, probably what I mean by that. [00:05:29] We'll, we'll talk about it later. [00:05:30] Uh, in life news, it feels like it's been a way more than two weeks since I talked to y'all. [00:05:37] Uh, uh, uh, when you live in a theme park, there's just a lot going on. [00:05:42] People coming and going stuff to do, uh, uh, stimulation overload. [00:05:49] That's why I sound so just, you know, demure downbeat chill here is because I am exhausted permanently all the time. [00:06:02] Cause every time I leave the house, I am, I am just overstimulated. [00:06:05] Uh, last night we went to a birthday party of a friend, uh, in the, uh, Orlando proper part of Orlando, [00:06:12] whereas we live in theme park, Orlando. [00:06:14] So we had to, uh, drive over the, uh, the treacherous terrain known as I four, the deadliest stretch of highway in the United States in terms of, uh, only in terms of the number of people who die on it. [00:06:26] And the party was, uh, it was funny cause our, our friends, uh, they're building a house on this beautiful lake, huge property. [00:06:34] It's, it's absolutely gorgeous. [00:06:36] It's going to, the house is a custom build. [00:06:39] And a couple of years ago, uh, the one who's, whose birthday ended up being said, you know, we're going to have my 45th birthday party here at the house. [00:06:47] After it opens the water slide, you're going to DJs. [00:06:50] We're going to have, it's going to be a big blowout fest. [00:06:52] It's going to be awesome. [00:06:53] And then his husband was like, you know, it's, it's not going to be ready yet. [00:06:57] Don't get your hopes up. [00:06:58] And, uh, uh, sure enough, uh, both things came to pass. [00:07:04] The house is nowhere near ready. [00:07:05] It is an active construction site. [00:07:07] And they trolled us hard. [00:07:08] They said, Hey, come to this hotel. [00:07:09] We're going to have, you know, uh, uh, free valet or whatever. [00:07:12] And then like, like we go into like a normal kind of like typical ballroom thing and you get a cocktail. [00:07:19] And then these construction workers show up and they, they, they, they heard us into buses. [00:07:24] Uh, and so people are in their cocktail attire, you know, Becky wore, uh, I don't know if you'd call them heels, [00:07:32] but elevated shoes for, for first time in a while, more of a flats person, which I respect. [00:07:39] Cause I'm also a flats person and, uh, we all get into the bus and everyone's dressed up. [00:07:44] And then, uh, they, they, they drive us to, uh, the active construction site. [00:07:47] That is our friend's house. [00:07:49] And, uh, they had, uh, the events planners and everyone like, like actually just decorate the shit out of, you know, what, what is a lot of concrete block first floor of most homes around here is concrete. [00:08:01] And so the bones of the house are up and they just decorated it with kind of construction paraphernalia, orange cones. [00:08:07] All of the staff had, uh, you know, orange vests on, uh, we were all given hard hats. [00:08:11] Uh, the theming was truly on point. [00:08:15] Weather was perfect. [00:08:16] Uh, and, uh, you know, it was a big raucous affair, raucous raucous, you know what I mean? [00:08:23] So that was great. [00:08:24] Uh, we didn't even stay out that late, but I feel like I got hit by a truck, uh, this morning. [00:08:29] Uh, I, I kept it to a two drink maximum, which is my new go-to rule of thumb. [00:08:34] Uh, uh, cause I always end up barely regretting the third from a, from a, an ability to sleep perspective. [00:08:43] Afterwards, uh, other life stuff, you know, like the logistics following the death of my father. [00:08:48] First of all, thank you very much for many of you wrote in to express sympathies, uh, probably don't, don't need to put them all in the mailbag. [00:08:55] Cause that after a certain point, it started reads like, you know, reading birthday cards on air, uh, in terms of they all, you know, not to diminish anyone's, uh, extension of grief, uh, or, or, or sharing their own stories. [00:09:08] But there's a certain, you know, beginning, middle and end format to, to, to, to, to, no one knows what the fuck to say. [00:09:15] I don't know what to thank you. [00:09:18] Um, but yeah, like I know just sort of like finances and, and forensics front of trying to figure out how to tease out all the complexities of his life that he never really told anyone about and didn't certainly didn't document, uh, that the work continues still trying to help my mom consolidate her situation. [00:09:36] It's been, you know, just a lot of very procedural. [00:09:42] All right, find all the stuff, organize the stuff, come up with a to-do list, figure out how to like approach this, make all the phone calls that you need to make to all these institutions to, to, to, to, to iron it out and to, to continue fact finding or to, to, to give, you know, furnish whatever documentation they need. [00:09:57] And, and, and because it's been so, uh, I guess transactional wrote, like not to say it's colored my perception of dad or anything, you know, one way or another. [00:10:11] Uh, but it's definitely, when I look back on this era of my life, of course, his passing is going to stand out in sharp relief, but like, that was like a week of stuff. [00:10:21] And then the rest of it is going to be like three months of stuff. [00:10:25] Uh, and so I wonder how that's going to affect how I, how I, how I look back on it. [00:10:28] But one of the things I noticed is a lot of different service providers, uh, like banks, for example, that have, uh, uh, you know, bills coming up, you know, you got a credit card bill and let's say it's due. [00:10:45] Uh, I, I don't know why I'm blanking, but January 25th and then January 18th comes around and it says, Hey, you have a statement due January 25th. [00:10:54] Or you got an upcoming bill or you, your bill is ready to be paid. [00:10:58] And when I get an email like that, so I just got one from dad or, you know, for dad's account from us bank. [00:11:05] And I was like, shit. [00:11:07] Cause I know he didn't have auto pay set up in a lot of places. [00:11:09] Uh, and like, do I have that login? [00:11:12] Like, you know, do I have to coordinate with mom to get the SMS thing? [00:11:15] Like I get into it. [00:11:16] And then sure enough, like, cause I thought I'd set up auto pay. [00:11:19] I even had a to-do list that said, set up auto pay for this. [00:11:21] And, uh, auto pay was set up. [00:11:23] It was just emailing me unnecessarily anyway. [00:11:25] You know, if you're going to have a recurring payment or an auto payment set up, it, you know, it's, it's okay to notify the customer that there's another bill coming, but it would be really sweet. [00:11:36] If like auto pay is enabled, just so you know, you're going to, you're set to auto pay this on X and X date, uh, because if you got, you know, as many cards as some people have, uh, it can get kind of exhausting to, to just worry about, uh, well, I hope that's, that's all set up. [00:11:53] So it's, uh, things like that are just like random nonsense stressors and the amount of context switching, because you're constantly getting emails and calls from different, from all corners. [00:12:03] I normally screen my calls really aggressively, but you know, this month I've got a pretty much [00:12:08] answer it no matter who's calling, which is not my favorite. [00:12:10] And I've, I've found myself falling into something that I never thought I would do. [00:12:17] Uh, maybe it's cause I turned 40 this week, but I'm, uh, I've always associated this with like [00:12:24] an old, a generational thing. [00:12:26] When somebody asks me a yes, no question, I've started saying yes or no. [00:12:31] Like the literal word, yes. [00:12:33] And that might sound mundane to you, but in my family growing up, the word, yes, always felt [00:12:41] violent because everyone always had more to say, or they had a compulsion to soften it, you know, [00:12:49] like, yeah, sounds a lot, um, neutral, accepting, open, soft. [00:12:58] Then yes, there's a certain like hardness to yes. [00:13:01] You ask a yes, no question. [00:13:02] The person says, yes, it feels like there's a period at the end of that. [00:13:05] And when you say, yeah, or okay, or all right, or, you know, you give some sort of like, you know, [00:13:11] like an invitation to either continue with a follow-up question or, you know, be, be open to maybe a retort or something. [00:13:20] And so I had a colleague once who is, you know, the previous generation who is my superior. [00:13:25] And, uh, his name was Daryl. [00:13:28] Daryl's a lovely person. [00:13:29] But every time I asked Daryl a question and I was asking him a lot of questions because I didn't know shit about fuck. [00:13:34] And he knew a lot of things about everything he would, he would answer every yes, no question with just the word yes or the word no. [00:13:43] And it felt so stifling and cruel and like, you know, like, why is he shutting me down like this? [00:13:51] Even though he's literally answering in the affirmative, there's something about the word yes. [00:13:55] When unadorned with any sort of softeners or explanation or exposition or, or, or, or, or justification or, or invitation to, to, to follow up that feel there's the finality of it feels just rude, even though it is very literally fine. [00:14:12] So I caught myself doing that and I guess I've become a yes man. [00:14:16] Other life stuff. [00:14:22] Our ninja, we have a, uh, we seem to have like every ninja kitchen appliance, um, just in some sort of rotation around, uh, you know, our, our kitchen and it feels to me like every modern home that every year, the, there's like a, a counter surface inflation where the counters keep getting bigger. [00:14:44] The kitchen islands keep getting bigger. [00:14:46] And then the, almost a, um, sort of like how a, a gas will expand to fill its container. [00:14:54] Like ninja appliances will continue getting invented to fill all available counter space in every home. [00:14:59] Uh, and the reason that ninjas been so successful is that unlike Hamilton beach and Cuisinart and stuff like their, their products are actually pretty good and do what they say on the tin. [00:15:09] But we had a, uh, one of the air fryer units that can also, you know, pretend to be a grill, even though like all that's really happening is a hairdryer is blowing downward onto your food and any sort of heating element underneath is indirect. [00:15:20] Uh, we had one of those and, you know, it just kind of got grody and gross from lots of oil and, and repeat washings and, you know, food stuck to the basket. [00:15:31] And it was, it was, it was no longer, you know, how sometimes you use one of these appliances, you don't clean it as intentionally or as frequently as maybe the instruction manual tells you to. [00:15:42] And eventually your food starts tasting like, you know, the bottom of the, uh, the, the, the, the, the deep fryer at, at McDonald's, like, just like that oil tarry kind of like, you know, afterglow. [00:15:55] Which makes, it takes, it really takes the shine off of, uh, whatever the omega threes that you're trying to get out of your fishes. [00:16:00] Uh, so, so we, we bought a new one and what I really wanted out of a new one was one with like multiple heating elements. [00:16:08] Like where, where there was an actual grill that could sear stuff and cook from the bottom up, but also a convection oven that could crisp it up and, and, and, and sort of dehumidify. [00:16:18] And amazingly, Ninja does sell this product. [00:16:22] Uh, it was called, uh, see if I can link to it. [00:16:25] The Ninja convection plus grill. [00:16:27] Oh no, that wasn't it. [00:16:28] It's, it's got a name. [00:16:29] Uh, something, something, grid IG 651. [00:16:35] Okay. [00:16:35] There you go. [00:16:35] I'll put a link in the show notes. [00:16:37] Uh, so the IG 651, whatever, it's got like a barbecue griddle on it. [00:16:41] It seems, it seems nice. [00:16:43] Uh, and it does exactly that. [00:16:46] It's got like a big wide surface element. [00:16:48] You can, you, you plug it in. [00:16:49] It's a very complicated, unnecessarily. [00:16:51] So a complicated thing where it's, it looks like you kind of take a George Foreman style griddle. [00:16:55] It's angled forward, meaning like it's got, you know, uh, I said griddle at just like the slabby kind of, of, of metal slats, slats, you know, where you, you put the burger on it. [00:17:07] And then it's like, you know, remember the George Foreman marketing? [00:17:10] I'm sure you do like, you know, like it's like at the, like, like the, the squeezing iconography to, to indicate like the fat is coming out and then that will make this healthier, even though the fat is often the best part. [00:17:20] Uh, so it's, it's got that it plugs into some like electrical, you know, electrode input thing with two little donguses. [00:17:28] I don't know why I'm even trying to explain this. [00:17:30] It's fine. [00:17:30] And you plug that in, you can wash it separately, but you can put a griddle on top that kind of maps to it. [00:17:36] So it'll pick up that heat. [00:17:37] And that is a flat surface, which can be nice. [00:17:40] If you're, if you're maybe, you know, toasting a sandwich or something. [00:17:46] And yeah, the thing about it, the thing about that search was that trying to answer the question of what heating elements are in this smart cooking appliance proved to be extremely difficult. [00:18:00] You go to the Amazon listing, you go to the product page. [00:18:03] I read up on every single Ninja product that does this. [00:18:06] I started looking at other products that do this. [00:18:09] I started looking at things that ran themselves as smart ovens that, you know, advertise having, uh, multiple heating elements, you know, like the June oven did this. [00:18:16] I think that's out of business now. [00:18:18] Tovala did this. [00:18:18] I think that's going out of business now where they would have, you know, like, um, maybe a microwave element plus a steam cooking element, or maybe they'd have a convection fan inside and also, um, an induction plate underneath. [00:18:31] And none of them have really taken off in the U S unfortunately, uh, such that. [00:18:39] It is a product category that the consumers are educated about, like what they're getting into in Japan. [00:18:45] There's a product called health. [00:18:46] You know, like literally like health EO, but THs are hard and it's got like the basic models have four or five different ways to heat your food. [00:18:56] And then like, it's really smart in that you, you punch in a code, like a recipe code, and it'll just do everything cradle to grave for you with the advanced sensors that it has. [00:19:04] And kind of move between whatever combination at whatever point in the cooking process, all of those heating elements need to be arranged. [00:19:11] And so things come out almost better than a human could do them because they never have to be removed from this hermetically sealed environment, you know, for people's hands to come in and, and, and adjust how the thing is being heated. [00:19:26] Because in Japan, that product has been so successful that the two or three different tiers of that product, not only are they all good, but like, no one needs to be explained what's there. [00:19:36] Like the, the, the, the, it could just be like the higher level of literacy and, and, and education generally in Japan. [00:19:42] But in general, like, it's just, it's really straightforward. [00:19:46] And here, it seems to be that like people just want a device that they can throw food in. [00:19:52] And then as long as they're picking off a menu and it has words like grill, they will feel good about it. [00:19:58] And no one's going to ask, where's the heat coming from? [00:20:01] How is this getting cooked? [00:20:02] Which now that I say it, of course, like Americans don't give a fuck how the thing gets accomplished or without it gets accomplished well, typically, uh, just that, uh, you know, they know what box to put the food in and then the button to hit, which is, you know, a little bit condescending, but, you know, y'all have earned it in my opinion. [00:20:20] Uh, so yeah, we got it. [00:20:22] It works. [00:20:22] Uh, uh, as far as I know, I turned it on the preheating started. [00:20:26] We have not yet, you know, broken the seal and actually cooked with it yet, but I'm glad, I'm glad to have that because I think, I think, I think. [00:20:32] Shit will turn out better, especially salmon, which is increasingly the number one thing that we were using our air fryer for, which was an inefficient, uh, use case. [00:20:40] Speaking of the parks being really busy, uh, and, and life here being overstimulating on Friday, I found myself really testing the fences on this new being 40 year old thing. [00:20:55] I, uh, got up at 5am with Becky. [00:20:59] We had a special event at Disney's Hollywood studios that started at six. [00:21:03] We got there. [00:21:04] There were other people there. [00:21:05] We went to bed early, you know, to, to, to, to be able to, to do this and not be super groggy and miserable, had a great time. [00:21:13] And then we had some friends coming into the park just about an hour after that, that, that event wrapped. [00:21:18] And so we went and visited with them for a little bit. [00:21:20] Then we came home and tried to recover some sort of a productive day by then it was noon. [00:21:25] Uh, and then that evening, cause the same friends that they had their big day, I wanted to debrief with, uh, uh, my buddy before he, uh, John, his name is John. [00:21:35] He is a listener of the program. [00:21:38] So hi, John. [00:21:38] Hello. [00:21:40] Uh, when to do debrief with him. [00:21:43] So we went over to a bar called trader Sam's, which is a grog grotto. [00:21:47] It's in the Polynesian resort hotel. [00:21:49] And it's one of my favorite bars because it's got like a lot of like little imagineering knickknacks and stage elements that, that have since become very common at Tiki bars. [00:21:58] But we got in there, we spent a couple hours and then pretty soon I realized, Oh fuck, it's midnight. [00:22:03] And I've literally been Disney it up to some extent, uh, since 6am. [00:22:10] And so, you know, I actually, I got a second wind in there, but I ultimately didn't get, get to bed until like two. [00:22:16] Uh, so that was a, it was a big day. [00:22:19] I feel like I did all right. [00:22:20] Uh, from an energy level perspective, I think I, I was the person that I needed to be in all of the interactions I had that day. [00:22:28] And that's probably the most I can say. [00:22:29] Uh, I'm simultaneously finding that my body is falling apart. [00:22:33] My, my, uh, left hip is pretty grumpy. [00:22:38] Uh, it's just some sort of like a constant dull discomfort, uh, feels like a dislocated shoulder, but no matter how much PT I do, [00:22:46] I, I, I seem to never fully, fully beat it. [00:22:49] Um, I need a smart, the smart oven equivalent for, for, uh, you know, muscle therapies that people do. [00:23:00] It's like, Oh, you can get some of the, it'll, it'll apply the icy hot and also, you know, drill you with a Theragun and also massage you and also use the, you know, resistant bands exercises to strengthen it. [00:23:09] Uh, just all simultaneously. [00:23:10] Cause it's like this round robin of, of attempts I've had to, to restore this fucking hip. [00:23:17] Uh, it has been great. [00:23:19] So that's been a constant thing. [00:23:21] New things are like my right knee now hurts like hell. [00:23:23] My left, my left heel, just the skin started cracking from how dry it's been here. [00:23:28] And of course it's still way more humid here than the rest of the nation, but apparently my skin is so used to the humidity, uh, that I just woke up one morning and it hurt to walk because all my skin was exposed because all my skin and my foot had cracked. [00:23:40] You know, like what the hell's going on? [00:23:42] So, uh, if you're, uh, approaching 40 and you're worried about it, good. [00:23:48] I don't know that I recommend it so far, uh, but I'm still here, still kicking. [00:23:53] Uh, uh, well, I, so far I almost didn't make it to be honest. [00:23:59] Uh, you know, well, I, if I'm going to talk about this next topic, uh, it's something that's come up in the show before. [00:24:09] And so I think that technically makes it follow up. [00:24:11] So let me hit this button right here. [00:24:13] Yeah. [00:24:20] So speaking of dying right before you turn 40, I, I'd mentioned that I four interstate four that runs east, west in, uh, through bisecting Orlando. [00:24:37] It's, uh, known to be, and I fact checked this against GPT cause I knew I'd probably end up talking about it. [00:24:45] Deadliest stretch of highway in the U S and you know, I'm a, I'm an experienced driver insofar as I've been driving for 24 years. [00:24:54] I don't like love it. [00:24:56] I'm not a car guy. [00:24:57] Uh, I, I feel like I drive fine, relatively safely, probably more on the conservative side. [00:25:05] Overall. [00:25:06] I do speed from time to time, but you know, as long as if you're in America and you're speeding, as long as you use the phrase flow of traffic, uh, you can do whatever you want. [00:25:17] And the problem is that when you live in theme park Orlando and you need literally anything that is not entertainment and hospitality related, uh, like for example, you know, I, I, and this is what puts this into the followup bucket of content. [00:25:35] Uh, I've been talking on and off about having, uh, struggling with snoring. [00:25:38] You know, I've been, uh, uh, doing that thing that a lot of middle-aged husbands start doing and deciding to interrupt their spouse's sleep by, by, by suddenly picking up this cool new habit. [00:25:49] That is just making wheezing sounds all night long. [00:25:53] And mine's really inconsistent. [00:25:56] It's clearly triggered by something. [00:25:57] Couldn't really tell what, you know, is it diet or whatever. [00:26:00] It's like clearly like none of the symptoms of apnea. [00:26:03] So that's probably not it. [00:26:04] Given that I feel fully rested after like four hours and I've never feeling short of breath. [00:26:08] Uh, you know, the new Apple watch has an apnea detection and it seems to not be detecting any apnea. [00:26:16] So I finally got a sleep study ordered and the doctor who is a very nice lady, she, you know, she's just like the reality of insurance right now is, uh, I will put in a request for an in, in a let in lab sleep study. [00:26:33] So we can watch you because the alternative is an at home sleep study. [00:26:36] And based on everything you're saying, there is a 0.0% chance that that at home sleep study is going to find anything. [00:26:44] Uh, and then I was like, well, then let's just do the in lab. [00:26:46] Like you're saying, well, she's like, oh, the insurance will surely deny based on what you're saying, uh, an in lab sleep study. [00:26:53] Uh, you have to do, you have to go through the motions of this at home sleep study first, and then it has to show nothing. [00:27:00] And then I can put in a script again for the in lab. [00:27:04] Uh, and, and then the prior authorization will go through and then you'll be able to do that. [00:27:09] And so I have to kind of do this performative nothing operation, just nothing like procedure, operation procedure. [00:27:18] It's over, you know, like diagnostic, you know, just to check some boxes and money is changing hands invisibly to me at every step. [00:27:27] Of course, for the most part, thanks, thanks to having health insurance. [00:27:30] So I, I, I schedule this and it's an at home sleep study. [00:27:36] Like there are services that mail these units, you know, they could ship it. [00:27:40] I could, I don't know, find a courier or something, but nope, this one, I have to drive to the other fucking side of Orlando, which is, you know, it's 20 miles, but it's like a 45 minute hour long adventure. [00:27:49] And I have to calling them the rules of the game were that I had to, uh, drive there Sunday night to pick it up, come back Tuesday night to drop it off. [00:28:00] And they, because of sleep study locations, this is like an actual, you know, testing center. [00:28:07] Uh, they literally open at 6 30 PM in the evening. [00:28:10] Uh, you know, so that's when their shift starts. [00:28:13] So I had to get there at 6 30. [00:28:15] So that means like, I'm basically fighting through rush hour into town and then pick it up and now I'm coming back home and now it's like eight. [00:28:22] So I guess I'll just eat dinner by myself or whatever. [00:28:25] Uh, and it's not like in a part of town where it's like, Hey, we can go downtown and like make a date, make a night date night out of it and go to like a fun restaurant. [00:28:33] It's like, this is a, I don't know what I, I have many times in this program suggested you should move to Orlando. [00:28:41] Orlando's great. [00:28:41] I love life in Orlando, but like whenever I leave the bubble of like theme park party time, Orlando, where everything's just really, really nice and customer service is incredible. [00:28:50] And the food's really great. [00:28:52] And, and it's just a party. [00:28:53] Uh, and I go to like real Florida. [00:28:56] I'm like, Oh yeah, I need to stop recommending people move to Orlando. [00:28:59] Cause this is like the median experience. [00:29:01] And I wouldn't, I would not, I can't do this for an hour. [00:29:05] I don't know how I would possibly live here. [00:29:07] No offense to Orlando, but I, uh, I went and I picked it up. [00:29:12] I drove my car there on Sunday night and traffic was pretty bad, but it's always pretty bad. [00:29:18] I had numerous cases of people jumping in front of the car on the way onto the highway. [00:29:23] Once I was on the highway, I get into the new express lanes, which do make things easier. [00:29:27] You pay a toll and you get, uh, you know, expedited traffic. [00:29:30] Um, and somebody had pulled over into the shoulder. [00:29:34] And as soon as he pulls over, he just whips open his, his driver's side door off of the shoulder. [00:29:41] And now the door is in my lane. [00:29:43] And there's of course, somebody on my left causing me to, uh, flip out and have to slam the brakes to, to the point of like, you know, bad enough that smoke is happening. [00:29:53] Right. [00:29:53] Like you can smell the burnt tire because this dude is just like, I'm on the highway. [00:29:57] I can open my door. [00:29:58] I'm a, I'm a big man. [00:29:59] I'm driving a truck. [00:30:00] So I chose not to blow his door off. [00:30:05] Uh, then on the way home, it was one of those ordeals where, uh, it's a, a sign said congestion, like eight, four miles ahead. [00:30:16] I was like, oh, four miles. [00:30:17] Okay. [00:30:17] Maybe I'll find an opportunity to take, get off the highway or I'll get onto the express lane and try to avoid it. [00:30:21] And, uh, Apple maps was saying I should turn right at the Kia center, which is like where the Orlando magic play. [00:30:27] And then take three more rights and then get back on the highway. [00:30:30] And I was like extremely convinced that this was just some sort of, you know, Apple maps fuckery. [00:30:36] Uh, and, and the nav and the computer being wrong because it often is, I was like, I'm going to stay on the highway. [00:30:42] I'm a smart guy and the instant that I passed that exit that it wanted me to take, everything became a parking lot and, and such a parking lot that it became road ragey pretty quickly with people driving and shoulders and honking and trying to edge each other out and motorcycles going between lanes. [00:30:58] And, and, and there's just a, you know, there's probably a metric that you could use for any civilization called like, uh, TTMM time to Mad Max. [00:31:10] And Florida has a very low TTMM, you know, it doesn't take long at all for every man for himself, uh, instincts to seemingly kick in. [00:31:22] So I, I did the rerouting and now, now the phone is telling me, all right, well, you know, literally it's so demoralizing. [00:31:32] You see the ETA to your home arrival move literally 40 minutes immediately because I chose not to take it's very wonky prescription of three right turns. [00:31:42] And now I realized in hindsight, the reason it wanted me to do that is there's a direct entrance onto the express lane. [00:31:47] And so not only did the ETA go up, not only do I have the regret that I didn't listen to the computer for, for telling me to do a stupid thing, but I also now am shamed by the insult on wounds here. [00:31:58] The left of me, the express lanes are wide open and there's just like five cars just having a great time going 80 miles an hour to get to where they want. [00:32:05] And everybody else is left in just this, this, this, this absolutely falling down style, uh, traffic jam, uh, or just after dark. [00:32:17] I did get home, I, I took a side street and it was one of those ordeals where you, you know, you take the side street, go up a couple of blocks, you go, you know, uh, turn left, kind of go, I don't know, maybe a half mile just past wherever, whatever accident was causing the congestion. [00:32:34] Then you get back on the highway. [00:32:34] And the problem was, of course, we all have automated navigation systems. [00:32:41] They all reroute us. [00:32:42] And so that was immediately backed up there that it was three traffic lights of people in the left lane, trying to, to turn onto that third traffic light. [00:32:52] And I, it would have been another 20 minutes just waiting for those light changes. [00:32:56] And so I just, you know, fortunately I had a brain and I was like, all right, I'm going to just blow past this and go in the right lane and drive forward three, three intersections and then do a U-turn turn right. [00:33:08] And then I, I successfully beat the rush and I got home and I, it merely only wasted 20 minutes of my time, but here, this story has already wasted five minutes of your time. [00:33:16] So it was death defying because even once off the highway, virtually none of those drivers had ever been on those side streets or in that neighborhood before. [00:33:27] And they were all driving like it and they were all driving like it and it was dark and there were not adequate streetlights. [00:33:31] So, uh, you know, it's not just that like Florida drivers are bad, but like you are surrounded by a certain number of frazzled dads who just picked up rental cards, cars from MCO, who are trying to get to their Disney hotel, who just had a flight delay, whose kids are screaming. [00:33:48] And nobody's happy like that is the default and that is the best case energy because like, you know, that's before you consider the, the, the capital F capital M Florida men and the tweakers and everyone else that just kind of contributes to this diverse fabric of society that we live in. [00:34:08] So, uh, that was a bad experience. [00:34:12] I, I did get home, you know, I am still with us, but by the time I got home, I was, I was so fried. [00:34:18] Like I, I, I, I, I didn't want to hang out. [00:34:22] I didn't want to talk to Becky. [00:34:22] Just wanted to like pour a whiskey and collapse. [00:34:25] Uh, the stress level is so high. [00:34:28] Like, and you can, I looked at my watch, right. [00:34:30] And I was looking at like the heart rate history and I was like, you know, I was white knuckling it. [00:34:34] Um, and that's, and that's partly on me, right? [00:34:36] Like I just, I don't, I don't like that kind of driving. [00:34:39] I don't like that stress. [00:34:39] Two days later, when I had to drop this device off, uh, the device itself was terrible, by the way, it was probably less sophisticated than my Apple watch and probably reading like less accurate, uh, heart rate. [00:34:57] And, and even the, the modern Apple watch like does track breathing. [00:35:00] That's how it does a sleep apnea thing, uh, uh, through the magic of gyroscopes. [00:35:05] And, uh, this device is a piece of shit and I'm sure somehow the rental fee for, for a one-time use was $1,500 to my insure. [00:35:12] Uh, and I'm sure it found nothing. [00:35:15] I can totally, like, I don't know how it would find anything. [00:35:17] Uh, it looked like it was built out of, you know, Teddy Ruxpin era, you know, technology in the mid eighties with, with the, the quality of the, the, the straps and the plastic. [00:35:29] I could just, but when I had to, when it, when time came to drop it off, I really did not want to repeat that experience on a weeknight when you, you know, traffic would be even worse. [00:35:41] And so I, I humbly asked my brother who has a Tesla, I said, Hey, uh, there's another follow-up item. [00:35:48] We, we, we, we picked it up together just in October. [00:35:51] I think, uh, I said, Hey man, like, can I swing by or you swing by drop off your Tesla? [00:35:59] He did some stuff to do at our house anyway. [00:36:01] And he's got the full self-driving like, like, uh, they keep renewing a 30 day trial for him. [00:36:09] And, uh, you know, full self-driving isn't, it is, uh, the car will drive itself. [00:36:14] You don't have to touch the wheel. [00:36:16] It, it, it, it, it's very conservative. [00:36:18] It has three modes, chill, uh, normal and hurried or hurry. [00:36:23] I've never tried hurry. [00:36:24] I don't need to try hurry. [00:36:26] I just stick on chill because at the end of the day, as long as I get to where I'm going, [00:36:29] I sort of don't care. [00:36:30] I'm not in a big rush. [00:36:32] Uh, I have the luxury of not needing to be anywhere in any particular pace. [00:36:37] As long as I leave on time, you know, I'm, and I'm going to get there by the time I promise [00:36:41] the chill is good with me and the, you have to supervise it. [00:36:48] And it was the case when the full self-driving crap and Tesla's first hit that people were, [00:36:55] you know, at first it was just like pressure testing the steering column. [00:36:58] And so people would like use like, uh, uh, weights, like, like weighted wristbands and [00:37:04] stuff to like make it trick the steering column into thinking that somebody was holding onto [00:37:08] the wheel. [00:37:08] Uh, and now they have cameras that look at you like inside the cabin and that, that camera [00:37:15] is using some amount of intelligence to determine that you're distracted or not. [00:37:19] So if you are looking a lot at the central, uh, tablet, it'll bark at you and say, Hey, pay [00:37:23] attention to the road. [00:37:25] If you're looking at your phone, it'll do the same. [00:37:26] If you're looking at a watch, you know, like I've had it even like when I'm talking to the [00:37:30] watch and looking forward, have it bark at me. [00:37:31] And as soon, as soon as it does it, it makes a beep and then it gets increasingly aggressive [00:37:36] and beeps louder. [00:37:37] You impressively. [00:37:39] I say this because like, you know, I'm sure that the reason it's like this is because Tesla [00:37:43] is trying to minimize it's like legal liability for accidents caused by its system. [00:37:47] If, if, if, if you ignore its beeps three times in a day, uh, you, you get a strike, the system [00:37:56] will disengage and you will be forced to manually drive your car like a plebeian for the rest [00:38:01] of the day. [00:38:01] At least that's how Jeremy explained it to me. [00:38:03] If you get five strikes, I want to say it is, um, you're just exited from your, you're ejected [00:38:12] from the full self-driving program. [00:38:14] And I am impressed not only that it's as aggressive as it is, like, you know, if you got to look [00:38:22] at the screen for something, you've got to adjust it. [00:38:23] You basically have seven or eight seconds to, you know, fix the mirrors or whatever it is [00:38:28] before you got to be looking at the road again. [00:38:29] I'm also like finding myself that when I'm driving his vehicle, I actually am significantly less [00:38:36] distracted than in my own Ford escape, which has car play. [00:38:39] And I typically don't touch the phone itself, but I, um, you know, I tune out a little bit [00:38:44] or, uh, you know, might look at something or might be tapping away at the, uh, you know, [00:38:49] the eye messages and, and, and, and whatnot seemingly longer in those cases than like what the Tesla [00:38:55] would let me get away with. [00:38:56] So I'm paying more attention to the road because the computer is telling me to, or forcing me [00:39:01] to, and I am also doing less of the driving. [00:39:05] So, you know, my foot's off the pedal, my foot, my hands are off the steering. [00:39:08] And when they say supervised, it's actually like the right word, like it is doing the [00:39:14] driving, but like the, it feels almost like a pilot co-pilot thing where I, your head's [00:39:22] on a swivel. [00:39:23] Like I can look to the left and I can look to the right and I have far greater situational [00:39:27] awareness as the car is driving. [00:39:28] Now, granted a lot of these like semi-autonomous and, and adaptive, you know, uh, uh, uh, assistance [00:39:35] in cars will for most people lull them into a false sense of security and result in further [00:39:44] driver inattentiveness and unsafety, right? [00:39:46] Like people will, you'll train them out of the vigilance that you need at all times when [00:39:52] you're the one driving a vehicle or being driven in a vehicle. [00:39:55] However, like the particular, and maybe it's just cause I'm kind of coming in and chapter [00:40:00] four of this particular saga of full self-driving and robo taxis will be here in six months as [00:40:05] Elon Musk. [00:40:06] And of course they're not there, but it seems like at least the way that I've experienced [00:40:13] full self-driving when I've used it, it seems to me like I feel a thousand times safer because [00:40:21] the combination of the car, mostly doing the right thing, mostly making the conservative [00:40:25] choice, absolute worst case. [00:40:27] It haunt, it blares at you and you need to take over, uh, combined with my own hypervigilance [00:40:35] of not, you know, I constitutionally do not trust computers and you know, Jeremy doesn't [00:40:41] either. [00:40:42] And so when we're driving these things, we're looking around all the time where we're, we're, [00:40:45] we're sort of, because we have a curiosity and how the technology works, like trying to think [00:40:49] about how is it thinking through this? [00:40:51] Like, like we have a lot of, for example, um, automated gated communities where like the, [00:40:56] the gates will open and closed when you're, when you're entering and exiting. [00:41:00] It's like, we, we look at the little like computer screens, like how does it, how does it, what [00:41:04] does it think is in front of it right now? [00:41:05] It sees that there's an obstruction. [00:41:07] Uh, and if it opens too slowly, is it thinking it's a permanent obstruction or is it going to [00:41:11] wait and then proceed after the thing opens automatically? [00:41:14] Like there's a lot of little moments like that, where it's actually kind of interesting [00:41:17] to see how, you know, how the car reacts and then it gets a software update and then how [00:41:22] the car reacts after that. [00:41:23] And then additionally, there's the typical ebb and flow of software updates generally where [00:41:28] there's regressions, right? [00:41:29] Like there was a version of this, uh, system that, that the ability, like it used to blow [00:41:35] past this one particular speed bump, uh, uh, near our neighborhood, uh, because it didn't [00:41:41] have sufficient paint on the road to indicate that it was a speed bump. [00:41:45] And then there was a software update and then it perfectly negotiated all four speed bumps [00:41:49] just right in a row every single time. [00:41:52] And then there was another update and now it blows past the third speed bump again. [00:41:56] And so, uh, I think that people who are technology enthusiasts who maybe follow this stuff and [00:42:05] understand how, what software is, how it works, that updates are not a pure linear, you know, [00:42:11] march of progress, I think the idea that there would be regressions in software releases or [00:42:18] even, uh, non-determinism in how the, how the computer car operates, that's totally natural [00:42:24] to me. [00:42:24] And I expect it now. [00:42:25] I, I grown at it and I think like, this is, this is probably a bad idea in aggregate and [00:42:31] at a population level. [00:42:33] I suspect that the average driver would be confused by that the same way that like the [00:42:38] average person is terrified of updating their phone or their computer because they associate [00:42:43] software updates with, uh, uh, you know, newness and unawareness and, and, and, and, and, and all [00:42:51] the things that they finally had working, no longer working. [00:42:54] And when they, but when you talk about the, the march of progress and technology, they sort [00:43:00] of have a, what it is, is whenever anything goes wrong with technology, if you're not, if [00:43:08] you're not primed to know that it's burning you is, it seems like people mostly blame themselves [00:43:13] instead of blaming the technology. [00:43:15] And if that's your, if that's the way you use your phone or your computer, uh, you [00:43:21] know, when, when the car makes a mistake, you might not realize it as a car making mistake [00:43:26] and you might not have the hypervigilance. [00:43:27] That's like, you know, a more adversarial, like, like, I feel like I'm constantly spot checking [00:43:31] it. [00:43:31] And I, and while I am surprisingly impressed with how well it's been negotiating everything [00:43:37] that we've thrown at it so far, it's made one or two mistakes and I've, I've, I've, [00:43:41] I've, I've dealt with it, but on net, like it's driving waste. [00:43:45] Way more safely than I am way. [00:43:47] And it's, it's taught me a few things. [00:43:49] It's like, Oh yeah. [00:43:49] Like whenever I do this at an intersection, like that's really dumb. [00:43:52] Like it's doing this way better. [00:43:53] Uh, I can't think of a specific example, but like, I'm pretty impressed. [00:43:58] And so I thought, well, I'll ask Jeremy to borrow the car because I've got this natural [00:44:03] experiment now, same time of day, uh, same location. [00:44:07] So I already know how to get there. [00:44:08] It's a, it's a little bit goofy, but like, because I was just there, I'm not going to feel [00:44:12] like I'm learning how to get, get there and also learning how to use this. [00:44:15] Auto driving system simultaneously. [00:44:17] And, uh, holy shit. [00:44:20] Like, yes, I had people jump out in front of the car. [00:44:23] It was even worse this time at the particular intersection before you get to the, to, to [00:44:27] I four and the car like saw them out of its blind spot while it was turning, right. [00:44:32] It saw them on the left camera and breaks perfectly. [00:44:37] Uh, and I, uh, my first reaction was like, I would not have caught that. [00:44:40] I probably would have cut it real close. [00:44:44] Uh, almost hitting these people. [00:44:45] Uh, you get onto the highway and then this is why I emphasize like I four is like the deadliest [00:44:51] highway in America because it's, it is, it is not like driving on the highway, wherever [00:44:59] the fuck you live like anywhere I was ever in Michigan or Ohio or anywhere else in the [00:45:04] U S or certainly anywhere I've driven in Japan. [00:45:06] Those are the only places I suppose I've driven or Canada. [00:45:09] Like, yes, sometimes it's a little stressful driving on the highway. [00:45:12] Like that's not what this is. [00:45:14] This is, you have to practice extreme defensive driving. [00:45:18] And if you actually want to get where you're going, you also have to practice offensive [00:45:21] driving. [00:45:21] Uh, so having, uh, you know, nine cameras and nine directions is just necessary for basic [00:45:28] like assurance of survival. [00:45:31] Like when I'm on I four, I, I feel constantly under threat. [00:45:35] Uh, and something happens every time. [00:45:39] So we get on the highway and that stuff does happen. [00:45:42] Uh, you know, the car on its own decided to take the express lanes by itself, which was [00:45:46] incredible, but like people were like, I was trying to merge into a lane. [00:45:50] And then as, as the things, well, it was trying to merge into a lane. [00:45:53] And as it was changing lanes, somebody who didn't even have a blinker on starts edging in [00:45:58] and the car knows I'm going to back off. [00:45:59] Uh, there was another case of somebody swerving into our lane, like very close to the car and [00:46:05] the car, you know, defensively, you know, switch to the right lane, which was wide open [00:46:11] to prevent the risk that like, you know, it might have to break. [00:46:14] Suddenly there wasn't enough distance between the cars. [00:46:16] And that was stuff that like, I only was actually even able to piece together. [00:46:19] What the fuck was it doing after the fact? [00:46:20] Like looking at the map and looking around me, it's just, it went great. [00:46:28] Got there, dropped the shit off, turned around, you know, the parking is wonderful too, because [00:46:34] it'll back into every parking spot. [00:46:36] You just tap the screen. [00:46:37] Like it'll see the parking spots. [00:46:38] You just tap which one you want and just, it handles it for you. [00:46:40] It parks way better than I park. [00:46:42] I don't know, man. [00:46:43] And on the ride home, not only, you know, everything around me felt like it was on fire and chaos, [00:46:50] but because I had a buddy who was doing the driving and I could just kind of be, you know, [00:46:54] patrolling and looking around, I actually got a, a low heart rate notification on my watch, [00:47:00] which I get, I get them frequently. [00:47:01] Cause I have a low resting heart rate, but like it would say, Hey, your, your heart rate's [00:47:05] been under 40 beats per minute for the last 10 minutes. [00:47:08] And, uh, which I, if that's not you, that's like, if that's not typical for you, that might [00:47:14] sound scary, but like, no, my, my resting heart rate when I'm actually like de-stressed and, [00:47:17] and just chill is like typically like 38. [00:47:20] So the fact that I could be on I4 with a heart rate under 40 feeling completely safe more than [00:47:27] anything, it's not about going fast or whatever. [00:47:29] It's like feeling like I've got a team of two that are dedicated to getting me home safely, [00:47:32] me and this computer. [00:47:34] Uh, it was a revelatory experience now that look, I realized it's a complicated situation [00:47:44] because Elon is a big old bucket of assholes and the politics of it are all fucked. [00:47:50] Uh, you know, the right time to buy a Tesla was, was when, uh, everyone agreed that, that [00:47:54] they were cool and EVs were good and the planet deserves saving. [00:47:57] Uh, but yeah, I got, I totally saw where, where my brother was coming from and all of his friends [00:48:03] who, who, who, who are similar technologists who, who have these things and who are, you [00:48:07] know, who got on board in the very recent hardware three or hardware four era of Tesla. [00:48:12] Um, particularly with like the, the, the entry level models that are higher volume and therefore [00:48:17] kind of more, uh, consistently produced, you know, the cyber truck, for example, more, most [00:48:26] expensive, but lowest volume and has the most problems. [00:48:29] The model Y at this point is pretty boring and dull, but like, you know, if, if you, if [00:48:34] you are like me and just kind of think of cars, the modern day car is just a tablet with wheels. [00:48:40] This is a, you know, and I, yes, I had, I had low expectations. [00:48:46] I had a high level of suspicion, but it went great. [00:48:48] And, uh, uh, I, I, I successfully dropped off my snoring thing. [00:48:55] I can't wait to get the results. [00:48:57] That'll tell me that, uh, you know, nothing happened. [00:48:59] Another bit of follow-up. [00:49:01] I think I'd mentioned that I, uh, I had used rocket money. [00:49:05] So, you know, it used to be called true bill and then quick and loans bought it. [00:49:08] And, uh, the, as quick and loan started branding itself as rocket and having this rocket suite [00:49:13] of products, rocket money became, it's, you know, a consumer entree into upselling it to [00:49:18] other products and rocket monies, you know, promises. [00:49:21] It's going to help you, uh, visualize all your subscriptions and even negotiate a tiny, tiny [00:49:27] sliver of those subscriptions. [00:49:28] And the one that I yielded to it was my spectrum account. [00:49:32] So my ISP had, had gradually been charging me more and more to the point where it was [00:49:36] like $145 after tax every month for the same internet program. [00:49:39] That was like a hundred dollars when I moved here. [00:49:41] And I was very skeptical when rocket money said, Hey, we just saved you $893 a year, uh, by, [00:49:48] by lowering your monthly bill to 70 bucks. [00:49:50] And they sent me a new modem as well. [00:49:53] And I was like, I don't need a new modem. [00:49:55] It's the, it's, it's the model number. [00:49:56] It looks almost identical. [00:49:57] And I, I was actually at UPS returning that modem. [00:50:01] And I just thought to myself, what if this modem is somehow better? [00:50:04] Cause I had not been super blown away by the performance of my current one. [00:50:09] And so I, I went to the trouble of unplugging the old one, plugging in the new one, setting [00:50:13] it up, calling to activate and it, my, my connection now is rock solid. [00:50:19] So, so just by doing this price hack thing, I now have a modem that works way better. [00:50:23] I was able to activate it myself without having some tech come over here. [00:50:25] So that's a, that's a win, but the statements were still showing up $140. [00:50:29] And I was really skeptical that like this would materialize, but sure enough, this week I got [00:50:35] a statement for $70. [00:50:36] Uh, and I guess that means I owe rocket money 35% of whatever it saved me. [00:50:42] And I don't know how that's, I don't know how that's paid or when that works. [00:50:45] I'll figure it out. [00:50:47] But if you're, if you're willing to, basically I would recommend rocket money to anyone who [00:50:52] is currently paying sticker price for whatever utilities, it's probably mostly ISPs and cell [00:51:00] phone bills. [00:51:01] If you're paying for like a normal plan that is still available and you're paying top dollar, [00:51:06] uh, call them, give it a try. [00:51:08] But if you're like, you know, like I am with T-Mobile grandfathered in on some 12 year old [00:51:13] plan that has been replaced five times. [00:51:15] And there's no like, like the most likely case then is it's going to put me on the latest plan [00:51:19] and sign me up for all of the new throttling and four ADP video and the shit that you don't [00:51:24] want, uh, in terms of limitations. [00:51:26] So check out rocket money. [00:51:30] I, I, I was extremely skeptical and now this is, this is a rocket money ad. [00:51:34] Uh, although it is unpaid. [00:51:36] If you want to be a sponsor of the program podcast at seerls.co, uh, another followup item. [00:51:47] I, let me tell you what it took to connect. [00:51:53] My Xbox controller to my, to my gaming PC. [00:51:58] So, uh, I have an Xbox series elite to whatever you call it. [00:52:04] A nice, the fancy Xbox controller that costs like $170. [00:52:07] And I like this controller. [00:52:09] It's got the little paddles in the back. [00:52:11] It's got, you know, a nicer grip, uh, interchangeable thumb sticks and D pad and stuff. [00:52:16] It's a very nice product, but it's, it's, you know, talk about low volume things that [00:52:21] aren't as reliable. [00:52:21] It has a lot of reliability issues and my right bumper button, like next to the right [00:52:27] shoulder, it had been like very, very, um, it would miss like 70% of the clicks. [00:52:36] And because the right bumper isn't the most important button in the world. [00:52:39] Like it just meant like, uh, I guess I'm just not the kind of guy to throw grenades or whatever [00:52:43] the right bumper is typically assigned to, I got a replacement relative, like a, a, a cheap [00:52:50] replacement through Microsoft support channel. [00:52:52] I think they charged me $70. [00:52:53] They didn't require me to ship back the old one. [00:52:55] Uh, the replacement came and I plugged it into the computer to start set up and pairing. [00:53:00] And the Xbox accessories app was like, this is too out of date to be able to configure your [00:53:06] controller, which was weird because windows update, which I checked frequently had said [00:53:10] that I was up to date, but there was a little message at the bottom saying, uh, windows is [00:53:16] up to date. [00:53:16] Important security updates have not been applied. [00:53:19] Make sure that your computer is turned on, which is weird because if I'm manually updating [00:53:22] and nothing's saying that it's like, where are these secret security updates that aren't [00:53:26] happening? [00:53:26] And when I dug into my actual windows version, it said I was on 21 H two. [00:53:32] So the naming scheme for these major windows releases seems to be the, the two digit year [00:53:39] followed by H one for first half of the year and H two for second half of the year, which [00:53:44] is, um, real dumb. [00:53:47] I'm going to say just a dumb way to name things, you know, numbers are good. [00:53:52] You know, I, I, I get it now why it's named that. [00:53:56] But 21 was, uh, if you, if you decode the version several, several numbers ago, it was [00:54:02] three, at least it was at least two H one ago. [00:54:05] And why was I on such an old version? [00:54:10] It turns out I'll share like a, an article from, from just December, the, the windows 11 [00:54:16] required computers to have secure boot enabled using the trusted platform module or TPM equivalent [00:54:22] encryption. [00:54:23] And that's to certify or to be able to attest that like the, the operating system has not [00:54:28] been tampered with and so forth. [00:54:29] And then this has all sorts of like DMCA, DR, DRM, um, uh, and, uh, HDCP, all this sort [00:54:36] of a content encryption, copyright protection, uh, ostensibly it's quote unquote security. [00:54:41] And it, and it's the, like making sure from a malware perspective that the veracity of [00:54:45] the system files are all in place and so forth. [00:54:47] But like a lot of nerds were not on board because they want to rip blue waves or whatever it is. [00:54:51] And this might make it marginally more difficult, but gaming motherboards were like the last ones [00:54:57] to the party to support secure boot. [00:54:59] And even though I built my gaming PC, well, after windows 11 launched the BIOS that it [00:55:04] shipped with did not support secure boot. [00:55:06] Um, it didn't support, uh, I don't think like booting from UEFI drives correctly either. [00:55:13] So I'd set it up just like a normal basic fucking computer and it worked for however long it [00:55:18] worked. [00:55:18] But apparently in December, Microsoft was just like, and you get no more updates at all. [00:55:22] No more security updates, no more, nothing, which is why I started getting that message. [00:55:25] Uh, if you want to be on the latest and greatest version of windows 11, you must have secure boot. [00:55:30] Problem now is like, it's been several years. [00:55:34] And so figuring out what kind of motherboard I even have, I'm too lazy to like open the case [00:55:38] up and look at it. [00:55:39] And so I, I found the particular model number in my Amazon orders. [00:55:42] So step one, you know, I figured out what was happening. [00:55:45] I guess step, step zero is I get this new controller and I immediately regret it. [00:55:49] Uh, step two, figure out what's happening. [00:55:52] Step three, check my Amazon orders, identify the motherboard. [00:55:55] Uh, step four, I went to the motherboard website. [00:55:58] I find that there, a BIOS update is available and it's, it adds the secure boot functionality [00:56:03] because apparently the encryption software hardware is on the device, which is great. [00:56:07] So I download the BIOS and then I start flashing it. [00:56:12] Uh, not, you know, not that kind of, get your head out of the gutter. [00:56:15] I, it, it requires, uh, you know, identifying there's a, there's a particular USB port on [00:56:23] the back of the, of the motherboard. [00:56:25] That is the only one that can flash the BIOS and you have to look for it. [00:56:30] This is like M dash flash on it. [00:56:31] So you put it in there, you know, you restart, you, uh, boot into the BIOS and I, uh, got [00:56:39] it to update that, that part was actually pretty easy. [00:56:41] Then you go into the, the BIOS and it, you know, I don't know what BIOS stands for. [00:56:45] So if you're not like a PC person, this might not make sense, but you, you, the, the, it's, [00:56:49] it's the little bit of software that runs before the computer really starts. [00:56:52] And you can typically get there by hitting a key like F12 or delete. [00:56:55] And it's, you know, if you weren't raised on windows, uh, it's, it's, it's a weird [00:56:59] under, underbelly that sometimes you have to go into. [00:57:02] It's got a lot of arcane settings. [00:57:04] None of them make any sense. [00:57:05] It's a lot of acronyms that aren't explained, even though modern BIOS systems typically have [00:57:09] tooltips, it'll be like, what is, you know, what is MDR? [00:57:12] And it's like this, this option determines whether you have MDR turned on and off. [00:57:16] And there's like room for two more paragraphs to just maybe spell out what the fuck MDR is. [00:57:20] Uh, I turned on the secure boot, figure that out. [00:57:25] Uh, chat GPT is wonderful for stuff like this. [00:57:27] Like it gave me step-by-step directions because like, there's probably 800 forum, forum posts, [00:57:31] like detailing the same thing. [00:57:33] Uh, after reboot, nothing worked and like the computer would not boot. [00:57:39] I turned on secure boot, which required turning on UEFI, which is like a related technology of [00:57:44] like a more modern boot system for computers. [00:57:46] And it turns out it's because that my drive partition map is master boot record MBR, which [00:57:51] is like from the DOS era. [00:57:53] And that was the default when I set it up in 21 or 2020. [00:57:56]

AIs in Love, UEFI, Fortinet, Godaddy, Juggalos, Aaran Leyland, and More. In this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-443

AIs in Love, UEFI, Fortinet, Godaddy, Juggalos, Aaran Leyland, and More. In this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-443

AIs in Love, UEFI, Fortinet, Godaddy, Juggalos, Aaran Leyland, and More. In this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-443

ESET researchers have discovered a vulnerability affecting the majority of UEFI-based systems that allows actors to bypass UEFI Secure Boot. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate. ESET researchers discovered a new vulnerability, CVE-2024-7344, that allows actors to bypass UEFI Secure Boot on the majority of UEFI-based systems. Exploitation of this vulnerability allows execution of untrusted code during system boot, enabling deployment of malicious UEFI bootkits. The issue was fixed by affected vendors; the vulnerable binaries were revoked by Microsoft in the January 14, 2025, Patch Tuesday update. Exploitation of this vulnerability can lead to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the operating system installed. ESET reported the findings to the CERT Coordination Center (CERT/CC) in June 2024, which successfully contacted the affected vendors. The issue has now been fixed in affected products, and the old, vulnerable binaries were revoked by Microsoft in the January 14, 2025, Patch Tuesday update. The affected UEFI application is part of several real-time system recovery software suites developed by Howyar Technologies Inc., Greenware Technologies, Radix Technologies Ltd., SANFONG Inc., Wasay Software Technology Inc., Computer Education System Inc., and Signal Computer GmbH. "The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window shows that even such an essential feature as UEFI Secure Boot should not be considered an impenetrable barrier," says ESET researcher Martin Smolár, who discovered the vulnerability. "However, what concerns us the most with respect to the vulnerability is not the time it took to fix and revoke the binary, which was quite good compared to similar cases, but the fact that this isn't the first time that such an obviously unsafe signed UEFI binary has been discovered. This raises questions of how common the use of such unsafe techniques is among third-party UEFI software vendors, and how many other similar obscure, but signed, bootloaders there might be out there." Exploitation of this vulnerability is not limited to systems with the affected recovery software installed, as attackers can bring their own copy of the vulnerable binary to any UEFI system with the Microsoft third-party UEFI certificate enrolled. Also, elevated privileges are required to deploy the vulnerable and malicious files to the EFI system partition (local administrator on Windows; root on Linux). The vulnerability is caused by the use of a custom PE loader instead of using the standard and secure UEFI functions LoadImage and StartImage. All UEFI systems with Microsoft third-party UEFI signing enabled are affected (Windows 11 Secured-core PCs should have this option disabled by default). The vulnerability can be mitigated by applying the latest UEFI revocations from Microsoft. Windows systems should be updated automatically. Microsoft's advisory for the CVE-2024-7344 vulnerability can be found here. For Linux systems, updates should be available through the Linux Vendor Firmware Service. For a more detailed analysis and technical breakdown of the UEFI vulnerability, check out the latest ESET Research blog post, "Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344" on WeLiveSecurity.com. Guest post by ESET Ireland. You can follow ESET Ireland on X (ex-Twitter), Facebook or LinkedIn for more cybersecurity tips.

AIs in Love, UEFI, Fortinet, Godaddy, Juggalos, Aaran Leyland, and More. In this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-443

Ein neues Linux-Rootkit taucht plötzlich auf und wird gleich dreimal analysiert. Seine Besonderheit: Es kann über das UEFI Linuxsysteme infizieren - bis jetzt ging das nur unter Windows. Aber wer steckt dahinter und warum haben die Unbekannten das Bootkit gebastelt? Sylvester und Christopher gehen auf Spurensuche. Dieses Mal litten Christopher und Sylvester unter ausgeprägtem Hallo-Effekt, was zwischendurch zu unfreiwillig komischen Reinrede-Aktionen führte. - [Ken Thompson: Reflections on Trusting Trust](https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf) - [BlackHat-Präsentation zu LogoFAIL](https://i.blackhat.com/EU-23/Presentations/EU-23-Pagani-LogoFAIL-Security-Implications-of-Image_REV2.pdf?_gl=1*18vnefe*_gcl_au*MTM5NTEwMjYzLjE3MzM4OTc5OTc.*_ga*MTY4Njg2MTc1MC4xNzMzODk3OTk3*_ga_K4JK67TFYV*MTczMzg5Nzk5Ny4xLjEuMTczMzg5ODAxNy4wLjAuMA..&_ga=2.47355111.1773935767.1733897998-1686861750.1733897997) - [ESET-Analyse](https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/) - [Humzak711' Analyse](https://humzak711.github.io/analyzing_IranuKit.html) - [Binarly-Analyse](https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux)

AWS DShield Sensor + DShield SIEM https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480 From a Regular Infostealer to its Obfuscated Version https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484 Credit Card Skimmer Malware Targeting Magento Checkout Pages https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux Stickers: https://isc.sans.edu/stickers.html (code PODCAST)

This week we pontificate on Gnome OS and whether KDE and Gnome really need their own distros, the much-delayed progress in Wayland development that's finally happening, and whether here's really a trend from Ubuntu back to Debian. We discuss the Pi CM5 announcement, the new UEFI bootkit announcement, and the leaked steam controller designs. For tips we have dstat for system monitoring, and SSH agent forwarding to forward your SSH keys on remote systems. The show notes are at https://bit.ly/4idT1Qb and until next week! Host: Jonathan Bennett Co-Host: Rob Campbell Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

ESET believes this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in the wild. However, it is the first evidence that UEFI bootkits are no longer confined to Windows systems alone. The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux "init" process (which is the first process executed by the Linux kernel during system startup). The previously unknown UEFI application, named "bootkit.efi," was uploaded to VirusTotal. Bootkitty is signed by a self-signed certificate, thus is not capable of running on systems with UEFI Secure Boot enabled by default. However, Bootkitty is designed to boot the Linux kernel seamlessly, whether UEFI Secure Boot is enabled or not, as it patches, in memory, the necessary functions responsible for integrity verification. The bootkit is an advanced rootkit that is capable of replacing the boot loader, and of patching the kernel ahead of its execution. Bootkitty allows the attacker to take full control over the affected machine, as it co-opts the machine's booting process, and executes malware before the operating system has even started. During the analysis, ESET discovered a possibly related unsigned kernel module that ESET named BCDropper - with signs suggesting that it could have been developed by the same author(s) as Bootkitty. It deploys an ELF binary responsible for loading yet another kernel module unknown at the time of analysis. "Bootkitty contains many artifacts, suggesting that this is more like a proof of concept than the work of a threat actor. Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems since it can affect only a few Ubuntu versions, it emphasizes the necessity of being prepared for potential future threats," says ESET researcher Martin Smolar, who analyzed Bootkitty. "To keep your Linux systems safe from such threats, make sure that UEFI Secure Boot is enabled, your system firmware, security software and OS are up-to-date, and so is your UEFI revocations list," he adds. After booting up a system with Bootkitty in the ESET testing environment, researchers noticed that the kernel was marked as tainted (a command can be used to check the tainted value), which was not the case when the bootkit was absent. Another way to tell whether the bootkit is present on the system with UEFI Secure Boot enabled is by attempting to load an unsigned dummy kernel module during runtime. If it's present, the module will be loaded; if not - the kernel refuses to load it. A simple remedy to get rid of the bootkit, when the bootkit is deployed as "/EFI/ubuntu/grubx64.efi", is to move the legitimate "/EFI/ubuntu/grubx64-real.efi" file back to its original location, which is "/EFI/ubuntu/grubx64.efi". Over the past few years, the UEFI threat landscape, particularly that of UEFI bootkits, has evolved significantly. It all started with the first UEFI bootkit proof of concept (PoC), described by Andrea Allievi in 2012, which served as a demonstration of deploying bootkits on modern UEFI-based Windows systems, and was followed with many other PoCs (EfiGuard, Boot Backdoor, UEFI-bootkit). I t took several years until the first two real UEFI bootkits were discovered in the wild (one of those was ESPecter in 2021 by ESET), and it took two more years until the infamous BlackLotus - the first UEFI bootkit capable of bypassing UEFI Secure Boot on up-to-date systems - appeared (in 2023, discovered by ESET). A common thread among these publicly known bootkits was their exclusive targeting of Windows systems. For a more detailed analysis and technical breakdown of Bootkitty, the first bootkit for Linux, check out the latest ESET Research blogpost, "Bootkitty: Analyzing the first UEFI bootkit for Linux," on WeLiveSecurity.com. Make sure to follow ESET Research on X for the latest news from ESET Rese...

We had the pleasure of finally having Dave Lewis on the show to discuss shadow IT and security debt. Dave shared some fascinating insights from his long career in cybersecurity, emphasizing the importance of addressing fundamental security issues and the human aspect of security. We delved into the challenges of managing shadow IT, the complexities of security debt, and the need for organizations to prioritize security practices. Overall, it was a great conversation that highlighted the ongoing struggles in our industry and the importance of learning from past mistakes to build a more secure future. Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more on Windows Downgrade (and UEFI locks), super nerdy Linux things, EDR is dead, well not really but more on how to make it not phone home, bypassing memory scanners, couple of Bluetooth hacking things, and a really awesome article about an IoT 0-Day that is no longer on the Internet. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-849

Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more on Windows Downgrade (and UEFI locks), super nerdy Linux things, EDR is dead, well not really but more on how to make it not phone home, bypassing memory scanners, couple of Bluetooth hacking things, and a really awesome article about an IoT 0-Day that is no longer on the Internet. Show Notes: https://securityweekly.com/psw-849

We had the pleasure of finally having Dave Lewis on the show to discuss shadow IT and security debt. Dave shared some fascinating insights from his long career in cybersecurity, emphasizing the importance of addressing fundamental security issues and the human aspect of security. We delved into the challenges of managing shadow IT, the complexities of security debt, and the need for organizations to prioritize security practices. Overall, it was a great conversation that highlighted the ongoing struggles in our industry and the importance of learning from past mistakes to build a more secure future. Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more on Windows Downgrade (and UEFI locks), super nerdy Linux things, EDR is dead, well not really but more on how to make it not phone home, bypassing memory scanners, couple of Bluetooth hacking things, and a really awesome article about an IoT 0-Day that is no longer on the Internet. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-849

Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more on Windows Downgrade (and UEFI locks), super nerdy Linux things, EDR is dead, well not really but more on how to make it not phone home, bypassing memory scanners, couple of Bluetooth hacking things, and a really awesome article about an IoT 0-Day that is no longer on the Internet. Show Notes: https://securityweekly.com/psw-849

In this episode, Andy and Paul, the dynamic duo of the Security Swarm Podcast, delve into the often-overlooked security of the Windows boot process, revealing how recent leaks have compromised its integrity.  Join Andy Syrewicze and Paul Schnackenburg as they break down how the boot process has evolved from the BIOS days to today's sophisticated UEFI system. They explore features like Trusted Boot and Secure Boot, which are designed to stop rootkits and other malware from hijacking the system.   But things aren't as secure as they seem. Recent leaks of platform keys, including the infamous "PKFail" incident, have exposed vulnerabilities that threaten the whole system. Listen on to discover how these vulnerabilities are being exploited by attackers, the potential risks they pose to your system, and what you can do to safeguard your devices.  Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  The Windows boot process is more complex than you think: It includes multiple phases, from basic hardware checks to kernel initialization and anti-malware checks, all before you even see the login screen.   Secure boot and measured boot aim to protect against rootkits and bootkits: These security features check for trusted components and fingerprint the boot process to detect unauthorized changes.   PKFail exposes a major vulnerability: A leaked test key used across 800 motherboard models allows attackers to bypass secure boot and load malicious software during the boot process as if it were legitimate.   Firmware vulnerabilities are widespread: The boot process isn't the only place where attackers can hide malware. Network cards, storage devices, and other components with firmware can also be compromised.   Rootkits and bootkits are persistent and difficult to remove: They can survive operating system reinstallation and are incredibly difficult to detect and remove, making them highly effective for attackers.   Updating firmware is crucial: You need to keep your firmware updated just like you update your operating system and software to protect yourself from vulnerabilities.   Beware of the dangers of compromised hardware: While less common than other attacks, these vulnerabilities should be addressed seriously. If you suspect a machine is infected, it's often best to discard it entirely.  Timestamps:  (01:27) Overview of Boot Process   (05:39) Breakdown of the Boot Process Steps   (08:44) Secure Boot and its Features   (12:13) The PKFail Leak: Leaked Platform Key Weakens Secure Boot   (17:18) Bootkits and Rootkits - The Types of Attacks   (22:41) Digital Supply Chain Issues and the Leaked Keys   (27:42) Mitigating PK Fail & Updating Firmware   (30:15) Balancing Risk Profile & Protecting Against Other Attacks   (31:39) Why Rootkits are a Major Persistence Threat  Episode Resources:  Github Repo of known compromised devices Ars Technica Article regarding UEFI Malware Intel Boot Guard News -- Hornetsecurity's Advanced Threat Protection (ATP) can help you stay ahead of these threats.  ATP provides:  Threat intelligence: Stay informed about emerging security threats like bootkit and rootkit vulnerabilities.   Advanced detection: Identify and block these highly sophisticated threats before they can compromise your systems.   Real-time protection: Prevent malicious code from executing, even at the boot level.  Don't wait for a breach! Contact Hornetsecurity today to learn how Advanced Threat Protection can help you secure your boot process and protect your organization from the most persistent malware threats. Click here to schedule a free consultation with a Hornetsecurity specialist. 

John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, pirates exposed, revoking SSL certificates, and using AI to analyze your brain: Multimodal Automated Interpretability Agent! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-837

Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, pirates exposed, revoking SSL certificates, and using AI to analyze your brain: Multimodal Automated Interpretability Agent! Show Notes: https://securityweekly.com/psw-837

John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Show Notes: https://securityweekly.com/psw-837

John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, pirates exposed, revoking SSL certificates, and using AI to analyze your brain: Multimodal Automated Interpretability Agent! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-837

Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://vorondesign.com/ https://www.prusa3d.com/ https://www.creality.com/ https://bambulab.com/ https://elegoo.com Major 3D File libraries: https://printables.com (Prusa) https://thingiverse.com https://thangs.com https://makerworld.com (Bambu Labs) https://cults3d.com Youtube Channels: Uncle Jessy CnC Kitchen The Edge of Tech Makers Muse Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-835

Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues! Show Notes: https://securityweekly.com/psw-835

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-833

Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Show Notes: https://securityweekly.com/psw-833

In today's episode, we delve into the "cyber incident" that has brought CDK Global's systems to a standstill, impacting more than 15,000 car dealerships (https://arstechnica.com/information-technology/2024/06/cyberattacks-have-forced-thousands-of-car-dealerships-to-paper-for-a-second-day/). We also explore the active exploitation of a SolarWinds Serv-U path traversal vulnerability, urging urgent security updates (https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/). Lastly, we examine the UEFI firmware vulnerability affecting multiple Intel CPUs, highlighting the critical need for immediate firmware updates (https://thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html). 00:00 Introduction 00:56 CDK Global Cyber Incident Cripples Dealerships 03:02 SolarWinds Serv-U Exploit: Immediate Patch Required 04:54 Phoenix SecureCore UEFI Vulnerability Hits Intel CPUs Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: CDK Global, cyber incidents, car dealerships, customer data, SolarWinds, Serv-U, cybercriminals, UEFI, vulnerability, Intel, supply chain security, CVE-2024-28995, CVE-2024-0762 Search Phrases: CDK Global cyber attack, car dealership data breach, how to protect customer data from cyber threats, SolarWinds Serv-U vulnerability CVE-2024-28995, UEFI vulnerability affecting Intel CPUs, protecting endpoints from cyber incidents, steps to mitigate cyber attack downtime, supply chain security concerns in tech, immediate steps for car dealerships during a cyber incident, measures to fix UEFI vulnerability Video Episode: https://www.youtube.com/watch?v=dpGVq57dil4

We talked to Jesse Michael (@jessemichael) and Mickey Shkatov(@hackingthings) about BIOS/UEFI reverse engineering and more! Here's a list of some of the things we talked about: Eclypsium Driving Down the Rabbit Hole (DEFCON 25 talk about Nissan Leaf exploit) Intel WiGig BIOS Port 0x80 UEFI https://github.com/tianocore/edk2 for UEFI  DediProg SF100(And SF600) Chip Clips chipsec UEFITool BusPirate Tigard QEMU VMWare Workstation UEFI exploitation for the masses (DEFCON 26 presentation) One Bootloader to Load Them All (DEFCON 30 presentation) BIOS Dehumidifier Function Remotely Attacking System Firmware (BlackHat 2018) Intel System Studio 2020 Intel DCI USB A/A cable for DCI Debugging Damn Vulnerable UEFI (Look out for BlackHat talk) UEFI DOOM Flappy Bird in UEFI UEFI Tetris Self-Replicating UEFI App (In 420 bytes!) System Management Interrupt Unknown Cheats Forum System Management Mode Edk-devel mailing list Xenoh Kovah's UEFI training videos efiSeek for ghidra efiXplorer for IDA Binary Ninja Intel Management Engine me_cleaner ME analyzer (By platomav) CPUMicrocodes (By platomav) Coreboot 010 Hex Editor Stardock Fences (For Icon management) Notepad++ The Newlywed Game Streamdeck Toorcamp Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

An extension of the traditional Basic Input/Output System or BIOS that, during the boot process, facilitates the communication between the computer's firmware and the computer's operating system.

An extension of the traditional Basic Input/Output System or BIOS that, during the boot process, facilitates the communication between the computer's firmware and the computer's operating system. Learn more about your ad choices. Visit megaphone.fm/adchoices

A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest This segment of Threat Vector dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, ffocuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Visit Unit 42 by Palo Alto Networks to learn more.  Check out the Threat Vector podcast and follow it on your favorite podcast app.  Selected Reading Researcher uncovers one of the biggest password dumps in recent history (Ars Technica) Troy Hunt: Inside the Massive Naz.API Credential Stuffing List (Troy Hunt) Feds warn China-made drones pose risk to US critical infrastructure (SC Media) TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks (The Hacker News) Swiss Government Reports Nuisance-Level DDoS Disruptions (Data Breach Today) Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (HACKREAD) PixieFail: Nine flaws in UEFI open-source reference implementation (Security Affairs) Update Chrome! Google patches actively exploited zero-day vulnerability (Malwarebytes) Cybercrime crew infects 172,000 smart TVs and set-top boxes (Risky Biz News) Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware (Google Threat Analysis Group) Security Brief: TA866 Returns with a Large Email Campaign (Proofpoint) Each Facebook User Is Monitored by Thousands of Companies (Consumer Reports) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this week's SURPRISE edition, Patrick Gray and Adam Boileau discuss the week's security news. They cover: Their disappointment over last week's SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn't even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week's show is unsponsored, we're just here for the fun of it. Show notes The SEC's Official X Account Was ‘Compromised' and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they're scooping it up. | Ars Technica FireChat – the messaging app that's powering the Hong Kong protests End-of-life Cisco routers targeted by China's Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera's Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says

On this week's SURPRISE edition, Patrick Gray and Adam Boileau discuss the week's security news. They cover: Their disappointment over last week's SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn't even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week's show is unsponsored, we're just here for the fun of it. Show notes The SEC's Official X Account Was ‘Compromised' and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they're scooping it up. | Ars Technica FireChat – the messaging app that's powering the Hong Kong protests End-of-life Cisco routers targeted by China's Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera's Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says