Ink & Bytes
Ink & Bytes
Episode Nine - Night Fire And Cybersecurity
Ever wondered what it's like to tackle the digital demons of cybersecurity while juggling a chef's knife? That's the life of Nightfire, our latest guest—a YouTuber who cooks up a storm in the kitchen and fortifies firewalls with equal passion. Throughout our insightful chat, he takes us from his early fascination with the glamorous hacker stereotype to mastering the nuts and bolts of cybersecurity. We swap tales of forgotten passwords and the humorous side of tech mishaps, but also touch on the serious business of protecting the less tech-savvy from predators of the digital age. Nightfire's journey highlights the blend of skills needed in the cybersecurity arena, emphasizing the importance of a purple team mindset.
The rapid advancement of AI and smart technology is like a double-edged sword, and we make sure to handle both edges with care. Discussing the implications of these innovations, we muse over how they're reshaping education, from grammar assistance to coding help. Yet, we remain grounded, acknowledging AI as a tool, not a replacement for the human touch in creativity and teaching. The conversation takes a sidestep into the cryptic world of cryptocurrency and encryption, where we unpack the complexity of public and private keys with an accessibility that even our non-techie friends would appreciate.
Rounding out our in-depth exploration, we confront the darker side of the internet—the looming shadows of botnets and cybercrime. But it's not all about doom and gloom, as Night recounts an almost cinematic tale of dismantling a hacker's botnet and the subsequent, unexpected dialogue with the hacker themselves. We wrap up with a nugget of wisdom for aspiring cybersecurity buffs and a reflection on our indelible digital legacies. Nightfire's insights and stories are a powerful reminder of the importance of robust digital self-defense and the need for privacy in our increasingly connected lives.
Hello everybody and welcome back to another episode of the Ink and Byte podcast. It's another guest episode. I know it's been a little bit since the last time we did it. I was doing a lot of single episodes with just me and I was really lazy and tired, but I'm excited to have another guest episode here. As per usual, I let the person I'm talking to give themselves a little intro, so I'm going to pass the theoretical even over virtual microphone over to my guest uh, thanks, uh, uh.
Speaker 2:You can call me night fire. That's my youtube handle as well. I post video game nonsense with my buddies. Uh, part-time cyber security enthusiast and a full-time chef, and that's about about it. I'm pretty well-rounded.
Speaker 1:Awesome and chef hi, I know you. You post a lot of like food pictures and I'm always like that looks phenomenal. Can I eat it please?
Speaker 2:Yeah, that is what I actually get paid to do is cook food for people.
Speaker 1:Awesome, that's exciting. So I guess let's just jump right into what we both kind of know. You definitely know a lot more than me, because I've been taking the longest break ever and I haven't had time to get back to it. But how did you get into cybersecurity? How did you get your interest in it?
Speaker 2:Well, honestly, I couldn't tell you the specifics, but I know that it was like looking for something new to do. And then I found Network Chuck. He is a fantastic guy. You guys should all look him up on YouTube. He probably doesn't need me to say everybody wants to be the cool hacker guy From. You know videos and YouTube and movies. They make it sound so cool. And then you do a nosedive into the technical aspect of it and you're like this is a lot more than what they show on the TV.
Speaker 1:Yeah, never. Chuck is a lot more than what they show on the tv. Yeah, never. Chuck is a great guy. Um, I I've watched a little bit of his content, but it's really, it's really interesting he's a good, uh, beginner guy.
Speaker 2:You know he gets your attention, he gets you interested in it, and then, when you become more advanced, I moved on to like david bomble he's awesome. John hammond he's a fantastic security researcher. They do some more of the advanced, newer. I think he's now covering a new zero-day exploit that came out this week.
Speaker 1:That's exciting. What was it?
Speaker 2:It's all good.
Speaker 1:As I gave a cue from my dogs, they automatically started barking at the door. So you know you got to love it. But yeah, so what area of cybersecurity interested you the most? I know I guess I should probably with me. What got me into cybersecurity initially was Darknet Diaries and kind of my brother's interest in it. Uh, trying to break into buildings and get into server rooms and just trying to steal or trying to see what information you can steal and get your hands on, even though you're technically not allowed to that. That's kind of what started me being interested in the field was the podcast and just the idea of breaking into buildings like a spy. But what, what area do you like the most?
Speaker 2:that's a tough one because I like the shiny, I want to break in, use the newest exploits. That's always fun, but if you're looking for like a more long term solution, which I am now, it's probably defense, and so blue team is my new interest, as well as like network hardening and firewall attributes.
Speaker 1:Awesome. So where are you predominantly blue team, are you cause I know we there was a. There was a little stint of time that we both were doing the try hack me stuff.
Speaker 2:Yeah, I would say I'm predominantly a purple. I am pretty evenly distributed against attack and defense, which is overall pretty useful, but I wouldn't say I'm a master at either gotcha and you.
Speaker 1:It's all self self-taught.
Speaker 2:That you do right, it's all self-taught yeah, you know youtube videos, uh, virtual labs, vms.
Speaker 1:Try hack me, hack the box stuff you get for dirt cheap yeah, I the uh, the ctfs that you can do on some of the websites and the I know try hack me has a really great um like tools for you to play like gamification type stuff with other people so you can do those little um ctfs and king of the hill. Would king of the hill sounded? Have you ever done one of those, the king of the hills on try hack me?
Speaker 2:no, I never had a uh opponent so I never got to play king of the hill. But what I found is that it's kind of a purple team exercise. You attack and defend a point. You have to get in first, hold the point and then defend the exploit so nobody can kick you out of it.
Speaker 1:Interesting. The concept of King of the Hill is really cool because I never really hear about it. I only hear capture the flag. So I've seen that. I'm like, oh, that's dope. I never played it either. I was too afraid to do any of the competitions on there. I'm like I'm just a simple boy. I have no idea what I'm doing.
Speaker 2:I'm just poking around in the training rooms. Everybody always starts is poking around and then you got to just find yourself.
Speaker 1:It's a maturity thing, you know, yeah, um, I just had a thought but I lost it. Oh no, oh yeah. Do you have you ever um followed or heard of black hills information security?
Speaker 2:no, I'm unfamiliar with that one they're um pretty.
Speaker 1:they're pretty awesome. They do a really good news podcast and stuff and they just have good resources for education. I always recommend those to people my brother he's really big into their stuff. Sorry, my train of thought is being ruined because my dogs won't stop barking, so I'm struggling.
Speaker 2:I understand the struggle. I had a husky for a few years and he talks a lot oh yeah, they're loud doggos.
Speaker 1:I really want a husky badly, but I I hear they're. Are they really like super mega high maintenance?
Speaker 2:yeah, a husky's all fine and dandy until you he blows his coat and then you have to clean up fur for about three months straight.
Speaker 1:Was yours vocal.
Speaker 2:Yeah, super, especially when he wanted attention.
Speaker 1:I gotcha. So what's your goal with your cybersecurity stuff?
Speaker 2:with your cybersecurity stuff. I've kind of transitioned from bug bounties and glory days of hacking into hardware repair. I'm currently owning a small business that I can repair phones, hardware troubleshoot, remove malware. It's kind of cool. It brings in a little cash flow, but it's not like retirement fund.
Speaker 1:Totally, totally understand. So, ironically enough, I was talking I don't remember who it was with, I should, but you know sleepy brain. Um, we're talking with one of my friends yesterday about just computer building in general and they were pretty I'm super bad with it Like my first computer was pre-built and it was a horrible computer. No, I shouldn't say it was horrible, it wasn't good. And then I bought parts and I sent it to shop and I had them put it together for me. But he was saying it's like adult Legos. Do you, can you see PC building and repairing like adult Legos?
Speaker 2:Yeah it, once you get the hang of your first PC. I know that's the most nerve-wracking one, because you've bought all the parts and you want it to go well and then you're wracking your brain what didn't happen? Why is it not booting? But after you get the hang of it and you have a couple builds under your shirt it's basically just Legos Plug in some RAM, paste a CPU. Watch all the pretty colors, do the things.
Speaker 1:I made fun of one of my friends for getting I'm looking at my RAM now. I poked fun at my friend for getting a shit ton of RGB RAM and I'm like, why do you want that? You're not going to look at it. And then I got it, not on purpose, it was just really good Ram that happened to be RGB. And now I just I find myself staring at it sometimes and I'm like, all right, I can get it.
Speaker 2:Yeah, rgb is awesome, but I don't like how prevalent it is in the market. Like I can't find ram sticks that don't have rgb and I was like I don't need my ram to light up yeah, I don't need my gpu to light up. I have lights. I love the lights, but the lights are separate and I can turn them off without turning off my pc, which is helpful for overnight downloads yeah, I can't turn these off, they're just always on.
Speaker 1:I can totally everything's rgb, though like I'm surprised there's not more rgb in this computer. I know, um, my friend just got his computer built. I think the case was like all fans and I'm like all right, well that's, but I don't think I need eight fans. I um sorry, go ahead.
Speaker 2:I mean like uh, the world of PC building. You can have a mini one that sits under your uh TV and runs a basic Linux program, or you can have a powerhouse that runs games at 8K and 120 frames per second or whatever you want. The flexibility is almost infinite with PC building and it's kind of like it's better than Legos, I'd say.
Speaker 2:Until you shock a component and break the whole thing yeah, and then that comes to the technical side and it's like fixing it. I'll enjoy fixing it, I enjoy the troubleshooting. And what did I do wrong? What can I fix better?
Speaker 1:it's high stakes adult legos. Can I fix better? It's high stakes adult legos. Yeah, it's high stakes legos, yeah, I know. Um, I got my new graphics card not too long ago, after everything was built, because my old graphics card was from like pre pre-covid. It was really old. So I got another one, um, and I was too afraid to put it in myself, so I spent probably like a week just sitting on it, going around calling shops trying to find somebody to put it in, and I had like every shop I called was like yeah, that's gonna be 200, 300 and there's probably gonna be a few hour wait time. And this was before I understood how easy it was to put a graphics card in the thing.
Speaker 1:And then um yeah, after getting that response, for like a week I found this dude. It was just a single dude. I didn't know. I thought he had a shop, but his shop closed down. And I called him and he was like yeah, so I've been calling shops and trying to get this graphics card in. What's your price? Because people are telling me like 200, can you do better than that? And he was like quiet for a minute and then he was like they're trying, they're trying to charge you 200 to put a graphics card in. That's a 10 minute job. I wouldn't even charge you for it it's 10 minutes if that literally, and that was like, oh okay, I guess I'm being bamboozled.
Speaker 1:So I tried to set something up with him. Unfortunately he vanished. Don't know if he died or if he just went off the grid. But uh, I mean, I put it in myself and I was very brave and I was like it took me more than 10 minutes because I was like having a panic attack. Every time something moved it was like, oh my god, did I just break it? Oh my god, my baby. No, I spent, I turned my kitchen into like a makeshift workshop to put this thing in there and then I did it, it and I'm like, wow, that was really easy and it gave a sense of like accomplishment that I haven't felt while I'm putting something together, cause it literally was just take out two screws, take the old one out, put this in, screw them back in.
Speaker 2:Yeah, I mean I despise people that are overcharge for the simplest things. You're just taking advantage of the people that don't understand. I mean I can't expect everybody to know every in and out of a PC build or how to run a malware check on windows defender. So I want to. If I have to do basically no effort, I'm going to charge them maybe the transportation fee to get me to their house, but aside from that, nothing.
Speaker 1:Yeah, there's. There's definitely like a morality battle. Like you're, you're holding like the cards. If someone calls you asking you for something easy, you can be like, well, I can either overcharge them or I can be a decent human being. I was so surprised how easy it was. But that's also coming from the person who accidentally plugged in their monitor to not in the graphics card, and then I was wondering why I couldn't run games over like 30 frames. And then I called my friend over when he would live near me to come help me and he was troubleshooting it for probably three and a half hours and then he was leaving. We didn't know what it was. I was like, oh, I guess my graphics card broke or something. He was on his way out he stops in the door and he looks behind my terminal and he just stares at it for like 60 seconds, blinks, looks at me and goes you didn't plug it into the graphics card.
Speaker 2:Yeah, the simplest things are often overlooked by people that do this regularly. I know I've been like, why is it not booting? And then I'm like, oh yeah, I didn't put any Ram in it or the power switch on the power supply. Is it flipped on? I'm like, oh, I'm a genius.
Speaker 1:No, I totally get it. I now, every time I unplug stuff, I take a picture of what it looked like before and then I compare it when I put everything back in Cause. That was like that was, that was horrible.
Speaker 2:Oh yeah, so I mean and like, so I mean and like. I find the biggest scam of them all is those programs that will say we'll remove malware, just pay us, you know, two hundred dollars and I'm like, windows defender will most likely get rid of every single malware that is known, aside from like zero days or something that you put on there by accident, but like it'll get rid of like 99 of the malware for free because it's built into your windows yeah, the uh man, there's a lot of antivirus.
Speaker 1:So my, my um grandmother bless her, I feel I I don't even like going on her network because I'm afraid that I'm gonna get the nuke that's probably sitting on her computer to infect my stuff. But like her computer is so infected like it's crazy, like antivirus. She has like five different antiviruses. She only knows about one of them, that she actually it's mcafee and it yeah, literally, yeah, exactly that one. Every time she goes on the internet she gets warnings that every website she visits is not safe. And I'm like I'm, I'm like how do I tell her her computer is practically a, a, a viper pool of infection and her thought process is if I unplug it from the wall and plug it back in, everything goes away. I'm like, oh gosh, please just get it. I mean, let me, let me just factory reset your computer please we're gonna reinstall windows.
Speaker 2:Everything's messed up yeah, I'm gonna.
Speaker 1:I'm bringing a flash drive with a windows boot on it and we're going to start from fresh because this thing needs to be quarantined, and then I'm burning the flash drive. It's bad, the amount of scammers that might be the safest option.
Speaker 1:Yeah, literally that abomination doesn't need to exist anymore. The amount of scammers she gets. Hundreds of phone calls. It's so crazy. Every time I bring my stuff over to her house I have to sleep over. I have like three vpns going at the same time. Like I'm good chief, I don't need to bring whatever the hell is in this network back with me yeah, you could.
Speaker 2:You could just run tails at last.
Speaker 1:I mean, that's a safe version I've been meaning to just go on wireshark and just watch, because I'm genuinely curious to know what's going on, because it's crazy it's all pinged to china, or something yeah, no, it's.
Speaker 1:It's crazy. Speaking of, um, fixing problems and small problems, I um this is me being silly but on my cali linux I keep forgetting my password, so I think the past five times. This is why I haven't like picked up my normal, because right now I have a cyber security textbook I got for my birthday oh, I'm such a nerd, I know, wow, textbook for my birthday, but, um, I haven't gone back to my Kali Linux because I keep forgetting the password and I have to go through the process of going into the kernel and changing a quick boot setting and then changing the password and I'm like I don't want to do it again.
Speaker 2:And the password management. I'm so glad we have those totally legitimate tools that we could totally trust to watch all our passwords for us how do you feel about speaking of that?
Speaker 1:how do you feel about like, um proton, proton services, because I actually I use proton, but I I I'm curious to know if you have any opinions on them I personally love proton and I recommend it to everybody, simply because they're free or at minimal low cost if you're using their servers.
Speaker 2:But servers have upkeep, so that makes sense, even though legal stuff has gotten in the way that I shouldn't get into. But um, they're just privacy forward, even though these old people in charge are not privacy forward.
Speaker 1:Um, and I I get me going about that. I understand completely. So I talked about this once before, so it's safe for me to bring it up again because I've already talked about it. But my favorite I talked about it with Mooney corn, I think you probably heard it but my favorite was when there was legislation going on about like crypto and stuff, and they were all gathering together and they, like they banned the one person who held any from the from the conference. So you're pretty much removing the only opposition that you could add from the discourse.
Speaker 2:I'm like all right, that's where we're at oh man, uh, the us was gonna. Well, they are banning tiktok and if you watch the debate in the courtroom for it, it was some guy that's probably never even seen a real computer and he's like, does TikTok access the home network?
Speaker 2:and the guy's just like yes, because it has to, and so it's like trying to talk to I don't want to be offensive, but like the older generation about how the internet works because, they just have it in their their mind that TikTok is bad because internet or because blank and blank and you're like no TikTok access is the internet through your home network, because everything has to access the internet through a network.
Speaker 1:It's like Facebook. I mean everybody.
Speaker 2:I mean Facebook's probably more dangerous, but don't worry, you won't be.
Speaker 1:Yeah, you won't. You won't be able to be. I'm pretty in in the episode I talked with with my friend chris, we were doing the same thing, so it's okay. Um is, is tiktok actually being banned like? Is that because I I'm a peacock when it comes to everything like that, like I stick my head in the sand and I ignore everything because my mental bandwidth is so strained that I just can't deal with it.
Speaker 2:I get tidbits of info but I don't personally have TikTok. I'm not going to be affected if it is banned. But the concept of this older generation that makes the laws banning a thing that they're just scared of because they don't understand I mean, I understand the whole chinese network and chinese government part, but that's not the important one is these guys don't fully understand why they're banning it. They just have an idea and they're just executing it regardless of everybody else's wishes.
Speaker 1:And it's the same same people that make cybersecurity laws. I like to laugh about it because black Hills information security they always cringe. They're like they talk about a lot about some of the laws that are made and it's just like there's just a disconnect.
Speaker 2:But yeah, I've had sorry, no, no, I've had Sorry, no, no, you're good, go ahead. I mean, I've just I've applied to a lot of cybersecurity firms looking for employment their website, being the tech geek that I am, find a vulnerability, email them their vulnerability with my, with my resume, and they will just never get back to me ever. And I was like I literally just proved that I can do things and you're just patched it quietly and never talk to me again that's crazy.
Speaker 1:I know you probably really can't disclose, but like was it?
Speaker 2:silly things, like really easy silly things well, I'm not going to tell you the website and they technically already patched it, so it's fine. But when you have the con, the little contact us button, right, they didn't have a captcha or anything, so you could write a five second python script to push that button 10 000 times per second to simply overload their system and that would be considered a denial of service, because you would be causing havoc on their end by giving them too many requests for their servers to handle, and they just added a captcha and never texted me again.
Speaker 1:I feel like you're proving that you can. It's like literally work experience right there. I, I, I'm right, I get it. Man Like I, I, uh, I feel like people like when I do job searching they look at my resume and be like, oh, he's only 24. He's probably lying about half the shit on here and then you just don't get back.
Speaker 2:Probably lying. Yeah, I get that and that's honestly. That was the one case that I did that. I got so peeved that I just stopped trying to look for jobs and I feel like. So I started the small business fixing stuff, get my name out there and then somebody will contact me when they're ready, because clearly contacting them doesn't work.
Speaker 1:Honestly, it's probably just how uh the butterfly effect stuff. Maybe it's uh beneficial, right, because now you have your own small company well, well, can I ask you a question?
Speaker 2:oh please please do, please, I'm I'm a horrible host today yeah, what's your thoughts on the chat, gpt, uh ai, progression, you know, is it doomsday, skynet, or do you think it's gonna help us evolutionize the species of human?
Speaker 1:it's a really good question. I um, really think it depends on the person using it, because, like I cannot tell you, like I was in university when it was in the thick of it and all the professors were like doomsday, prophesizing, and like you'll get kicked out of school and fined and have to pay, like literally you'll never be able to go to school again if you use it. I um, I think if you're the student or the person that gets tasked with saying essay to do and you go up to chad gbt and ask it to write the entire essay and don't even look at it, then you probably shouldn't be in school. But I find, especially in my own utilization of it, that it's a good buffer and it's really good to ask questions if you don't have direct access to another way to find the solution.
Speaker 1:I use it for my grammar, because my grammar is horrible, and I might use it for some of my blogs. I might put in what I write and I'm like how can this sound better? Do you have any suggestions? I read what it outputs and then I edit that further. So I think it's a good buffer, but you never want to use what it tells you from face value and you never want to use it from like a search engine optimization perspective, just copying and pasting it into your own stuff. It's really a buffer. I'm not a developer, what's up?
Speaker 2:No, I was just agreeing.
Speaker 1:Oh yeah, I'm not a developer so I can't say how it feels in that industry. I know I've had used it to write code before, like for my Twitch. They have HTML markup for the about sections and I'm like can you format this in Twitch HTML so I can place it in my about panel? I think there's probably going to be safety rails forced on it, if it hasn't already, because I noticed there's definitely been a dip in the quality of outputs that make it so it can't do certain things to safeguard jobs. I feel like that's something that legislation would end up doing, but I don't think it's doomsday. I don't think it's doomsday. I don't think we're going to be fighting the Terminator anytime soon.
Speaker 2:No, I don't believe it'll be that bad, but I am. No, I don't believe it'll be that bad, but I am, I'd say, confident that it will take some jobs you know, my heart goes out to the freelance artists and having a few friends that are freelance artists it will disrupt their flow, but like you know. But like you know, cars took away the need for carriages and elevators, stairs and, yeah, the typewriter and computers. You don't need people handwriting mathematics anymore and you have a calculator.
Speaker 1:What math teachers say you're never gonna have a calculator, so you have to do this all by hand. But in actuality you always have a calculator. What math teachers say you're never gonna have a calculator, so you have to do this all by hand, but in actuality you always have a calculator.
Speaker 2:Yeah that, so you have the invention of the calculator, ballpoint pen. Things have changed and taken away jobs that seemed essential at the time. Unfortunately, I just believe that's going to happen. But at the same time, an ai only goes off what it's fed. So if it's fed a bunch of pictures of iron man, it's not going to know what a rocket raccoon looks like, you know.
Speaker 1:Just as an example oh yeah, no, totally, and I um my other kind of feeling I don't like saying opinion, but I guess my other feeling of feeling I don't like saying opinion, but I guess my other feeling on on it is like we're kind of in like a creative era, like a lot of like you know, we have self checkout, we have all the technology that are disrupting jobs that could be automated. Rather simply, I feel like it's just approaching an era in the human race where we're going to be able to focus on creativity and not so much I don't want to say mundane because that might sound rude but the rudimentary things that were that seemed important before the technology disrupted it, if that makes sense.
Speaker 2:Yeah, I get it. You know Walmart's a terrible place to check out because there's no people working anymore.
Speaker 1:Yeah, and there's a lot of theft. Yeah, but I think place to check out because there's no people working anymore.
Speaker 2:Yeah, and there's a lot of theft, yeah, but but I, I think I think the, I think the tech allows people to focus on being more creative, um, and efficient. Oh, absolutely. Uh, I think it'll even streamline, uh, constructive learning. You know you're like explain uh the louisiana purchase, dumb it down, and it'll dumb it down for you. It'll use simpler words, it'll and, like your teacher, sure, I love teachers. Teachers are overworked and underpaid. But if you're struggling to understand, like AP chemistry or whatever, and you type in a chat you can see, explain what a carbon bond is, and then it'll give you pictures and it will give you step-by-step whatever you're needing help with. And teachers can't give that one-on-one to a class of 30 or 40 students at once. There's just not enough time for that. So if you use it as a teacher assistant, it would be fantastic, but people are afraid that it is going to be the teacher, which I don't believe it could do that.
Speaker 1:Yeah, I agree. The perception of it just in general was skewed, I think, like it could be assistant learning, like if it was just used as an assistance tool, but it kind of the perception kind of jumped to like it's going to take over everybody's livelihood like, I don't like even no matter about that for years.
Speaker 1:Oh, yeah, like, no matter how crazy the ai gets, if if it's still like you looking at a screen, you're not, you're the the experience of being taught by a teacher is still going to be profoundly better, in a sense, for most of the time, because you're getting a human to human connection and there's things that people can get to better than an AI ever could through inflections, through facial like movement and body language. So it's just, it's literally just an assistance tool. That was just, you know, thought it was going to be in the terminator. I can't tell you how crazy.
Speaker 1:Like every beginning of the semester, like my, my last three semesters, there was like most of the syllabus talk that you get. It pretty much just evolved into teachers ranting about how they hate chat, gbt and how they literally send you to jail if you use it, and I cringed every time. I'm like, okay, it's an assistance tool, it really just depends on the student, really just depends on the student warranted. There was a lot of not to throw shade on the campus, but there was a lot of students that definitely would and have used it to do everything for them. But if you're gonna go into debt to go to school and not really try to do it yourself, then I mean that's on them yeah, I mean, I understand where the teachers are coming from.
Speaker 2:They don't want to dig through piracy constantly yeah and piracy is illegal, regardless if you're using chat gpt or not. Before chat gpt, I was notorious for just copy and pasting quick notes. That was how I got through high school. But illegal, don't do that I will be.
Speaker 1:This is I was telling my bosses today the only reason why I finished math 102 was because covet happened.
Speaker 2:That was the only reason why I finished math 102 and covet kind of showed us that the Internet is no longer a privilege, it's kind of a necessity, especially with forcing kids to do online school. I believe in public school but at the same time not everybody has that access or some people are in a situation that being in front of that many people, or bullying or whatever a public school could be detrimental. But then you, you have the power of the internet and you can learn almost as much, or if not more, information from the internet, as long as you can keep them off.
Speaker 1:You know tiktok and fortnite oh man, you just gotta it's the parent's job to keep the kid focused yeah, the again.
Speaker 1:I had a good conversation about that specifically with chris and the last guest episode. But the, the covid generation, it's like covid just in general, even in my, in our age group and university. You forgot it made people forget how to be students and the stuff I was seeing was wild, but not even in our age group, but like really younger kids and young adults and stuff and teenagers. Um, just seeing the effect that covid had and fortnight had is it's. It's a little scary and as cringy as it sounds, I just seen a video the other day the Skibbity Toilet stuff. That is literally, literally. I was talking to my friend. The Skibbity Toilet stuff is a fundamental building block in middle school ecosystem where, if you're not a fan you actually get bullied.
Speaker 2:Oh, dude, my middle school was just. I think it was the wimpy kid diaries and that was. I didn't read that book because I thought it was dumb, so I was outcasted and it was like what's a cheese dust? I don't understand.
Speaker 1:Oh man, my, my 10 year old self would be so enraged. I was a dieter. I would be kidding her. I never knew people got bullied over. That that's new to me, though I never it was just outcasted.
Speaker 2:It would be like it was just he doesn't get the jokes, kind of thing, but it was whatever it's really like.
Speaker 1:I tried to find a comparable. That's not a word, but we're gonna go with it. I tried to find something to compare when we were in like middle school, where you got bullied for not liking it. That's as cringy as a toilet toilet with a G man head in it and a bunch of people with cameras for faces and I couldn't find a comparison. It's just crazy.
Speaker 2:The internet was at its baby stages back when we were kids, and so, unless you had some serious know-how on how to navigate, because Google's not as old as we, google's younger than us, and so kids could just Google whatever now, and we had, you know, the hip new book. We had those book fairs or book clubs, or it was the movie that came out, book fairs were fire.
Speaker 1:Book fairs are still good and they should come back yeah, I agree there was a feeling of going to a book fair and like, have you ever seen those like tornado tubes where you spin it and you have a little tornado in it oh my god, those were literally my addiction.
Speaker 1:I love those so much. There was just a feeling of going to a bookstore buying a book and getting one of those tornado tubes. I think they were literally my addiction. I love those so much. There was just a feeling of going to a book store, buying a book and getting one of those tornado tubes. I think they were literally called tornado tubes yeah we need more books.
Speaker 1:No, but like more books yeah, and there's like there's a, there's an argument to be made, um, about you, about parents restricting that stuff. Tiktok, doom, scrolling is a thing.
Speaker 2:I'm not even going to get into the book banning stuff. That's nonsense and that's just that has to stop.
Speaker 1:As an English degree and English student, I talked about that a lot with some professors, that's just you know, it's so you want to know something weird, right? What, what's?
Speaker 2:up. I live in montana and it's a weird backward state. Our governor decided it was going to be a good idea to ban adult content on the internet. He didn't do a very good job, because the number of vpn downloads skyrocketed the day that law took effect and I was like, wow, he stopped nothing yeah, I don't think a lot of people in the upper echelons of the legal system know that vpns exist or know what they do or yeah, I think it's more. They don't know what they do um.
Speaker 2:So I'm in california, uh, legally you press a button and you can be anywhere as and you bypass any type of issue that they yeah so I find the issue with that isn't just he did nothing and wasted my tax dollars, it's he made a law that you had to prove that you're an adult to adult websites with a photo id, which is a huge privacy concern. I'm not going to give anybody on the internet my photo id and then people just circumvented it with a vpn, but there's half a billion vpns on the app store and who knows which one's collecting your data and which one's actually doing what they say they are?
Speaker 1:that is true, speaking, um sorry. No, no, you're good, I actually lost that thought the second I started to say it.
Speaker 2:So go ahead uh so I was gonna say they, if the you know sketchy vpn company that you just downloaded for free, is it really free if they're selling your data and then you get these weird pop-up ads or these sketchy malware websites?
Speaker 1:There's singles in your area looking for a fun time.
Speaker 2:Yeah, those. So you're getting all of your web traffic is going to the VPN provider and then to the website you want. But if they're holding the servers, that is, the VPN, then who's to say it's encrypted and they can't look at it to see exactly where you've been on the Internet. So it leads you into a false sense of security. You're like nobody's gonna know. I visited, you know, uh, send nudescom, the noodle website I love that.
Speaker 1:I'm trying to recall the name of the password manager. I should know because I wrote a paper on them was it last pass the one? Yes, that one yeah, that's a really I um, since we're talking about like data collection and even though there's a lot, there's a lot of companies, I say your stuff is secure with us. I think last pass is a great example of a password manager that has your stuff encrypted and then they lose the key to the fort and then your stuff is no longer safe.
Speaker 1:Yeah, it's like oh, so remember when we told you we were like the most secure password manager, and give us your data nom nom nom and we'll keep it safe.
Speaker 2:Oh wait we actually lost the key. I remember I used last pass for like all of one week. I didn't like the way it operated, so I jumped the boat early. But the amount of passwords that are suddenly leaked on the dark web is absurd. And it's just. You can't trust a company to do that if they're not going to be secure themselves. So what do you do?
Speaker 2:exactly, it's I, I which is why I praise proton, uh, with all heavens. They encrypted in such a way that they don't even have access to your private key. Only you do, and the person you're sending it to has.
Speaker 1:Proton's great.
Speaker 2:Proton cannot access anything that you send through their servers. They have it set up in that way on purpose, which I love about them.
Speaker 1:I, uh, ironically, in the textbook that I've been reading, started to get into the section about decryption and they were it was. It was a hard chapter to read but, um, talking about how public keys can only be X, it was like private keys can only be accessed. It was like private keys can only be accessed with public keys and public keys can only be accessed by private keys, and it was like, interesting. That's probably not the exact wordage, but there's a lot of oh no, it's complicated on purpose.
Speaker 2:I had to reread it like three times and have ChatGPT dumb it down for me, so you're not the only one.
Speaker 1:Because it's so weird. It feels like backwards in a sense. I'm like how does that work?
Speaker 2:the way I've understood it is the public key is public for anybody to have. It can unlock your data in a particular way like a safe with a secret bottom is a good way to put it and then your private key can unlock the main part of the safe plus the secret part. And that's just the simplest way I've visualized it no, I like that.
Speaker 1:That's definitely nicer than how the textbook put it. I um, because I still had a few more thoughts about the last pass stuff. I remember that that it was for crime society. Of course, I was the only tech person in the entire room but, um, I wrote my essay about it. But we also got paired in groups and we had to talk about specific crimes. And I had the um crypto exchange company. Oh goodness, there was a. There was a. No, I think it was. Do you remember the crypto exchange that got in, uh, really big trouble and the guy ran away with all the money. I don't remember what yeah, the crypto.
Speaker 2:I don't remember the name, but I understand what you're talking about. He like it was a fake exchange on purpose.
Speaker 1:Oh yeah, I'm bad. I'll put it in the show notes. If I remember, my group had that and I'm the only person that is in crypto. So I had the honor of explaining the whole situation to a group of people who were not reset Because it's a hot topic and being into that stuff on a campus that mostly is not into it was uh, it was. It was fun to try to explain what was going on I mean it.
Speaker 2:Crypto is a weird subject I've had. I've had conversations with people about crypto and it usually starts with that's not real money. And I'm then I hold up a dollar bill and I was like this isn't real money either.
Speaker 2:It's just paper with a one dollar bill on it, but we trust that it's money and that's all it is yeah but that's the same thing with crypto is it's not real money until you put your trust and you know financially back it. But the thing about crypto is they can't just print more Bitcoin. There is a set number in existence and nothing more Paper currency you have. Oh, we need more money and they print it more. It becomes less valuable. The thing about crypto is it's the, the leisure sorry my list, but it is a blockchain of every single transaction that's ever occurred on with bitcoin. Some other cryptos are not as public about that because they want to remain private, but if you're doing sleazy things with crypto, you should be caught, I guess oh yeah, that's.
Speaker 1:there's a lot of sleaziness, so I think again I'm rehashing old round, but I always think it's good to go back to this. I talked to Mooney about it a lot too. There's a lot of scams and stuff in the space where it makes it feel like everybody who's in the space is a scumbag, and it gave it a very bad perception.
Speaker 2:You could say that with paper money too, you got the billionaires that run tax evasion for a living. You got people running stolen money through a legitimate means. They're laundering it. I only know that because I watch Breaking Bad.
Speaker 1:But as we get all of the best information on how to make crystal meth Breaking.
Speaker 2:Bad. The Breaking Bad is fairly legitimate on how crime organizations work while being entertaining. But yeah, so there's sleazy stuff going on with all kinds of money. What's the difference? If somebody's being sleazy with crypto, people are sleazy. You're not gonna magically cure it with a new currency.
Speaker 1:Yeah, during my time in the space I've been, I've experienced a lot of hostility. I've been I used to be in a lot of different discord servers but have promptly been removed from them. Oh, bummer yeah, but it's okay. Um, it's, it's. You know, I always say it comes down to education. Just learn more about things.
Speaker 2:Um yeah, but uh, you can't learn about every single subject. That's time consuming and taxing. Oh yeah, uh, I can't expect to learn anything about cars.
Speaker 2:I don't know anything about cars, but and I can't expect my grandma to understand the magical world of crypto exchange oh yeah, that's, I totally, that's why we live in a society, you know, somebody else is gonna fix my car and I'm gonna fix their computer, and that's kind of where our worth is at yeah, my extent of cars is is that they have wheels and they drive and they make vroom vroom sounds. That's all I know they make vroom, vroom sounds they make vroom, I press pedal car go forward that is about right I had to google what the l on my gear shift was. I was like what is l for I?
Speaker 1:love that I, I, I know, with the cars coming out now, a lot of it is like the dashboard and stuff is pretty much all computers. Now my parents want me to. Oh, all right, I. I've been with an individual who has a flipper zero and it was really fun to see the chaos. Also, this, this is just interesting because thelipper Zero can mess with Teslas right, it can open up the charging port and I've been into CVSs where the individual used it and caused the PA system to go crazy. I'm like it's interesting. I don't know where I went on that line. I thought I was talking about cars and then I remembered the Flipper Zero.
Speaker 2:I mean, the Fliipper zero is a fantastic subject. Um see, the thing about the flipper zero is it's not new technology, it's just incredibly user-friendly. Any noob can pick up a flipper zero and play with things. But it's just taking radio signals and exploiting those. I dabbled in a little bit recently, the uh like starlink radio signals and wi-fi from space. A lot of that stuff isn't encrypted because they expect nobody to pick up the signals, so they that's a very big attack vector it's not like that.
Speaker 2:It's more like I can see where your internet traffic's been, or stealing your neighbor's wi-fi signal. That's uh, essentially the the about that. That's all it is.
Speaker 1:I think it's pretty funny.
Speaker 2:Critical vulnerability or anything.
Speaker 1:It's still pretty funny that it's like we don't expect anybody to do this thing, so we're not going to worry about it. That's kind of funny.
Speaker 2:I mean the transceiver to pick up those space signals is about $300 to $500, so there is a margin of people that probably can't do that yeah yeah, no, totally.
Speaker 1:It's a good point, though, and what you're saying? It's just a flipper zero. It's very easily consumer front-facing, so it makes it.
Speaker 2:It's just like when phones happened right oh yeah, did you see that they uh banned the flipper zero in canada?
Speaker 1:did they?
Speaker 2:no, I have not yeah, uh, they legitimately banned the sale or usage of the device in canada you know what that's gonna do?
Speaker 1:just gonna make people want it more.
Speaker 2:Yeah you're gonna drive down to us and pick one up literally just gonna make people want them more yeah, but I think the really dumb thing was they said that the flipper zero can steal teslas, and they're like now we have to ban the device, and so it's again just older people not understanding what they're doing yeah and banning a really fun toy it's.
Speaker 1:It's a toy, basically yeah, it literally can't like I've from the experience that I've seen with it. It doesn't have the capability to do anything overtly harmful like you make a pa system say there's a cleanup in aisle two, or you open up a charging port and I'm not sure if it can do anything outside of that but children throwing rocks at cars oh yeah it's gonna do a little bit of damage, but it's not worth banning kids and rocks yeah, and it's not.
Speaker 1:Your tesla door is not gonna to open. There was an episode of the Darknet Diaries where they were talking about key fobs and there was an exploit that someone had I don't remember what brand of car, I think Honda's, I could be wrong, kia's or Honda's one of the two when they could mess with the radio signal from the key fob and try to replicate it and then just open your door, like they would capture the signal between the key fob and to the door and replicate it on their own and just open that. That. I mean that that's a little.
Speaker 2:That's a little bit more intimidating than opening up your charging port yeah, I mean, if you get into somebody's car, rather you pick the lock or you uh remote key fob in, you've just lost your vulnerabilities. But it's infinitely less likely that you're going to emulate a key fob, open a door and then drive off the car, mostly because there's some inner workings and most people have those things hooked up to their phones, so they'll be like your car is driving off and they're like why? And then they'll shut it off with their phone and it's like so like it's completely helping at all.
Speaker 2:there there's a disconnect between the younger generation that grew up with this technology and the older generation that's just learning it oh, yeah, totally and so we have to I honestly, we have to quit laughing at them even though it's kind of funny when grandma calls a timeshare a good investment but we have to get on their level and educate them, because if we're all safer together and understand it just a little bit, we'll stop getting stupid laws that don't make any sense and don't help and we'll stop you know all this.
Speaker 2:Grandma got scammed for her life savings because she thought she won a cruise, or I had a great story. My boss I will not give his name, but he is untech savvy to the utmost extreme he was calling what he thought was his phone company and he gave his social security, credit card information, driver's license number, all the information that you know phone companies don't need thinking that he was, you know, paying his bills, because all he did was search phone company xyz in google and press the first result, which was a google ad, which anybody, yeah, can make a fake website literally pay five dollars to google to have it on the top.
Speaker 2:So he got to a fake phone company website, psa just never click the ads.
Speaker 1:Everybody like literally I, I've not yeah, not to side rail you, but literally for a lot of the software that I use for my job there's there's blatant ripoffs that have different naming in the URL that says ad, because someone just duplicated the website and then paid for it to be on top.
Speaker 2:That's not hard and if you can get some money or I feel bad for the guy because you can't really get a new social security number.
Speaker 1:Yeah, those don't grow on trees.
Speaker 2:Yeah, Unless you can count the cardboard that it's paid printed on.
Speaker 1:but that too yeah.
Speaker 2:Yeah, but the attack vector is so wide reaching and you inherently trust Google, which you shouldn't. You should never trust google.
Speaker 1:Google's dumb and a money money pit, that's what they are unironically, I actually have a google hoodie on right now that I bought at their headquarters when I went to california. Is there a microchip on here? Are they listening? Are they going to come?
Speaker 2:take me. They're probably listening to everything. You're going to disappear next week.
Speaker 1:Sorry buddy it's game over.
Speaker 2:It's game over, oh but like uh, I still use google chrome just because I like the way the search engine works. But I also use brave and I know there's controversy against brave. It just depends on what I'm searching. Do I want ads for this in the future? If I'm searching scuba gear or amazon, I don't really care yeah there's ads.
Speaker 2:if I'm searching, I don't know, engagement rings or something a little more private, then I don't want ads popping up all around the house. I use brave, because it'll block those trackers and I won't get engagement ring ads, or, you know, because that'll blow the secret or whatever. Yeah, there was an issue with some lady. She Googled you know baby diapers, baby names, whatever, because she was pregnant but she hadn't told her dad yet. She hadn't told her dad yet and then her dad suddenly saw uh, you know baby diaper ads and it ruined the surprise, which isn't that bad, but it's kind of just annoying that you don't have any privacy ever at all.
Speaker 1:Yeah, it's, it's quite literally like. My favorite acronym is not, it's, it's, it's not um, if you're going to get hacked or popped, it's when you're going to get hacked or popped because it's there's no security through obscurity, so on and so forth yeah, I mean you can take back your privacy, but it's more steps than people would like to do yeah.
Speaker 2:I have conversations with this all the time. It's why would I care about hiding if I have nothing to hide? I'm like it's not about hiding from the good guys, it's about hiding from the bad guys. Yeah, your dinner, your internet, uh, data is on the internet, usually google or wherever, forever or until it burns down in a fiery pit of fire, but it's out there and let's just use, like north korea as an example.
Speaker 1:They really don't like freedom they do not like freedom, that is, yeah, they don't like freedom and everybody knows that north korea is kind of weird.
Speaker 2:Like that they have the government blocks websites that aren't approved by the north korean government. You can't go watch rambo the terminator, the whatever western media is what they call it.
Speaker 1:Or the Dictator. They got really mad about that one.
Speaker 2:Yeah, so you can't watch. I think it was called the Interview, oh yeah, the Interview.
Speaker 1:I'm having trouble for that one. I'm glad you knew what I meant. That makes me feel better.
Speaker 2:I love that movie. It's fantastic. But who's to say that in you know 15 years, a couple of presidential cycles, we don't get that paranoid and start. You know, you talk bad about A, B, C. You're going to jail. Bad about a b, c? You're going to jail. Uh, because you already have that celebrities doing a twitter post from like 10 years ago and they're like I'm sorry, it was a joke, or. And then they get canceled and they lose jobs yeah, canceling there was a yeah, it's.
Speaker 2:I don't want to say it's real, but it's also not fake it's just not as intense that everybody makes it fake. Oh yeah, you have to be somebody before they'll cancel you.
Speaker 1:So that's something there was a woman, I believe. I just read and seen the story, um, of course, when I was doom scrolling. So take this with a grain of salt. You never know if it's accurate or not, cause I didn't fact check it myself, but there was a. It was like uh, two people on TV, they were talking about like um uh, freedom of speech, and there beach, and there's this woman. Supposedly one of her friends died in some incident and this lady posted some uh lyrics from music that I think was. I don't remember the context of the music, but she actually she got arrested, fined and got like 500 hours of community service from posting some music lyrics in the uk or england, whatever they, whatever it's called now, ever since uh yeah, um, I don't know about that story specifically, but it seems super believable.
Speaker 2:Even in the us that's pretty believable people getting fined for I mean, I had a old co-worker that made a tikt, a Facebook Reel or one of those short videos, whatever, and he was doing it in his car with the radio play and it played some copyrighted music. They cut his whole video off because it had copyrighted music in the background, even though he was filming the sunset or whatever. And so if they're listening to every single lyric and then using some, there's no person doing that, there's an AI listening to all your stuff.
Speaker 1:I just read about that Is anything free on the speech, I guess.
Speaker 1:Yeah, no, totally Like on Pixel Bay, where you can get royalty free music and stuff for content. There's specific tracks that are highlighted. Um, there's I. I gosh, I'm so bad remembering this, but it's on the youtube, like google has an algorithm where creators can mark their, their, their content and if it gets hit anywhere on the internet, like on youtube or whatever, the creator can do whatever they want with your stuff, even if it's like royalty free. It's like instant, it's like instantaneous too, like even on twitch vods. I have spotify going in the background and it says specifically like royalty free, copyright free, twitch just automatically muses that stuff. So it's pretty quick.
Speaker 2:Um yeah, and I know there's no way that human's doing that. It is a some robot on their server, so you're constantly being monitored totally and you just hope to the twitch gods that you didn't mess up this time yeah, I didn't breathe incorrectly.
Speaker 1:I remember back when I was in that crime society class I, I, uh engage, I would really like to engage in conversation. When I was in that crime society class, I, I uh engage, I would really like to engage in conversation. When I was in school, I was like the only person of course, everyone's like a nerd jokes on them um I, everybody was aghast when I said that the police have a direct line to tap into every single ring doorbell. If they want, they can just subpoena ring and get like any footage they want. And they were like that's not private.
Speaker 1:No, no, it's not and and there was another funny instance too um, I did talk to my brother about this. It wasn't as big deal as I initially thought, but this this is. This is kind of a good example of don't get really hype about things you read, because it's probably not as crazy as sounds. But I seen a meme of someone I might have sent it to you, I don't remember.
Speaker 1:I seen a meme of it was like a sad patrick from spongebob and the caption was like when the us military accidentally leaves classified military documents on amazon aws buckets that you can just google and see oh yeah, that that was an issue yeah, it's crazy, right, like so I I guess it's not as big deal as I thought, because I talked to my brother, all that stuff and um, but just the thought of having classified government information on an aws bucket that anybody can search for and and the, the, the war um, war, the, the military airplane game, war thunder, the war thunder community, somehow like this is a situation of if I every time I did this, I would have a penny, I would have two pennies, but it's strange it happened twice. Like two times they released, like classified military documentation of of planes on discord servers. I'm like how, how did you get that?
Speaker 2:like oh, dude, you're missing a whole bunch. There's not only two times. This is a notorious problem. The war thunder community is so uh crazy that it has a bunch of ex-military dudes or current military dudes and they're like that tank's not accurate or that plane goes this fast and I'll prove it.
Speaker 1:And then they'll leak classified military documents and they're like see, the tank is this way it's really like you guys are crazy it's really making sure the opsec people in the government are being employed because they have to go through the internet to find these stupid leaks somebody's court-martialed yeah, no, there's.
Speaker 1:I didn't know it was an actual job until today again. Um, there was a cyber security channel was recommended to me and I was looking through their shorts. But the CIA has a job where you can basically be an internet stalker to find where there's loopholes in information that's being put out there. Because there was this interesting thing that happened a long time ago. Somebody did some information gathering and they were able to guess when wars were going to start, because the Pentagon had a massive increase in pizza orders and every time that happened, some conflict started and I'm like I think I saw that exact same video.
Speaker 1:That's amazing, the algorithm man, it's listening.
Speaker 2:Yeah, it's listening. So, you want to know a super cool algorithm trick. You take a buddy of yours, you go to YouTube, twitter, tiktok or whatever you're doing, and then you scroll five videos and you see the drastic difference between your videos and their videos, because it's all handpicked for you guys. You might like cooking and boobs and you're like cyber security and war.
Speaker 1:You know it's just your content feed is hand-picked for what you want to see yeah which makes the whole idea of I googled it really bad no, yeah, exactly, sometimes I think the algorithm can read my brain, because I swear, there's times where I don't even search for something like but it can.
Speaker 2:It's all listening to you, it's like it's crazy it's. I remember, I hate alexa and that google home. It's all garbage because I talk about oh, I would love to go to hawaii. You know I freaking see trips to hawaii on sale.
Speaker 1:I'm like, shut up google it was really scary that, like even when I explained how the cops or the law enforcement have a direct link to your ring if they want, how nobody knew that and a lot of people have, like the crazy smart home stuff. And have you ever watched silicon valley? If you haven't, you it's fucking hilarious no, I should now but really funny.
Speaker 1:I've watched that show like four times. It is the it's so on the nose, like um um, coding humor, cyber security humor. It's a really good sitcom, um, but there is a few episodes where one of the characters got a smart fridge. The character's name was uh Jing Yang, there's, there's, there's, it's. He's really funny, um, but uh, the smart fridge long story short was like listening to all of them talk and was logging all of their uh, their, their, their conversations. I'm like that. That happens. That's a thing that happens in real life.
Speaker 2:Oh yeah, I mean we're getting to that stage where alexa can talk to my start, my smart fridge, and uh, they're like you need eggs. Would you like to add it to your Amazon? Cart and then you'll just have eggs delivered to your freaking door.
Speaker 1:You literally just quoted word for word the exact phrase the fridge said when they opened up the door and they were out of almond milk. It's like, hmm, it seems like you're out of almond milk. Would you like me to add some to your grocery list?
Speaker 2:Absolutely, and some people find that absolutely amazing, and I kind of do too.
Speaker 1:It's just my fridge isn't even sacred anymore smart watches, smart fridges, smart alarm systems, but all of those things have to communicate with your router or with the internet just in general, so it has a link to the outside world of hostility that can then go back to you. So you're allowing more things to be breached, so you're kind of opening up more ways to get screwed over, like like.
Speaker 2:A smart fridge is awesome, but now it has to communicate with the internet yeah, and I mean like I trust amazon or google home to probably update their stuff with the latest security patch, but one that means it has outside access in to give it that security patch automatically. And then it, if you get like some cheap knockoff, it's one not going to get that security update as frequently as I would like. And then it still has that. You know, port open so you can talk to my light bulbs or my smart thermostat. But then you have the pivoting aspect, so when I'm in your smart ac system I can pivot back to your router.
Speaker 2:I don't know put a man in the middle attack yeah find out everywhere you've been, or just shut off your router and change the password. I could do that too it adds so many men man-in-the-middle possibilities.
Speaker 1:I'm glad you said that.
Speaker 2:Yeah, and that's one of the scariest things. It's not like we're already Google's the man-in-the-middle, but there was a thing with Target. It's a semi-famous hack. Reddit on TriHackMan, one of the pivoting classes they have, is a semi-famous hack. Uh, read it on. Try hack me on one of the pivoting uh classes they have, where some hackers got into the smart AC system and then got in and pivoted their way around until they got to the card readers and then just yoinked about 2 million cards that the card readers had. Every time somebody swiped it was going back to the attackers.
Speaker 1:That's crazy, I never knew that.
Speaker 2:All through some smart system that they wanted to have. They're like it'd be so nice to control the AC remotely, yeah and so the internet of things is scary, but I I want it to move forward, but I feel like people need to pay attention, and not people but companies. They need to security patch their stuff. There should be no remote code execution. That should not be vulnerable, you know yeah, no, exactly, but that's a really tall ask, because smaller companies aren't going to have the manpower to do that.
Speaker 1:Larger companies don't care because they have enough money to make the problem go away no, it's speaking of uh, rce and um, I want, I want to tell this story first and then I have a question I want to ask you. So I went to pet smart a few days ago, um, just to get some supplies and stuff and they have a, uh, a collar like machine where you can um put in names and have it like 3d. Yeah, exactly, and that's in like a dark corner of the pet smart. I went to and guess what's directly next to it is it an atm?
Speaker 1:no, their server room. Oh, and when I was there, the door was open, my man's logging screen was open and the server rack was right there and open and I'm like that's why I keep usbs on me, literally like literally, if I I could have just walked, I could have meandered my way in there, took just a nice little usb and just wreaked havoc absolutely uh, but I mean that's kind of circumstantial but still a super bad security practice exactly exactly that goes down to, like where you're saying with the education and understanding these different things, because I guarantee you not, I don't not as like a slight to anybody that worked there, but I guarantee you that never crossed anybody's brains, like because who's gonna know that?
Speaker 1:unless you're, like in the field trying to learn about it.
Speaker 2:Because, like to the average day person it's like oh, it's just a bunch of boxes yeah, if you lock the door, that's already like a really good step yeah not every, not every hacker is going to know how to, you know, pick a lock or want to, in the broad daylight, in the middle of a busy store and then you uh, introduce the, the next level.
Speaker 1:Um, just buy to see if they really are on their game. Just buy a high res or a high vis vest, bring a clipboard and a ladder and just say you have to everybody, everybody listens to a person with a high vis there. You walk in there with so much authority. It's literally confidence. So I, like I love physical penetration testing. I love the stories because half of them always come down to just buying a high, a high visibility vest and walking in the front door with the most confidence ever and talking to the front desk and they literally give you everything.
Speaker 2:Oh man, so that's just like hard social engineering. And social engineering is just what like magicians do. Magicians do slightest hand and social engineering. They're like hey, look over here, I'm gonna move the card behind your back or whatever, and that if that was nefarious, they'd suddenly have your wallet and they'd show you a magic card trick in the exchange for your credit card yeah social engineering is cool social engineering is probably my most uh interested part in all of cyber security, and it's also the most overlooked oh yeah because it's like I work here now and they're like okay one of the weakest links in a lot of people's security and companies is literally people most of the time people.
Speaker 2:It's difficult and I would say women have an unfair advantage in the social engineering department. If you have a nefarious woman who's not gonna hold the door open for a nice lady with her hands full or something. You know, literally yeah but that's assuming they are trying to get in unauthorized. And but if they, if you've never seen them before, just do not hold the door open for them. That's unless you know it's to the store. Hold it open for ladies yeah, start everywhere.
Speaker 1:Everyone starts slamming doors shut.
Speaker 2:No, I'm just kidding but yeah, I worked at like a fred myers once and they had you go through training and it was you have to badge in don't don't hold the door for open for anybody, and I was like that's pretty good security practice. You know, good good on them.
Speaker 1:Oh yeah.
Speaker 2:But if I, you know, if I see this person every day, I'm going to just hold the door open for them. But then it goes into I didn't know, they were fired yesterday, you know. Yeah. No, you don't know the whole story. You don't know what they're doing.
Speaker 1:The um I. I do have no-transcript, so I have two ways to do this. I have it on my flash drive. You can use it, or I have my laptop and I'm so thankful I never. I never even made the connection until after they said it.
Speaker 2:I'm so thankful they said no because of security reasons, and I looked at her. I'm like thank you.
Speaker 1:Thank you for saying that. Oh, you tested your interviewers. Yeah, unintentionally, because when I said that I was like wow Light bulb, I wasn't even attempting to do it, but if I was malicious you could still have it. Be like a normal flash drive.
Speaker 2:They put it in and your videos load up but you can have something in the background that just goes into their computer and they won't even know it. Oh yeah, absolutely. Uh, that's a brings me a pretty good story about bad usbs and people that shouldn't trust them. I was going through the airport and I have a big, bulky computer case that is technically a gun case because I don't trust airlines to not throw my stuff around. Um, but inside there I have, you know, the wi-fi pineapple, the omg cable, the bad usb rubber ducky bunch stuff.
Speaker 2:And then I have a note on it every time I go through the airport because I know they're gonna open it and and I say this is malware, don't plug it in. And it's not actually malware, I'm just testing TSA because they're dummies. They plugged in the USB and it phoned home and I told their boss and I said, hey, one of your TSA agents at this airport plugged in my USB to a computer on york and here's the ping and I screenshotted the ping on my, my home server. They phoned home. I have remote access if I wanted to that's why I hope somebody was fired yeah, no, that's especially that infrastructure.
Speaker 2:It's crazy yeah, the, I don't know. I trust that an airport should be some of the most secure things, especially since, like most airplanes, have an autopilot of some sort oh yeah uh, that would be really bad if some. I don't know if it's even possible, but it would be bad if something happened to the remote systems on an airplane it's kind of like um seeing needles on the ground.
Speaker 1:Never just pick up a usb, don't, don't experiment to find out what's on it, unless you're in like an isolated environment oh, I have become the guy that opens the spam emails and hopes that something interesting pings on the underside.
Speaker 2:I've found some really good ones and some really not so good ones. Uh, I found one that looked almost exactly like a bank login. The only reason I didn't trust it is because I don't have that bank. But if I did have that bank I'd be pretty convinced, because it was like blank and blank bank, dot tech, not, not dot com, which is the actual one. So it was really close. It was dot tech instead of dot com, which would make you think it was still the official website, and they just wanted you to log in, which was your bank account, you know login info, which they would have just taken. But fantastic, kudos on them. They tried hard, yeah awesome, um do?
Speaker 1:I don't know if this is going to be a question you're able to answer, but I just figured it seems fun so I'm gonna throw it out there. Do you have any like stories of tests that you've done that you're allowed to disclose, of anything interesting that's happened?
Speaker 2:uh, can you describe test or?
Speaker 1:just like like with um, just like penetration testing, like when you're learning has anything interesting happened that you're able to talk about?
Speaker 2:I accidentally sorta accidentally got into a spam guy's uh command and control center. I don't know if you're familiar with that, what that is. Yeah, uh, so it's where they but for the audience at home.
Speaker 1:Feel free to explain yeah, absolutely so.
Speaker 2:What bad guys will usually do is they'll send out hundreds of thousands of millions of emails and just hope that something catches. It's a spray and pray technique and, me being the reverse engineer that I can be, opened this spam email, uh, and mapped in and then found a port that is not usually open, uh reverse engineered into it, got in to their command and control center and they had quite a few uh bots, which are just computers that have been infected with a malware, to do something on a later date botnets op yeah, botnets are op but uh, technically it's illegal to do that.
Speaker 2:But I don't think they'd have a case in court. So like he took down my botnet and I was like you're not supposed to have that, that would be interesting court case. I'm pretty sure the judge would be like what down my botnet and I was like you're not supposed to have that that would be interesting court case, I'm pretty sure the judge would be like what's a botnet does that sound?
Speaker 2:that's an ice cream flavor or something yeah, it's an ice cream flavor. It's really yummy, uh. So I took uh it upon myself to disconnect all the bots. I just gave him a kill code and all the bots died. Very noble so nobody was connected anymore.
Speaker 1:Yeah, no, that's very awesome.
Speaker 2:White hat hacking Very upset White hat hacking superheroes.
Speaker 1:Oops, sorry, what was?
Speaker 2:that. Oh, a couple days later he apparently found my IP address that I went through and we had a little back and forth conversation about that and that was pretty chill, dude. Honestly, he did some illegal shit, but he's like yo bro, how'd you do that? I was like you know this? I don't want to get into the technical side of it, but it was pretty. We just had a long conversation about, uh, hacking. After that it was weird he sent me just some dark web websites.
Speaker 1:You know, dot onions have you ever been on the uh, the dark web before?
Speaker 2:yeah, I take the proper precautions and I peruse. Remember there's nothing illegal about looking. Yeah, usually it depends on what you're looking at.
Speaker 1:I'm too much of a I won't say the bad word, but I'm too much of a wimp to do it Again. It's kind of like the dark net diary stories and other horror stories that I'm always afraid that like I'm, if I ever do it just to look and experience it, that I'm gonna get killed by like a russian assassin or something it's a russian.
Speaker 2:It's always a russian guy.
Speaker 1:I don't know why yeah, it's always a russian guy they're the scariest, I'd say.
Speaker 2:But yeah I mean I totally lost my train of thought.
Speaker 1:But that's okay. I keep, I keep butting it, holy crap.
Speaker 2:Wow, we're almost at an hour and a half already well, if you want to call it, and we can do a part two and it's a date I would love to do part two, but I do.
Speaker 1:I'll make sure to put that on my notes that you're down for part two, um we can do a cooking one later exactly.
Speaker 1:So I'll save the cooking questions for next time, because that's good, because I was going to ask you a few, but I think that could be interesting for another episode. I'm glad this was cyber security, because I've been meaning to get a cyber security episode. Um, I guess I'll end it with two questions. The first one is just a normal question. The second one is one that's going to put you on the spot in not a bad way, but in a critical thinking way that my brother likes to do for his and it always makes people clam up for a second.
Speaker 1:So for people who are wanting to get into cybersecurity and kind of learn it, coming from somebody who has been doing fantastic like I love listening to you talk about it and like telling me things because I can learn from you, because you're significantly further ahead in the self-teaching stuff, like I keep taking long breaks and I really need to get back to it but from someone who has pretty efficiently taught themselves this stuff, what do you recommend for people who want to learn more about it or hesitant to like? What do you recommend people who want to learn more about it or hesitant to like?
Speaker 2:what do you recommend? I would recommend try hack me as a beginner. It is, they're very beginner friendly and they show you red teaming, blue teaming and then some networking there. I think $15 a month, but that's totally worth it, for it's cheaper than college and then you can find your own what you prefer in the cybersecurity universe, because there's so many options. And then you can move on from there. But yeah, definitely try HackMe as a beginner-friendly website.
Speaker 1:I love how defined the different career paths are in cybersecurity and just security in general, like I've dabbled in a lot of it. Like for writing, it's not as like being a writer, it's not as defined. But in cybersecurity security, like oh, do you want to be red team or offensive security, you can go this way. You want to be blue defensive? You can go down this way. Like sock analysis, just all of that you can go down this path. You want to be penetrated, like physical penetration, like there's. All of the different ways you can go are so neatly defined that it feels like and you have your certifications in each one. So it's like a nice roadmap for what you want to do yeah, absolutely, but uh, there's just so many options.
Speaker 2:There's probably an uh, a niche for every. You can, yeah, work hardening as a defensive person. You can do social engineering techniques. Whatever your skillset is, you will find it in a cyber security outlook.
Speaker 1:Totally Awesome. Yeah, Try Hackney's great resource Awesome. All right For my final question. You don't have to have an answer. If you don't have it, it's completely okay. No-transcript.
Speaker 2:Words of wisdom Privacy isn't dead.
Speaker 1:You just have to take it back. Awesome, I love that Very epic. Thank you. I really appreciate your time night. I'm looking forward to doing another episode with you about cooking and probably more nerdy tech stuff, cause we're just geeks like that.
Speaker 2:This was super fun. You can invite me back anytime you want.
Speaker 1:Awesome, I appreciate it. So thank you everybody for for listening. It was another great episode and I oh, do you have any plugs or anything? Anywhere people can find you if they want to find you.
Speaker 2:Uh, night fire on YouTube If you want to watch my gaming nonsense with my buddies. But that's about it. I try and stay off a ton of social medias.
Speaker 1:I don't blame you. I literally only stay on it for my streaming and my job. But thank you everybody for watching and I will see you in the next one. Bye.
