Colonial Pipeline Attack Recap

Unsecurity Podcast

Evan and Brad are back with episode 135 of the UNSECURITY Podcast. This week, they take a look at some of the issues stemming from the Colonial Pipeline attack—what the economic impact of cyber crime is, how attacks may begin to impact the power grid, and more. Give this episode a listen or watch and send comments, questions, and feedback to

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:23] Evan Francen: All right. Welcome listeners. Thanks for tuning in to this episode of the unsecurity podcast. This is episode 1 35. Like a lot of numbers 135. Yeah The date is June eight 2021 joining me is my good friend. As usual. Mr Brad Nigh. Brad how are you?

[00:00:42] Brad Nigh: good? How are you? Hot?

[00:00:44] Evan Francen: I know right. No, we were talking about that for the show started how in Minnesota you were saying that this state has the biggest temperature swing. Yeah.

[00:00:54] Brad Nigh: Yes. Somebody was telling me that air temperature can go from like a 100 in the summer to -20 in the winter. And you know he didn’t x 110 to a wind chill negative 1 50 or negative.

[00:01:07] Evan Francen: I wanted. Yeah.

[00:01:09] Brad Nigh: Well swings. That’s that’s crazy to think about

[00:01:13] Evan Francen: it is man, it’s too damn hot. But you know, thank God for air conditioning. Um It cost us more money of course, but could be worse. Yeah. Yeah, I got nothing but first world problems, right. Is that what they call that?

[00:01:28] Brad Nigh: Yeah, exactly

[00:01:30] Evan Francen: anyway, where you look you look at because you know another thing here in Minnesota is you do have a homeless population like you do in every sort of major metropolitan area and you see them in the you had a winter and it’s like, oh my God, I can’t believe it that they survived. You know, we do have a pretty good I think support system here, but then, you know, also in the summer, man, it’s 100° and you’re carrying all of your belongings. Yeah,

[00:02:00] Brad Nigh: and it’s not just one day, this is like we’ve been under a heat into or heat warning since like last thursday.

[00:02:06] Evan Francen: Yeah,

[00:02:08] Brad Nigh: thursday this week.

[00:02:10] Evan Francen: Mhm Yeah, we got a lot of good things about again last week, last week. I like how we sort of took some, you know, some news articles and dissected them a little bit. I think our listeners appreciate our take on some of these things. That was some of the feedback I got over the last week. So we have five new things or topics or news, whatever things to talk about today. Um but before we get to that, I also want to just check in what’s new what one of the things you’re hearing on the streets you were mentioning before we got started that you’ve been busier than ever. Yeah, consulting sign.

[00:02:52] Brad Nigh: Yeah, it’s fantastic. Um you know, we’ve got a pretty big uh companies uh, talking to us and asking for, you know, interviews to understand, you know, services and Uh huh Yeah, then it’s been, it’s good, but right been very busy.

[00:03:13] Evan Francen: Well, yeah, I mean, I think sometimes it is possible that too much good. You know, it seems like maybe

[00:03:19] Brad Nigh: yeah I will I won’t lie I am looking forward to actually taking a real vacation this summer.

[00:03:26] Evan Francen: Yeah well you you’ve earned it man especially given you know some of the things going on at home with health and kids and just all that stuff you know.

[00:03:37] Brad Nigh: Although I did go into the office thursday last week

[00:03:41] Evan Francen: yeah I’m going into the office tomorrow and thursday so you’ll be in we’ll see each other face to face.

[00:03:46] Brad Nigh: I won’t be there thursday we’ll see maybe tomorrow look at. Yeah it was weird going in that was the first day since March 17 last year I was actually like in the office around people

[00:03:58] Evan Francen: Alex is Alex taking over your office permanently now

[00:04:01] Brad Nigh: we’ll see. I don’t know I’ll probably only go in a couple days a week at this point so if he’s gonna be in there every day

[00:04:08] Evan Francen: well between the two of us we can take

[00:04:10] Brad Nigh: oh I’m sure

[00:04:11] Evan Francen: maybe only one of us really. I mean he snapped that big.

[00:04:14] Brad Nigh: You play soccer we have to corner.

[00:04:16] Evan Francen: That’s true, he’s squirrely. Yeah

[00:04:19] Brad Nigh: but yeah it was cool, it was very nice to see everyone, it was surprisingly a little bit overwhelming from a like input right because you haven’t been around that many people for so long. It was very cool.

[00:04:33] Evan Francen: Yeah that was one of the things that I was telling my wife about is I struggle I I’ve gotten better now but you know, in the first couple of weeks I struggled with my social skills. Yeah, it wasn’t used to seeing somebody face to face. I’m like, so how you doing? Right?

[00:04:53] Brad Nigh: Well it’s called a part to everyone. But yeah, it was, it was, well, I mean were, you know, introvert and I said to an article, there was an outgoing introvert where it’s like once you’re in the situation, you’re very outgoing and you know personal, but then it’s like exhausting and you have to be alone to recharge and that’s like about, you know, it’s like, you know what, I’m just gonna head home at lunch is, yeah, now.

[00:05:19] Evan Francen: Yeah. Well because daily naps and the daily naps I get, I might have to put a bed in my office, in the, you know, in the office because I did these naps. Like that work. I’ll go meeting to meeting the meeting and then I’ll get like a 30 minutes Break and I’ll just go take a 15, 20 minute nap. Yeah, back up again and be recharged and ready to go.

[00:05:42] Brad Nigh: I think they showed like a 20 minute nap is the perfect time. It’s huge recharge. Like you said,

[00:05:50] Evan Francen: it really is, man, I do it. I’ve gotten into this habit now. We’re up, I might do two or three of those a day, awesome. Yeah, I love it. Well last week the, it was a short week. So we had Memorial Day, uh, I don’t know if we formally acknowledged our appreciation for the men and women who, you know, who have served and given the ultimate sacrifice. I didn’t last week, it was simply an oversight. You know, we take that stuff really, really seriously around here. Yeah. Um so that was last week and then had some really good demos for security studio, you know, big companies coming kind of out of the woodwork that I’ve never, you know, a big, really big aerospace company, the biggest, yeah, I reached out last week and I was like, how did you hear about us? Yeah, Really cool though. So I think we’ll get that business

[00:06:48] Brad Nigh: right, well, what’s so cool about it is they came to us. It’s not like that’s never been are target market, It’s always been that autumn in size of underserved market and now bigger b players are, I mean to us and be like, oh yeah, oh, how do you want

[00:07:06] Evan Francen: this? Well, yeah, I think, I think because they may be there, you know, they’re in their third party risk management processes or somehow maybe they’re seeing, you know, some of the product of the work that we do, you know, in that underserved market and they’re like, wow, this is kind of better than maybe what we’re doing? Yeah, maybe we can go that route too.

[00:07:27] Brad Nigh: You know what, I wonder if they ah if they got one of the questionnaires mm somebody

[00:07:34] Evan Francen: Yeah, that that’s happened. yeah that’s happened before too but it was weird because it was the sea so himself who?

[00:07:43] Brad Nigh: Mhm so called

[00:07:44] Evan Francen: Yeah so the sea so wouldn’t go on that questionnaire either. So there’s gotta be some kind of you know I appreciate it obviously. And then we did the The 50th Anniversary of 50th Show episode of the Security Shit show last week. Yeah and so that means we drove down, we had people as far as far as colorado Milwaukee uh you know join us for a weekend of camping and by the way man you’re always invited to, you know I mean everybody’s invited uh but it was really really cool. I was so amazed with what we did is we did the show down there on the campsite, I don’t remember what we talked about, brian probably had a little bit too much to drink so if you watch the episode you’ll see that and I don’t drink so I was kind of babysit and keep us on track I think uh huh chris roberts, even if that guy did get drunk, I don’t he just seems like a guy that would be able to hold it together.

[00:08:47] Brad Nigh: Chris roberts is chris roberts.

[00:08:50] Evan Francen: Exactly. So yeah we have a great weekend, we did the show on thursday night when we did friday, we went shotguns uh saturday was just kind of chill around the campground, there were a couple former marines there and you know my I was a Marine corps brat. So we went and hung out, went around town a little bit. There’s a good weekend man. A lot of security talk. Just flipping amazing people, man. I mean the people I get to work with every day, it’s Dunkin on me on sunday. You know, I I got home, I kind of had some me time and I thought holy balls and I actually posted something on twitter. It was, you know, I really feel like God dealt me a handful of spades when we talk about the people that, you know, I’m surrounded with every day. It’s it’s nuts, man. So that was cool. Yeah,

[00:09:55] Brad Nigh: it’s really nice to be getting back to some semblance of normal.

[00:10:01] Evan Francen: Yeah.

[00:10:02] Brad Nigh: E people and

[00:10:04] Evan Francen: yeah, and you can see their face, you can see their facial expressions. I can see when they’re smiling. I can see like, oh shit, you need to brush your teeth or you know, whatever.

[00:10:16] Brad Nigh: I got a new shirt rene said it to me. I don’t I don’t know if you saw it, but it says I keep all my dad jokes in a database. Ah and I went to target with that on and it was cool to see people read it and actually smile or react, whereas for the past year you couldn’t tell.

[00:10:38] Evan Francen: It’s awesome, man. All right, so we have five articles this week, we’ve got us recovers most of formula pipelines, 4.4 million ransom payments. That’s gonna need broad economy. So this was GOP lawmakers. So GOP that’s a Republican, but that’s not the point. The point is uh, he said the broader economy is at risk if the United States doesn’t act on cyber criminals soon. That seems kind of doomsday ash, you know, and that’s there will be an issue in discussion. I think that’s kind of we’re reading anyway, the next one is kind of along the same lines. The Energy secretary, uh Grand Home is her name. She says hackers could shut down the United States power. Well, that’s not good. We need power. Yeah, I think especially when you need air conditioning right

[00:11:35] Brad Nigh: now. Yeah.

[00:11:38] Evan Francen: And the next article, I’ve got this one that you know concerns me amazon side on this

[00:11:44] Brad Nigh: one. I think we’ll have a good conversation about that one.

[00:11:48] Evan Francen: Yeah, exactly. Amazon sidewalk starts sharing your wifi tomorrow, which would have been yesterday actually. Yeah, that would have been yesterday. So thanks. And then the last one is user name and password beach has increased by 450%. Now that doesn’t seem, you know, we hear about Username and password breaches all the time. So that doesn’t catch anybody’s attention. But what caught my attention was the 450%.

[00:12:17] Brad Nigh: Yeah, well in and the average cost of a breach.

[00:12:21] Evan Francen: Yeah, exactly.

[00:12:24] Brad Nigh: And then, but you know, kind of this morning we had that big internet outage As it was one cloud service provider,

[00:12:33] Evan Francen: I didn’t hear about that. Tell me adam and steven it

[00:12:38] Brad Nigh: like I got the alert mhm right before the show really,

[00:12:45] Evan Francen: which sp

[00:12:46] Brad Nigh: it was, it was Fastly, which is a content delivery indiana Oh, listen to a article on it. So yeah, I brought down like, oh wow, CNN Guardian new york times ah

[00:13:06] Evan Francen: yeah, and that is, that’s really recent too, I mean that’s

[00:13:10] Brad Nigh: just happened an hour ago, maybe

[00:13:14] Evan Francen: let’s start with that one, we’ll just add that one to the mix talk about. So we’re going to be reading basically the news thing. So I’ll take the Techcrunch story. So on techCrunch, this is the title of the article twitch, Pinterest Reddit and more go down in fastly Cdn out of cBMS content delivery network update outage resolved after one hour but an hour even is like bad content delivery networks.

[00:13:48] Brad Nigh: Yeah, good hope stack overflow. You lou hey pal if I straight yeah, payment systems in there.

[00:13:59] Evan Francen: Governor at UK hulu, HBO max, cora, Paypal, vimeo, Shopify stripe, CNN the Guardian new york times BBC Financial Times, wow glitch, they’re calling it

[00:14:18] Brad Nigh: so I’m wondering, you know, it was this a, you know, a change that went bad because they didn’t, it didn’t fix it pretty quickly.

[00:14:30] Evan Francen: Yeah, so the original article was 508 A. M. Central so that’s about an hour and well two hours ago there was an update at 3:50 a.m. Pacific time, which is at 5 50 AM. So about 40 40 inch minutes later. Getting, you know, some websites are slowly coming back up. The issue has been identified and is being implemented says vastly on its status page. I guess it was returning a whole bunch of five oh three years and then 402 AM, 12 minutes after that issues seems to be resolved.

[00:15:12] Brad Nigh: It’ll be interesting to see you know, what that really ended up being because yeah, really, I think, yeah, from a convenience standpoint, it’s a a pain, right? But the same time, it kind of shows you still have that single point of failure that, you know, so many rely on, you know, who you think is going to be focus if there was going to be kind of that nuclear cyberwar, would it? They can take down two or 3 the the end and basically shut down the internet.

[00:15:52] Evan Francen: All right. Yeah. And imagine if you were able to find some way to knock, knock off Microsoft and amazon

[00:15:59] Brad Nigh: or Yeah, exactly, yeah, Pick out Fastly and Cloudflare and you’re probably looking at, you know, 75, of the Internet at least. I would think.

[00:16:10] Evan Francen: Yeah. Well, the cool thing about Ashley is they have a pretty extensive status page, which is really kind of interesting because they also keep historical Zahn there. So you can see Now on June eight, which is today, you know, when they, you know, originally sort of became aware of it and then kind of their status updates as they went forward, looks like uh oh nine 58 Universal time as when they have their first log, we’re currently investigating the potential impact, then 10 07 10 11 10 21 10 23 10 26. Uh they were, you know, they just had investigating issue updates, so about a half an hour of that, Then at 1044, the issue has been identified in the fix is being

[00:17:13] Brad Nigh: and what I’ll say this, we’re pretty impressed with, like like you said, how often they were updating that status page. Yes, you know, they don’t have to do it that much but you know that people are going to be checking and this is a big deal. So that continuous communication and controlling the narrative is what we talk about in a D. R. Situation.

[00:17:36] Evan Francen: Yeah. Yeah, totally, if I were looking at this as a company, this is, this might be something to add your own practice to, is to use this as an example of, you know, create a page, a status page if you are that kind of service or create a something page or be ready to anyway, you know when there is a breach or something that happens so you can get out ahead of it because I think of how many support calls, they

[00:18:03] Brad Nigh: probably save themselves.

[00:18:05] Evan Francen: Yeah. Right. And you know what happens when a customer calls support or email support and then you know gets put on hold. Yeah, for hours. I mean that just pisses them off more. But if you have a nice status page you couldn’t go to in reference

[00:18:20] Brad Nigh: and keeping it up to date and you know, Yeah,

[00:18:26] Evan Francen: good job, you

[00:18:27] Brad Nigh: never want to have that happen. But yeah, good communication. I it will be interesting to see what actually caused it. It’s like you got it back up pretty quickly. So is it just a change that went sideways and they rolled it back or you know, so

[00:18:46] Evan Francen: so you just how

[00:18:47] Brad Nigh: they address that

[00:18:49] Evan Francen: and if you look at their status page man, they provide a status every day. No incidents reported on June five. No incidents reported on June six, June seven is empty, June eight is you know when we had all this stuff but on June four you know they had an announcement of their capacity expansion in Toronto. I mean, damn, this is And they said a really good example of communication. Mhm. I’m bookmarking this page is a good example. Yeah. So that way back to what happened. I think we’ll have to figure it out. I think it’s so new that yeah, who knows?

[00:19:30] Brad Nigh: Yeah. And there are people that we’re working on it are probably pretty tired right now.

[00:19:37] Evan Francen: Yeah because they’re out in California. I don’t know if that’s where they probably support all over the place because they went public in 2019. Yeah.

[00:19:45] Brad Nigh: Mhm. What stock price? Around 50 Yeah.

[00:19:50] Evan Francen: All performance specked normal. All operational. So Yeah, interesting. I’ll be interesting to find out what Okay. I think you were probably on the right path thinking that this was some sort of an update that didn’t go the way they planned it to or something. Yeah.

[00:20:09] Brad Nigh: Uh We’ll see.

[00:20:11] Evan Francen: I mean, let’s hope it’s not an attack, a vulnerability even it was, you know, it was an attack. It was helpful response.

[00:20:18] Brad Nigh: Yeah, I’m impressed how quickly they got back up identified and got it back up. So

[00:20:25] Evan Francen: yeah, you kind of have like a breaking news story there. We’re not known for our breaking news. No. You know, let you look at us. Uh huh. All right. Well, the next one I have is from bleeping computer. And as you know, we’ve been under attack, we’ve been under attack for years. Uh You know, not to this maybe this severity of this impact, but global pipeline JBs I think there was something in Manhattan, maybe a train station or something that was taken offline anyway. These things just continue. But a little bit of good news. But you also got to put it into context yesterday. You know, bleeping computer had us recovers most of colonial pipelines. $4.4 million ransom payments. It seems like. Damn. That’s cool. But you know, that wasn’t really the big impact, Right? When we watched $4.4 million. The real impact is what did it do to our economy, What did it do to people’s livelihoods?

[00:21:34] Brad Nigh: Yeah. Well yeah, I know it was crazy to see you thought after the whole, you know, toilet paper reporting fiasco that people might have learned that hey, we don’t have to rush out and poured everything now. But I mean it’s a ripple effect right? Like now these people are going out and Gordon gas and people that need it no longer can get it. And how does that impact everybody? That’s just yeah, it’s not good.

[00:22:06] Evan Francen: Right. No. Well I think the cool thing is this article is this was sort of the first time, you know, kind of a, one of a kind where the Department of Justice, you know, working with others, I was able to track down, you know where the Bitcoin went and

[00:22:28] Brad Nigh: yeah, it looks like

[00:22:29] Evan Francen: recover some of

[00:22:31] Brad Nigh: yeah, Are excited said that they lost access to one of the payment servers on May 14 and then that the funds were withdrawn. So my guess is they tracked down one of those servers seized it and got the key off of that.

[00:22:45] Evan Francen: Yeah. Yeah, totally. Yeah. Yeah. Well I think it’s interesting it’s cool that there was some coordination now will this deter dark side or any other ransomware group from future attacks? No, not at all because they are just, it’s different. It’s just tit for tat right. They’ll find out how the department of justice went about, you know seizing that server and they’ll just protect it better next time and it’s just

[00:23:20] Brad Nigh: it’s always been the cat and mouse. Yeah.

[00:23:24] Evan Francen: Yeah. I don’t think it’s going to change anything in terms of what’s coming.

[00:23:29] Brad Nigh: No but you know on the plus side at least you know we’re not paying for all of that. They lost a lot of their funds.

[00:23:39] Evan Francen: Yeah. Yeah yeah. Yeah. Impact has already done. But yeah the uh the cool thing there the affidavit is public so you want to see a little bit more about uh you know the FBI Yeah how this went about what basically what happened was the FBI gain control of the private key belonging to dark side. Bitcoin wallet holding the ransom our payment how they got the key. I know. I don’t know. That’s not supposed

[00:24:14] Brad Nigh: no that won’t be disclosed.

[00:24:16] Evan Francen: No but I wonder if they did laying hundreds of simple brute force attack and they were using a weak password.

[00:24:24] Brad Nigh: I mean well yeah you know they’ve got tools that we don’t but even if they just you know we’re able to determine where that server physically resided and physically sees it then you get as much time as you need.

[00:24:40] Evan Francen: I would like to see us get maybe a little more proactive and I know there they work on this have them get more proactive constantly be going after private keys of these wallets and then and even not really disposing that you have the private key. Yeah. You know and then when that they you know when money is transferred just transferred back.

[00:25:05] Brad Nigh: Yeah take it back

[00:25:08] Evan Francen: everything. Yeah so they recovered 63.7 bitcoins of the approximate 75 Bitcoin payment. Uh huh. There’s been a big drop in the price of Bitcoins since that happened. But Yeah, anyway on May 14 is when they claim that they lost access to one of their payment servers. Hey it’s just funny to kids.

[00:25:36] Brad Nigh: Yeah

[00:25:38] Evan Francen: there’s so brazen you know it’s like it’s like when they took down that colonial pipeline they’re like oh yeah sorry. You know that wasn’t what we were trying to do.

[00:25:49] Brad Nigh: Right well did you see how they got in? You see the how they determined it um we password on VPN of unused account without Multi factor.

[00:26:02] Evan Francen: I’m telling you man. It’s the basic simplest crap every damn time

[00:26:07] Brad Nigh: I saw that. It was like I want to be surprised but that’s exactly how expected it was it to have to happen something very much along those lines.

[00:26:16] Evan Francen: Right? And I think the everyday person on the street thanks wow, these guys are super sophisticated. No, no 90% of the time they’re not. Yeah it’s their scanning, looking for these systems, these servers they add them to list and then they start going booking and prodding. Yeah it’s just not that damn sophisticated or they you know. Yes, yeah, yeah. So this was the first of its kind first operation that’s kind connected by recently launched ransomware and digital extortion task force sounds head up bad ass, doesn’t it? Yeah. Doesn’t want to be in the digital extortion task force

[00:27:08] Brad Nigh: I want, I would guess you probably can’t talk about that if you are.

[00:27:13] Evan Francen: Yeah, who knows? Yeah, Well right. But the identities of people that do this kind of work, you have to be kept really secret because you’ll get killed,

[00:27:23] Brad Nigh: right? Don’t say you can’t, it really bragged about it. No,

[00:27:31] Evan Francen: you’re taking away their money and you know, these are the Russians and there’s so much you go into about to what extent is the Russian government involved in all this? Because one of the things that kind of bugs me, it’s like when biden said, well this isn’t a nation state, these aren’t nation state attacks. But then you’ve got to think everything that happened, Russia is a communist country that rules their population with an iron fist. Everything that comes out of Russia and the Russian government is complicit. Yeah,

[00:28:06] Brad Nigh: it’s a very fine line I think walk on that. And I think, you know, yeah, you’re right, they’re not going to be able to do this without approval, but it’s not or not necessarily approval, but you know, there’s rules in place, right, As long as you don’t attack any Russian assets, they don’t they’ll they’ll turn the blind eye. So like you said, exactly, they’re complicit, but it’s technically not a nation state. Oh,

[00:28:38] Evan Francen: because it’s not happening. But in my opinion, man, if you have a nation who is complicit in attacking another nation, just call it nation state. I mean, yes, it’s not your guys, your guys sitting in your office. Fine.

[00:28:55] Brad Nigh: I’m not arguing with you. I believe. I agree. I think he had to, you know, it’s it’s this is the diplomacy political crap. That is why we are in that field.

[00:29:04] Evan Francen: Yeah, true. And you’re right, I I don’t walk in the shoes of the president or anything else. But as a someone who sits where I sit, it’s like, yeah, there’s gonna be consequences. I mean, you do, you can’t just let bad behavior continue, right?

[00:29:25] Brad Nigh: Yeah. That will be interesting to see how this continues to play out. Is it escalates or continues or kind of dies down.

[00:29:32] Evan Francen: Yeah. That leads us to our next once our next article. This one comes from Fox News and you know, I didn’t choose the CNN one to even this all out. But it’s a Fox News one because it was the the title that really caught my attention. The title is broader economy at risk. If us doesn’t act on cyber criminals soon. GOP lawmaker says this is Representative Barbarino from new york. Yeah. Congress is next to and all americans regardless of where they live, could see their daily lives impacted as cyber criminals continue to target the broader U. S. Economy could see their daily lives impacted. I don’t know whose life hasn’t been impacted. You may not you let may not hurt enough yet. Wait your life is being impacted. You’re paying more for stuff than you should be. Yeah your identity is already in the hands of a bad person somewhere I’m sure.

[00:30:36] Brad Nigh: Yeah it’s not good. Um you know, I think the task force and some of the stuff with uh improvements and funding for cisa most changes. I think it’s not. Yeah the right direction to go. Just make sure we don’t stop right? Like that seems to be the problem is we start going down one path and then things change or people get distracted or. Yeah. Yeah. Hopefully this is something that is regardless of your political affiliation. You take seriously and work to get done. Is those Attackers don’t care if you’re republican or democrat. No not this

[00:31:19] Evan Francen: well that you know and that was you know, I’m gonna write an article when I get time which we just don’t have time, I haven’t been able to post anything hardly anywhere. The the title of the article is going to be, your government cannot protect you because it can if you’re not doing the things that you’re supposed to be doing then

[00:31:43] Brad Nigh: I mean even you even within a company or whatever you do have responsibilities, personal responsibilities. You can’t just expect to be fully protected, right? Like we see it with people getting fished, I don’t think companies have good products in place and good solutions and it still happens. So I I agree you’ve got to take, there’s gotta be some personal responsibility to be aware of this stuff. Your wife has been impacted

[00:32:12] Evan Francen: well and you’re right man. I mean there’s a lack of accountability because not only will your life be impacted, but there will be lives lost. Mhm. Because you know, with without fast technology’s going cars driving themselves, uh, you know, smart homes all over the damn place. We’re talking about sidewalk here in a little bit. Um yeah, yeah. One, you know, you read the executive order that came out a few weeks ago from, you know, the administration and you know, one of the common did some feedback I got was, wow, that’s a lot. And you know, when you think about it, we are so far behind, we should have been doing this stuff from the beginning, kicking the can down the road, kicking the can down the road, kicking the can down the road and then you get to this point where it seems so counterproductive and so disruptive. I mean there’s a retrofitting crap that you are doing right.

[00:33:20] Brad Nigh: It’s always easier and cheaper to do it right the first time then try to go back and retrofit.

[00:33:26] Evan Francen: Yeah. And it gets more expensive, the longer you get it off

[00:33:30] Brad Nigh: the more painful.

[00:33:33] Evan Francen: Yeah. So any listener who’s listening today because I had this discussion to with with a company like wow, we really have a lot of work to do and I don’t know if we’re really willing to bite all that off. I’m like well that’s fine. Eventually. You’re going to have to you’re going to be forced to or you’re gonna it’s gonna be painful enough to where you’re going to do it. And the longer that happens, I mean you just you can’t not do this. Mhm. It’s just a matter of time or whatever that you haven’t already been.

[00:34:08] Brad Nigh: Yeah. And we’ll talk about, you know what does that mean from a business perspective? And the last article because that’s kind of an eye popping.

[00:34:20] Evan Francen: Yeah. I mean it’s good to know the sad thing about as long as we don’t step up as citizens, the government will have to do what they’re I mean if we continue to demand that they do stuff and we won’t do stuff well then it’s gonna get really controlling and a lot more uncomfortable and you’re gonna have to live with a lot more things that you don’t want to live

[00:34:44] Brad Nigh: and it still doesn’t guarantee it won’t happen,

[00:34:47] Evan Francen: right? I

[00:34:48] Brad Nigh: mean we see it all the time. So don’t think just because they’re now doing this, you don’t have some sort of personal responsibility related to, you know, information security.

[00:35:02] Evan Francen: Yeah. Well I got a call yesterday from Cisa um friend of mine at Cisa who I really admire. Um so it was, it was a good talk, but he called, you have this kind of a heads up on, you know, some things. So I had forwarded that information on to Oscar and the team, you know, it’s kind of a heads up in. Then we have to talk about the same thing, right? Because now Sisa has what are called the big state coordinators or whatever. So every state now has a c step person that’s kind of responsible for helping and overseeing states cyber security operation. Thanks vehicle. But what we were talking about the same thing, man, there’s only so much we can do. I can’t go over to my neighbor’s house and secures rounder. Right? Yeah, I love to I can offer and actually I have and I have done that, but I’m talking just in general.

[00:36:02] Brad Nigh: Well, you can’t do it for everyone. No.

[00:36:06] Evan Francen: So just in the last uh, this article is kind of interesting because it covers, you know, in april, we had em to the Metropolitan Transit Transportation Authority. You know, they were affected to be had obviously colonial pipeline JBs the steamship authority. Um it’s just gonna get worse and worse and worse. What do you do at home? Well don’t have to factor or don’t have single factor authentication on anything remote. If you’re like, most people you don’t need anything inbound now. You changing your defaults on stuff going outbound. But we’re going to talk about that next week. So for listeners, we’re going to talk about how you test the security of your router. We’ll give you a whole bunch of free tools and utilities that you can go use and have your friends use have your make sure years

[00:37:01] Brad Nigh: we are do it correctly. So I don’t accidentally get out our yeah right information. You don’t need people in it for us.

[00:37:10] Evan Francen: No. Yeah. Good point. So that’s it. Broader economy is at risk and and that’s that’s not news shouldn’t have been no anybody. The next one I’ve got is from Barons magazine which you go to the link didn’t realize, you know like a lot of these agencies now they’re kind of going to this, you get so many free articles and then they’re going to charge you. So I was still within my free right? You might run into something. The title is hackers could shut down the U. S. Power grid. Energy Secretary Grand Home says this is Jennifer Granholm, the Secretary of Energy. Uh it’s good to hear somebody actually from the government publicly say that because this has been the case for a while.

[00:38:05] Brad Nigh: Well, yeah, I mean well it’s like yeah they say you can’t address the problem until you admit there’s a problem. So I think we’re hopefully going on the right path on this stuff.

[00:38:18] Evan Francen: Yeah. So two. Yeah taking a deeper look at, you know where our weaknesses and where we can’t mitigate attacks. You know like like we just talked about with vastly um having something quick that will detect it and having a really good solid response. Yeah. Yeah.

[00:38:44] Brad Nigh: The one thing I didn’t like, I was like, oh great, this is good. This is good. And then it gets down to the bottom where there’s the the analyst. It will wow analyst from Wedbush and has talked about, you know, this is gonna be a huge school uh increased boost in spending. Mhm. Yeah. There’s a $200 billion dollar growth opportunity of security alone. Well no, that doesn’t like yeah, maybe they do need to spend some money on that. But that’s just that’s not you’re missing the point although not for them. But Yeah.

[00:39:22] Evan Francen: Right goes back to what we’re talking about. Well, we just talked about colonial, you didn’t need money. No needed to turn off the damn account, you know?

[00:39:35] Brad Nigh: Yeah.

[00:39:38] Evan Francen: You could either turned off the account. You would have done if you’ve done any vulnerability scans on a regular basis, which we all should be doing anyway. You would identify that you had a, you know, a remote access, you know, system out there. The single factor authentication. I mean this is just normal hygiene. It’s like I don’t need more money. Yeah. I just use so early in a I wash pick shower,

[00:40:05] Brad Nigh: right? Yeah, exactly. I mean this is the goes back to, you know, you could spend $100,000 a year on security software. But if you’re not disabling your unused accounts, who cares? You’re not putting multi factor in place, who cares

[00:40:21] Evan Francen: one into into. Of course. So the reason why people are doing these things is wanted. They either don’t understand. But another I think real significant factor here is complexity. Keep adding more and more and more and more crap to your environment. Makes it harder and harder and harder to secure. And so then what’s the answer? Well let’s sell them more crap. No, stop buying more crab.

[00:40:48] Brad Nigh: I mean right. Exactly. And what bugs me is it’s not hard to do the check for an active account. You know, I did it on a it was on a monthly basis looking for a count that hadn’t logged in for You know the last 60 days And logged in for 60 days. That account that disabled. And if nobody complained for six months it got deleted, write it. All I have to do is write a powershell script. It didn’t cost anything. I didn’t have to buy software to do it. It’s basic.

[00:41:22] Evan Francen: I know and so and so and then you see like and you got a question here. So I’ll read from this article as his eyes. So along that same, you know point I’ve seized the trend benefiting both large federal software contractors like pillows and Pantelis Helen tear technologies as well as cyber security software vendors exporting at sale point crowdstrike tenable holding cyber ark, software baroness systems, Z Scaler and Palo Alto networks. And so you’ve got to be thinking, I mean, am I the only one who thinks, yeah, let’s keep it crappy so I can sell more shit.

[00:42:05] Brad Nigh: Right? Yeah. Well if you’re one of the competitors that isn’t listed, you’re probably not real happy with the with that either.

[00:42:15] Evan Francen: But that’s the the insanity of all of this. Like, you know, and I go back to that Senate Intelligence Committee meeting when you know, Senator Wyden asked a perfectly good question about if we had used firewalls the way they were designed to be used, which we’ve had forever and you know, and it doesn’t have to be sophisticated. Just a staple packet inspection. Firewall doesn’t have to be a damn proxy. If you were blocking egress traffic and in grass traffic to only what was required letting the function. It would have mitigated probably the most impactful breach of all time.

[00:42:55] Brad Nigh: But Evan is your trust is real.

[00:42:58] Evan Francen: Thank That was that was funny man. That was another question I had. That was so I gave a talk to the Minnesota cyber commission, that sort of mm, I can’t remember the name exactly. But uh, you know, they make recommendations to the governor on in this state of what we’re going to do. And the first two vendors talked about zero trust, Right? This is where we got to go. Zero trust biden even had it in his executive order Zero trust. And so the C cell for the state of Minnesota asked the awesome question, where do we start? Right. And both of these vendors were like, you know screw it around the issue. You know they didn’t really say probably because they’re not engineers, they’re more sales people. But so I hurried up. You know I was the last one to go. So I hurried up and added a slide to my deck. Nice. Your where do you start? Right. And so I went through and then I got to the zero tricycle. Where do you start? Well, starts an intimate understanding of yourself. Right. Asset inventory. All my applications. Where are they, what are they doing? Who are they talking to? Where is all my data go? Uh where’s all my hardware, all those things. Because how else are you going to do the default deny on all these things and know what’s allowed to talk to? What?

[00:44:18] Brad Nigh: Yeah. Well and that’s

[00:44:19] Evan Francen: the thing. So asset inventory. How about that? Have you ever done that?

[00:44:23] Brad Nigh: Right. Well that’s the thing though. It’s not sexy. It’s hard work. It’s not easy. I mean it’s simple. I would say it’s simple but it’s not easy if that makes sense.

[00:44:36] Evan Francen: But I don’t know if people are turned off by simple and everybody says they want simple. Yet when you look at the way they live their lives. I don’t think you really want Simple because you keep making your life more and more complicated.

[00:44:50] Brad Nigh: It looks like we talked about with a couple weeks ago is You know, you spend eight hours engineering a fix or something that should take 10 minutes. Thank you. You see it all the time. I know I’ve done similar but

[00:45:08] Evan Francen: it’s not it’s not it’s just not as difficult really. Um to grant home. Anyway in her Interview was on Sunday. So that would have been the 6th with CNN’s jake tapper. She was asked if the country’s adversaries have the ability to shut down the U. S. Power grid. And her answer was yeah they do

[00:45:31] Brad Nigh: mm I’m so glad like it she said it but it’s kind of like uh I didn’t see you uh the interview but I kind of feel like it’s like the uh huh.

[00:45:43] Evan Francen: What are you what’s frustrating to is in the wrong hands? This fear this need can be used for good or for bad. You know, for good. It would be able to, let’s get our security basics are fundamentals squared away before we start adding more crap to it. That’s the good the bad is well let’s go and buy some more stuff then we need we need you know, Paulo Alto, we need some Z. Scaler. We got some crowdstrike. You need some endpoint stuff.

[00:46:13] Brad Nigh: I don’t like I like what what she said, you know like what they were doing of making these changes because there are protection standards for production of the electric grid, but not for pipeline and they’ve already made some changes to, you know, move in the right direction for pipelines. They have to, you know, report ransomware attacks in real time. You know, I think you’re starting to see, you know, that’s the right approach. Like, hey, we’ve got to be aware of this stuff, but don’t go by a bunch of stuff to do it, just do the basics.

[00:46:47] Evan Francen: Right. Well, I wrote an article last week And it started with the number 3006. Did I tell you about this? Mhm. Yes. It started with the number of 3006 and Big Bowl. And what that number represented was the number of days that have passed from President Obama’s Executive Order? Yes. Which led to the N I C C S F and that directive that came out a couple of weeks ago. Yeah, a couple weeks ago about protecting the pipeline. So we have this executive order. It all made sense. And then we went through all this work to create these, you know, fairly decent, I think controls a framework and then we make it, you know, non non mandatory. Was that called compulsory? Yeah. What’s wrong with the uh why do you call it critical infrastructure if you’re not gonna treat it like it’s critical infrastructure. I don’t understand that.

[00:47:49] Brad Nigh: Yeah, I don’t know.

[00:47:50] Evan Francen: Well and something else because like half asked infrastructure we sort of give a shit about,

[00:47:56] Brad Nigh: Well there, I mean there’s the um the law in place for like the american or for water treatment plant and it says in there, they have to be doing, you know, risk assessment, they have to be doing these basic things and we know they’re not doing it. So even when they’re there, there’s not the enforcement, right?

[00:48:20] Evan Francen: Yeah. Well, it’s gonna do, you know, it might take something like the power grid getting shut off. We are somewhat at a standoff like the the Cold War where we had mutually assured destruction were in their systems as well, but uh huh Well you cannot hurt,

[00:48:38] Brad Nigh: you know, I think trying to look for, you know, the upside of like the solar winds and the pipeline, it’s gotten people’s attention for sure. And we’re starting to see some stuff, you know, maybe this is that’s what finally affects some changes, something of that magnitude.

[00:48:57] Evan Francen: Yeah. You just hate to see people suffer, you know what I mean? Because they are going to suffer. Yeah, I mean people are so right and they’re suffering because maybe they just sold a bill of goods, you know, I don’t know how many times we’ve seen somebody, you know in an incident response say, well, I thought we were covered, we bought this thing or your thing, you weren’t using your thing, right? And you didn’t even need the damn thing. If you would have been doing the other things? Yeah. Anyway. Okay. So we’re, we have power today. Let’s hope we have power tomorrow. If you don’t maybe for your own personal into response plan, maybe you invest in a generator. Yeah, but you’re gonna need fuel for it. So I know what the hell you’re gonna do about that. Yeah. Solar. Yeah. The sun is still working. All right. So the next one I’ve got is from malware bytes labs. And this is if you find this in, you know, almost anywhere it’s amazon sidewalk. Start sharing your life. I tomorrow thanks. So that was posted yesterday. Today is the day. So if you’re an amazon smart device honor and Amazon is the number one maker of smart devices in the world. You only have until today. You want to opt out of the new program. Well group your echo speakers and ring doorbells into their shared wireless wireless network with your neighbors. Yeah.

[00:50:32] Brad Nigh: And it’s in the article. I didn’t realize that they just dropped well a week ago they gave a week

[00:50:39] Evan Francen: and it’s an opt out. How would that even be close to legal?

[00:50:44] Brad Nigh: I know. Well, especially with what they’re doing. You know, like okay. Whoa.

[00:50:50] Evan Francen: Uh,

[00:50:52] Brad Nigh: I heard about it actually yesterday I was reading a Washington post article that I thought was really well done. It’s like, wait a minute. They’re charging us to use this. What about if you have a data cap. Well they’re saying, oh it’s only 500 megs Up to 500 Meg. That’s the task of my, you know, a limit. Hey, it’s not uncommon to see a one terabyte limit on that. You’re using half of it without my like against the yeah. And I don’t like this at all.

[00:51:27] Evan Francen: Well it doesn’t benefit who gets the most benefit out of this. Right.

[00:51:32] Brad Nigh: Well and you don’t, I mean, yeah,

[00:51:37] Evan Francen: so this is, this is what they say, this new feature will provide better stability for your smart devices during initial setup, possible internet connectivity problem. Okay, here’s the deal. I pay for this crap. Your problems are not my problems. Yeah, it’s like, it’s like, and I switched internet providers a couple weeks ago to um T mobile. Mm Now I was fully expecting that when I called T Mobile that they were going to have me troubleshoot their damn device. When it’s like your damn device, you troubleshoot your device, you fix it. You make it work. Not me. It’s frustrating that I have to take any time out of my day, call you in the first place now. Thank God. And I called T Mobile. I probably got the most, the nicest guy ever and he was like, I can tell you know, some things about the network already. I’m like, yeah I do because I’m just going to escalate this. I think it’s something at the tower like awesome.

[00:52:37] Brad Nigh: That’s awesome when they get the right a good person.

[00:52:41] Evan Francen: Yeah, I loved it. So shout out the T mobile for treating me right and I know others probably have their own experiences. But yeah, this pisses me off too man. I this is a one of the biggest companies in the entire world that decides that they have the the authority the right to just turn something on in a device that I paid good money for. Mhm And and not even hardly. We’re in this industry and we only found out about it like in the last few days, what about the normal, you know, a person down the street

[00:53:21] Brad Nigh: well and we already know that they share video from rain with law enforcement. What are they going to do with this information? Are they just sounds not too share all the internet traffic that they get. Is that going to be the web searches? The voice search is what does that mean? Yeah,

[00:53:40] Evan Francen: this, this is not cool in so many different ways and I don’t know how we hold them accountable. You know, it was going back to the solar winds attacked to that Senate intelligence committee meeting. Amazon was invited. Amazon didn’t go and amazon was called out by just about every senator who was on that committee. They don’t care. I mean at what point do we as consumers go, Yeah, I don’t think amazon gives two craps about me. I don’t think google gives two craps about me. I don’t think twitter cares I don’t think facebook cares, all they want is more money and more manipulation and it’s just another example that and why did you wait until like just last week and announced this thing existed? And the reason why if anybody you know we talked about this before to the inability of people to think critical anymore. The reason why they didn’t want to have all the backlash until it was too late if you had announced this a year ago. I mean imagine all the. Yeah.

[00:54:44] Brad Nigh: Yeah it was interesting. I’m reading the threat post article that was linked to it. It’s got a little bit more technical details in it. But we realized they’re using their own brand new protocol for wife. So it’s not even like a gnome. I mean like they say you know weapon W. P. A. Works so secure. I can’t imagine that this is going to cause you know there’s not gonna be issues with.

[00:55:11] Evan Francen: Yeah so this is what I would do. I was a user if I have anything amazon in my house take it out burning.

[00:55:21] Brad Nigh: Yeah I don’t have

[00:55:23] Evan Francen: I don’t either. There’s no way in hell I would and this you knew that this is where it was going. This is just the big is this just the beginning Why I mean. Yeah they make money off of selling you new equipment and things in your house but the real money is in the data.

[00:55:41] Brad Nigh: I do. Yeah I do like this quote Dimitri urban tov who’s the ceo of positive technologies he said problems are inevitable quote every time you introduce black city or new functions into the IOT ecosystem, it creates the possibility for vulnerabilities, threats, exploitation and attack. Yes, yes. So it’s kind of you

[00:56:05] Evan Francen: that well then there’s that, but then there’s the just the audacity oh yeah. To do this without any permission whatsoever. You make me opt out assuming I even know about this how much like make me opt in. I mean we’ve talked about this how many times in privacy opt out it’s not the way to go opt in is the way to go and you just turn this stuff on.

[00:56:32] Brad Nigh: Yeah. Well in interesting enough it says it looks like somebody reported that they opt out on Alexa and then they announce spring it opted her back in because it was a different device.

[00:56:47] Evan Francen: Absolutely. And you know, when they do the next software update or whatever, it’s just gonna pop you back in again. I mean people have no clue what these things are actually doing and now even more so because now you’ve got this proprietary protocol that we don’t understand yet. I mean we will, some of us probably already do. But so here’s the thing. So for people who don’t know what amazon sidewalk does. Uh it basically creates a shared network of devices within your neighborhood, right? Like I’m kind of like this full mesh network of sharing stuff. So your neighbor, they’ll be joined to your network with your stuff. So you kind of create this resilient thing I guess. But there’ll be bar you’ll be sharing and borrowing, you know, internet connectivity. Uh They do say data transfer between the homes will be kept. But I don’t want to be connected to my neighbor. I heard you don’t like the fact that I get his wife. I said, you know, I mean I don’t connect to it. So you know, I don’t mess with that. Oh my gosh, this is not going well.

[00:58:02] Brad Nigh: I mean, you know, in the again in that post or linked in there. You know when Apple unveiled its air tag device in april and allowed find my app to locate lost items. Ah Within a week a researcher demonstrated that I might have to be exploited to transfer data to and from random passing devices without using the internet. Okay, great. Now we’re going to connect everything.

[00:58:32] Evan Francen: Uh huh. So what happens after June 8? If you didn’t opt out,

[00:58:38] Brad Nigh: I’m gonna guess there’s gonna be a lawsuit

[00:58:42] Evan Francen: and amazon’s can be like, Yeah. So what are you going to do? I mean it’s it’s sound audacious. You know, I saw after I read this. I saw also that the Brazos and I think his brother are going to be taking a trip to the moon. I’m like leave them up there. Yeah, we don’t want them back.

[00:59:03] Brad Nigh: I mean it’s one of the things where there’s, you know, there’s good that was, that came out of some of this. But then it transitioned from good to the money grab and you, you know, kind of losing where they were going. It’s like when google change there, um thing from do no evil and they changed that. It went downhill.

[00:59:29] Evan Francen: You lose your yeah, I mean money and like you and I were talking before we started the shelves, money is not bad. Money is a good thing. It’s the love of money that leads to all this. Like taking advantage of people and doing this weird crap. So if you have any of these devices according to amazon it’s ring floodlight, cam, 2019, ring spotlight cam wired 2019 Bring Spotlight Cam MT 2019. The Echo, 3rd gen and newer echo dot 3rd 10 and newer echo dot for kids because obviously we should be sharing our kids data with everybody as well. Third gen and newer echo dot with clock. 3rd 10 and newer echo plus all generations Echo show, second generation echo show +58, 10, all generations echo spot eco studio cool input, echo flex. You got anything in your damn house with echo on it, throw it away.

[01:00:26] Brad Nigh: Ring Yeah, I know my neighbors have a ring, doorbell and I will definitely be going over and telling them today to make sure they opt out because I guarantee you they don’t know. I mean like you said, if we, if we’re just finding out about it and if you know the E. F. F. Was saying like, hey, we just found out about this, you know, that most people have no idea. And because they didn’t really publish it, they probably won’t, wouldn’t even know like they didn’t tell anyone they were doing this.

[01:01:00] Evan Francen: Yeah, john cale is the director of technology projects and Electronic found your electronic Frontier Foundation. So they didn’t find out about it until an email, reported him email and reporter emailed him about it. Yeah, it was

[01:01:22] Brad Nigh: very sneaky way to roll this out.

[01:01:24] Evan Francen: Which makes you just even like man that you raise every red flag. You got one the fact that they’re creating this amazon sidewalk thing. We’re gonna be sharing stuff with your neighbors that should, that should be enough. Actually a red flag even just have something in my home, listening to me talk and sending it all over the planet. Yeah. And then the fact that you’re going to create this this thing that should cause another red flag and then the fact that they rolled it out the way they did.

[01:01:56] Brad Nigh: Oh my gosh. Yeah. Well

[01:01:59] Evan Francen: I’m becoming an amazon hater man and I don’t, I don’t like that.

[01:02:03] Brad Nigh: Yeah. Well and what’s crazy is it’s not their network, they’re using our data, but it’s their rules. Course they want the best of everything. Right? Like hey, we want all this control without actually paying for it. You’re going to pay us for us to control how we use your devices. You gave

[01:02:25] Evan Francen: the world has gone nuts. My friend.

[01:02:28] Brad Nigh: I you

[01:02:29] Evan Francen: need to All right. The last one I’ve got uh is this one comes from beta news And it’s user name and password breaches increased by 450%. You know, we’ve, we’ve seen over the years. God knows how many headlines exactly sort of like this. Um The 450% if you know math, that’s that’s a lot.

[01:02:57] Brad Nigh: Especially given the numbers that we already knew were out there.

[01:03:02] Evan Francen: Right. This is a report from forge rock. I’ve never heard of four track before, but yes. And there’s somebody cool. Uh the report finds that unauthorized access with the leading cause of reaches for the third consecutive year, Increased year on year for the past two years and accounting for 43% of all breaches in 2020, of all breaches happen because of unauthorized access. The most common way to gain unauthorized access is through a his name and password that’s been exploited or exposed in one way or another.

[01:03:39] Brad Nigh: Colonial pipeline. Exactly. A great example. We just

[01:03:43] Evan Francen: everywhere man. So multifactor authentication please. You’ve heard that before. Um Yeah. Do you have anything exposed on the internet anywhere? The log in page that doesn’t require multifactor authentication at some point we go it would be nice if there was a lot like if you have this because it’s just such a simple fix you can find like into oblivion.

[01:04:12] Brad Nigh: Yeah. And you know, again a well say take it with a grain of salt because shockingly for draw does identity access management? No, they do have a little bit of Oh but that being said. I do. I’m not surprised by the findings. I’m not questioning them based on what we’ve seen. It’s just Yeah. Yeah. I don’t bring it. That really surprised me is the average cost of a breach in the US increased to $8.64 million. That’s a

[01:04:48] Evan Francen: lot lot of money.

[01:04:52] Brad Nigh: I’m gonna want to read that um full report and see if they’ve got my understanding.

[01:05:00] Evan Francen: Yeah. Yeah, for sure. All right, well, that’s uh that’s our news stuff for this week. I like kind of doing this one because it gets me fired up. Like I’m really ticked about amazon and all this stuff. I mean really the fixes are so simple and I wonder at what point? Just gonna you know, we’re actually going to slow down and do things the right way. Mhm. Ah But All right. So any shout outs for you sir.

[01:05:29] Brad Nigh: Um Gosh. Uh shout out to our I guess uh sales CS. Mtm. Um Just doing things the right way and being supportive of the consulting and text services. You know, it’s always nice to know the customer service people have your back to. Yeah.

[01:05:51] Evan Francen: Yeah. I’m going to give a shout out to uhh. Mhm. Mhm. Have a whole bunch of people that I would love to give shoutouts to. I’m gonna give a shout out to all the security shit show fans. There was a lot of fun to see them last weekend and hang out there. Just good people. Yeah. Alright. So thank you to our listeners. Thank you brad. Always a great conversation man. Yeah. Did you like it today?

[01:06:17] Brad Nigh: Yes. Okay.

[01:06:21] Evan Francen: If you have something you’d like to tell us your free the email the show at un security at hotmail dot com. If you’re if you are the social type, you can socialize with us on twitter. I’m @EvanFrancen and Brad is @BradNigh other twitter handle is levelers handles and never say that sentence. @UnsecurityP He doesn’t get posted too much. But you can follow that for Security Studio is @StudioSecurity and FRSecure home base is @FRSecure. So that’s it. We’ll talk again next week.