Recorded November 10th, 2017. The JFK papers have nothing to do with information security, so let's move on and leave the analysis to the expert conspiracy theorists. Is there an easy way to handle notification floods on your mobile devices -- besides turning off notifications completely? We have a debate on what exactly falls under the umbrella of "social engineering". BGM takes charge of the lightning round!
Recorded November 3rd, 2017. BGM and d0xy compare their reviews of the LG V30. This leads to the conclusion that technology is a personal choice and suits the needs of the user... but we knew that already right? BGM leads us down a nice rabbit hole with his BGM's Going Mad segment, and MasterChen has a new book for recommended reading.
Recorded October 27th, 2017. JFK files released! We need to review it before we can come up with our own conspiracy theories. d0xy reviews the LG V30 because that's the phone he has for some reason. Enjoy the intro because the 31 Days of Scary is now over!
Recorded October 13th, 2017. One Plus is under fire for the data they keep and what they do with it. Their latest press release says they will stop with the data collection by the end of the month; according to them "we promise". So, "we promise" not to make fun of them. See how that works? This starts d0xy on a mobile rant, which is always entertaining.
Recorded October 6th, 2017. This is our first episode in October! Do you know what this means! It's the 31 days of scary! Did the intro scare you? We hope so. You can participate in the 31 Days of Scary too. Remember to watch scary movies, play your scary video games, visit haunted houses, and enjoy the season. It was also the 2600 meeting, and MasterChen is in the magazine! Watch out for it in stores and online! Mr. Fairy asks if the fight for privacy is lost, adn of course we want to ask you, the audience, is it?
Recorded September 29th, 2017. So, when you give apps permission to view your Facebook profile, how long is that permission granted and how much is collected? It seems Tinder will keep pages and pages and pages on you and the entirety of your online social behavior. Does this tie into their algorithm for date matching perhaps? Is all of that information necessary? We talk; you decide.
Recorded September 22nd, 2017. MasterChen discusses his latest situation with his LG phone. Open Source Community to the rescue! F0x discusses Kerberoasting, and of course, we have the lightning round!
Recorded September 15th, 2017. With practically everyone having a camera on them, how is it possible that people of authority still think that what they do won't end up on social media? We discuss this in depth among other things. iPhone X and 8 have been announced and d0xy digs into the tech details. Is FaceID going to work as intended? MasterChen is skeptical.
Recorded September 8th, 2017. In this episode, we are unpackcing the Equifax hack that was recent? Well, it's not so recent if the company knew about it more than 2 months ago! That's just one of the issues here. A little less than half of America is affected. Basically, your potential for compromise is at the flip of a coin more or less. What makes this whole thing disgusting is that Equifax, even though it was their mismanagement of OUR information, is holding us responsible for protecting ourselves this point forward. Thank you?
Recorded September 1st, 2017. If you were doing a code review on an open source project, how would you go about addressing your critiques? Is there a way to present your findings without upsetting the original authors? This discussion all stemmed from our monthly 2600 chapter meeting. We also discuss a new conceptual phone with a hardware kill switch. Innovative, or DoA? Lastly, Facebook: What are they doing right and wrong about privacy?
Recorded August 25th, 2017. Is social media to blame for our current state of the Information Age? Is it social media's fault that a lot of people spend their time in an echo chamber? Will it get any better or worse? Let's discuss! D0xy gives us the summary of Android's official release of Oreo.
Recorded August 18th, 2017. You have heard of the $6 million man, but have you heard of the $6.95 man? We recap the Fauzy Hour, and then jump into the implications of the DNC Leak being local, and not done by "Russians". Lesson Learned? Don't by so cut throat with your own team. We knew that though, right?
Recorded August 11th, 2017. What do we do besides the hacking stuff? Apparently, it's video games, because as you can tell from the first segment, we love our video games. MasterChen went on his tirade about hackers needing to know their history. Relevant or not? Maybe he gets backup from Krux? Find out!
Recorded August 4th, 2017. We have a slight review of DEF CON. We do have to review the case surrounding Marcus Hutchins. Did he write the malware? Most likely, but does it warrant 40 years in prison when someone else uses it? We think not, but we hope the courts can see that.
This is MasterChen's interview with Nick Cano, the author of "Game Hacking", published by No Starch Press. GreyNoise has interviewed Nick before, but in this bit, we catch up with Nick after his presentation and book signing this year. We discuss some of the details in his demo of Luigi's Mansion and a little of why he focuses on PC games instead of consoles. Enjoy!
This is MasterChen's interview with Al Sweigart, author of "Automate The Boring Stuff With Python", published by No Starch Press. This interview was done at DEF CON 25, 2017. This was Al's very first DEF CON, but he shares his excitement learning that his book was received so well by the hacker community.
This is MasterChen's interview with Cory Doctorow, from the Electronic Frontier Foundation, done at DEF CON 25 this past weekend. In this interview, Cory shares the current state of DRM policy and how it can effect they way security researchers do their job. But this is an issue that needs everyone's attention.
Recorded July 21st, 2017. While this was a late release, you can relive the pre DEF CON excitement in this episode! You can obviously tell that MasterChen has turned off his brain, but it makes for good entertainment. The other hosts were at the conference in spirit, and there will be a review of the Con the Friday after as always. Happy Hacking!
Recorded July 14th, 2017. We are a little late to the party, but in this episode, we are discussing the CNN vs HanAssholeSolo story; specifically for the "dox" that are being held over HanAssholeSolo's head. Listeners may know our stance on doxxing; we don't like it, but why? We don't like doxxing to any capacity because it's a weapon that leads to greater damage, potentially for a lifetime. Do users of the internet understand the severity?
Recorded July 7th, 2017. Con week excitement is building as we get closer to it, but do some of the hosts have reservations about going? Do hacker elites shun the newbies? Only the ones who aren't thinking with a clear head. MasterChen does not excuse the behavior as he attempts to at least explain the mentality behind "RTFM or GTFO". The whole point is: find the right people! It's our responsibility to pass down knowledge to the next generation of hackers.
Recorded June 30th, 2017. An old friend visited us during the show, but this visit was extra special. His story makes it clear that if acquiring a certain skill becomes a passion of yours, nothing can stand in your way.D0xy seems to be behind in Android news this week, but is quickly caught up, and a joke that went under the radar for at least 2 of the hosts finally surfaces and everyone laughs.
This is a cut of a joke that was too good to let pass. Enjoy!
Recorded June23rd, 2017. This is episode 100! What are we talking about? Artificial Intelligence! It seems to be a topic that all of us can really dig into. Also, this is a longer than normal episode, so strap yourself in! Where does AI take us? Will it replace us? Is it moral to kill a sentient albeit artificial being? When does it stop being artificial? Let's dig into this!
Recorded June16th, 2017. The Conference acceptance letters went out this week! This also means that rejection letters went out this week. Guess which one MasterChen got this year? L4bF0x discusses her latest research on rate limits using the burp suite for testing. The great thing about discussing vulnerabilities on a live show? You get probed!
Recorded June 9th, 2017. MasterChen is back from sailing the high seas, and he has a full report! Let's analyze a cruise ship's infrastructure! We then get into a discussion about artificial intelligence, but let's use this as a teaser since Zenifi should be present for a discussion of that depth.
Recorded June 2nd, 2017. We talk a lot about the Fauzy Hour, which happens right before the show, but we wanted to give the listeners a taste of what they are missing by not being at the SYNShop. So, bgm starts the discussion with Markov Chains. What are they and how are they used?
Recorded May 26th, 2017. After John Oliver (and his team) created gofccyourself.com, the FCC comment section for Net Neutrality was DDoS'd, but was it legitimate traffic, or bots to stop legitimate comments? Dark times seem to be still ahead for the Net Neutrality subject. The question is, what are you going to do about it? Also, it's POP Quiz time! Can you do better than our hosts?
Recorded May 19th, 2017. Today, we're talking about the future ability for computers to read your brain waves. When that happens, what is considered free thought? Will pre-crime be a concern? Can a tool like this be restricted to only authorized agents? Who knows, but we hope that however this unfolds, it's done responsibly.
Recorded May 12th, 2017. In this episode, we deep dive into the rampant ransomware worm that swept the Internet earlier that morning. They are calling it "WannaCry" and it seems to be a nasty one, folks. Here's the thing to remember, while British NHS took a major hit from this attack, they were not directly targeted...no one was. This was a blanket attack on ANY un-patched system out there. So, listen up and patch your boxes!
Recorded May 1st, 2017. In this episode, one of our mentors clues us in on how SS7 is broken, and what it actually means for secure media. Ever had your 2FA credentials sent to you through SMS? That may be an issue now. The community mic turns this into a particularly bleak episode, but hey, we are always curious about what is on your mind.
Recorded April 28th, 2017. Before getting into the headlines, we discuss at length the power of props, camera work, and acting with a member of the youtube channel "Quark's Space Station". In the headlines, is it proper use of a vigilante's time to brick vulnerable IoT devices? Let's debate!
Recorded April 21st, 2017. The Chicago hackers have taken over the Fauzy Hour! That's okay though, it may be a new tradition for the SYNShop. After discussing the headlines, we get a question from the audience that brings up the debate: A Programmer's Union? Why or why not? While we get the history lessons, the question is still up for debate and we do wonder what are listeners have to say on the subject.
Recorded April 14th, 2017. Back by popular demand, we are using the headlines to drive out main discussion topics. But before we really get into it, d0xy explains why he almost missed the show, and we have a chat with a friend from the Chicago hackerspace on his smart pool table project.
Recorded April 7th, 2017. We are going against the grain! Deep dive into news topics and a lightning round of opinions! How will this turn out? Has our opinion of Wikileaks changed? Maybe shifted? IoT vulnerabilities seem to be big in the news (surprise surprise), and there is a ransomware that asks for a high score in its game instead of BTC!? Challenge Accepted!
Recorded March 31st, 2017. Congress, or at least part of it, has passed a new bill that allows Internet Service Providers (ISPs) to sell your browsing habits and internet usage data to third parties, but what does this really mean? Is there a cost-benefit to providing such information if you have to spend the money to retain it all? Is the real danger in the verbiage of the bill or the mechanics?
Recorded March 24th, 2017. It's (almost) a guy's night! Apple has been threatened by "Turkish Hackers"! Pay the ransom or have user data of millions of iPhone users wiped. What was the ransom? $150,000 and iTunes gift cards...but why? Is this smoke and mirrors, or is money not the end game?
Recorded March 17th, 2017. F0x deems this episode x86! How fitting!? Zenifi reminds listeners that we have a contest going on! Can you crack bgm's code? The contest leads to the perfect segue into the Crypto Party, hosted by F0x at the SynShop. Warrants are issued in Minnesota for Google to give up information on searches in a specific city.
We apologize for the quality of the episode this week. Technical difficulties forced us to rely on our backup microphone.
The Fauzy Hour before the show was so intriguing that we decided to use the show as an extended Q&A with Michael Goldstein, who is a huge advocate of Bitcoin (BTC). How does BTC fare against the US dollar (USD) or Gold and other precious metals? Is it really the money of the future? Does cryptography play a major part in its intrinsic trust as a currency? These were some of our questions, and we hope that this episode answers some of yours!
We apologize for the quality of the episode this week. Technical difficulties forced us to rely on our backup microphone.
Recorded March 3rd, 2017. Second AWS outage in the span of two weeks, but this time, fat fingers are to blame. But what can you do when the cost of the cloud is so cheap? BGM does a preliminary review of the Nintendo Switch and then brings back his BGM's Going Mad segment. We announce our first official contest! Get your cryptology hats on and be ready to decipher BGM's code! We are giving away a Raspberry Pi Zero to the first listener to crack the code. Link to the code in the
Recorded February 24th, 2017. BGM returns!... to an almost empty house. F0x and MasterChen are on assignment, but d0xy and Zenifi weigh in. SHA-1 has a collision! What does this mean? Cloudbleed is discussed at length. Rainbow tables is at 16 TB! Make sure your passwords are more than 32 characters long.
Due to a question from the audience last week, we decided to deep dive into the Net Neutrality subject. Do we want an equal internet, or do we want a competitive service market to drive the price of internet service down? Will driving the price down include playing favorites with content providers? Even with all of these questions, does the government have our best interests at heart, whichever way the debate leans? Let's discuss!
F0x is excited for Valentine's Day. What is a good nerd gift for your significant other? MasterChen tries to make a sports reference but falls flat.... yeah.. It was kinda like that. We have a trviia moment and it seems like the audience is sharp! ... or we need harder questions.
Con season is upon us! At least that's what we are reminding our listeners in this episode. We are talking hair with d0xy and F0x discusses a new tool for taking over printers. MasterChen can't math just like how the periphery mic can't....mic. If you were watching live, you may have noticed the new background. What do you think? Tell us on Twitter @GreyNoiseMedia!
You need not worry about our discussions when the Fauzy Hour is declassified. F0x brings up her experience with an official government website not being secure. The question is, does it matter if it isn't asking for sensitive information? Is low lying fruit still worth protecting? We also discuss a (new?) scam where an attacker just needs to get you to say "yes" in order to conduct further attacks on your identity.
Let's recap the Fauzy Hour and the Crypto Party, which L4bF0x had hosted over the weekend. Remember Geocities? GreyNoise remembers. And now there's Neocities! A lot of us learned how to code websites with Geocities, and now that's Neocities can help this generation do the same thing! This may also be our longest lightning round. Maybe we will bring the stopwatch next time!
In this episode, we recap Zenifi's presentation during the Fauzy Hour. We are focusing on the history of XSS and get some insight on its state of security in today's Internet. Also, in this episode, we substitute the Lightning Round for a Ghost Pepper Challenge with BGM, MasterChen, and Zenifi! Why did we do it? For the pure entertainment of our listeners!
We have a special guest on the show in this episode, Forensic Accountant Kevin! He will be starting his own podcast "The Voice of the Expert" in the near future, and we wanted to pick his brain on the subject. This is also the first episode of 2017, and the first time all of the co-hosts are back under one roof! Re-united, and it feels so good!
This episode was recorded on New Year's Eve's Eve, but before we get into our year of reflection, we jump into the latest McAfee bit on Larry King's Politicking. He states what we are thinking- it is highly unlikely to be the Russians. The discussion leads into an interesting insight: Millenials are understanding the importance of Privacy! We wish all of our listeners, past, present, and future, a prosperous New Year!
We are pleasantly surprised when the White Rabbit Project doesn't use the term "hacker" o refer to cyber criminals. What really seems to grind our gears in this episode is life hacking? What is it really? Where is the baseline? At what level does an action go from "pretty clever" to an actual "hack"? This was debated heavily. Our lightning round source was on vacation for the holiday season. We only realized it halfway through.
This is definitely a late release of Episode 73, or Episode 100 as it is known to our loyal listeners from the beginning. We had to use the backup audio, and you may notice the difference. BUT, we are not here to complain! In this episode, we touch on the Yahoo! hack, and why it was posted even if it may be a rehash of old news. Since d0xy is in the building, he had to give his verbal two cents on the Fitbit's purchase of Pebble from the previous episode.
What happens when you give a hacker an unsolvable bar challenge? He/she solves it! It's what we do. In this episode, we discuss how the problems presented in the day's Fauzy hour were solved with a little bit of hacker ingenuity. In the news, Fitbit buys Pebble for ~$40 million. To be more specific, Fitbit buys the intellectual property of Pebble, and leaves the hardware behind. What does this mean for Pebble users? We aren't quite sure at the moment, but this doesn't leave MasterChen or VIc hopeful.
Will automation take your job? Not to be negative, but the answer is; most likely. The next question is, what are you going to do about it? Does automation motivate you to solve bigger problems or will you stagnate and be left in the past? That question, obviously, is not for us to answer, but you can hear how we address the issue in this episode. We have discussed this topic before, but a reminder to strive is never out of place.
Everyone is on assignment! MasterChen is the anchor in this Black Friday episode. We are talking about Black Friday and the social engineering techniques that make such an event successful. Will Black Friday become a Legacy tradition and nothing more when better buying information is provided to consumers automatically? We also talk about the implications behind Reddit's CEO editing thread entries.
We were running late the day of this recording, but that's because the Fauzy Hour was really interesting. Here to talk to us about the origins of the Fauzy Hour is none other than Fauzy! He's filling in for both F0x and D0xy in this episode. BGM brings up Britain's latest surveillance law. Of course, none of us are happy about it, but at least we can tell you why. Get your VPNs ready, folks!
The latest news on Nintendo's mini console leaves us all reflecting on the good old days where we had nothing to worry about except video games. It leads us into the question, "Were we hackers before gamers or was it the other way around?" Either way is a good upbringing, which brings us to where we are now.
Discussing the latest Fauzy Hour seems to be an on-going occurrence, but it's because that hour is just so good! We discuss what we learned from MagicDave's contribution, discuss Google in the news, and then return to an interview with last week's Fauzy Hour speaker: Tyas. As hackers, we are approaching magic from an engineering perspective of course. It was a packed house, which is always a good thing.
By our track record, we were about due for a slack off episode.However, it's the Halloween episode, so it couldn't have come at a better time! Don't listen to MasterChen at the beginning of the episode. At the time of recording, he thought Episode 65 was all but lost. Thank the stars for back up audio! In this episode, we are freaking out over a display of Magic and Social Engineering, and later telling spooky tech stories.
As we get used to the new equipment and software, there is a learning curve, so we apologize for the delay in episode releases. We thought this episode was lost to the static, but we recovered the content through one of our backup mics. In this episode, MasterChen goes "glamping", leaving the rest of the crew to discuss the DDoS that seemed to attack most of the east coast of the US the morning of the show. How? Why? When will be the next one? How do we mitigate these attacks? This and more!
Get ready for a POP QUIZ! It's obvious that some of us weren't. d0xy talks about data caps on ISPs that will be eerily similar to cell carriers, but we get some viable solutions from the audience. MasterChen does a book review on "Inevitables" by Kevin Kelly. Also, there is a troll in the audience, so ye be warned.
Our correspondent, SMaction, was out in the field at BlackHat USA this year and had the opportunity to interview a few really cool people. MasterChen has cleaned up the audio, but since the interviews were done out on the conference floor, the mics are definitely picking up the surrounding environment.
Here is his interview with Andrew Brandt of Symantec on Augmented Reality gaming. Enjoy!
Our main discussion deals with imposter syndrome and how the hosts deal with the feeling. We are working with brand NEW lapel mics, so please bare with us while we adjust the audio against the new equipment. A big thank you once again to our contributors on GoFundMe. F0x brings up some great resources to help a victim of d0xxing and online harassment as we discuss what you can do to protect yourself.
We hope information security doesn't scare you.... but maybe the intro to this (and the next 4) episodes might? BGM and I have a tradition. 31 Days of Scary is officially upon us! In this episode, we announce MasterChen's Automation 101 class at the SYNShop. The Internet of Things, IoT, is in the news as it was the facilitator of the latest (and greatest?) DDoS attack to hit the web to date.
MasterChen does a book report on "Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage". We review Allo and other Google happenings and celebrate Android's birthday! Any takers on what the next version name will be? This episode might hold the record for d0xy audio time.
Our correspondent, SMaction, was out in the field at BlackHat USA this year and had the opportunity to interview a few really cool people. MasterChen has cleaned up the audio, but since the interviews were done out on the conference floor, the mics are definitely picking up the surrounding environment.
Here is his interview with Adam Brand from Protiviti on medical device security. Enjoy!
Breaking into an InfoSec career... is it about how many certifications you have, who you know in the industry, experience, or capacity to learn? Zenifi has some insight. Lauri Love will be extradited to the United States as he faces hacking charges. Of course, this episode wouldn't be complete this week without our take on the plea for pardon by Edward Snowden. Lightning round to finish the day!
Wells Fargo is in the news this week, and we're covering the story to illustrate that the threats to your information is not always a technical hack. It's not always a social engineering attack. It could just be shady behavior on the inside of an organization that threatens the security of your information. Whether it be carelessness, wrecklessness, or the fear of middle management, this story is a case study for a threat not usually covered. Of course, as our mobile expert, d0xy covers the iPhone 7 specs.
Even though we are not affected by YouTube demonetizing videos, we thought it was worth reviewing from the hacker perspective. We believe it's a form of censorship, which goes against our core values. Then, we discuss the different attack vectors against 4G/LTE networks and the feasibility of such attacks. Tune in and enjoy the show!
After plugging our GoFundMe campaign, we discuss a little about transparent proxies and how it relates to Google's move to bring Project Fi's Wi-Fi Assistant to all Nexus devices. Even with Google's assurance, MasterChen relies on the wireless networks that he knows and loves. With such a guarantee of protection over unknown networks, is your wireless security your responsibility?
In this episode, L4bF0x wants to take a closer look at the Crypto Wars II. After all, we are right in the middle of it! How will it end? Where does it go from here? We'll give you our opinion, but we encourage you, as always, to do your own research. What are the details on the recent NSA hack? No, they weren't hacked directly, but does their third-party affiliates count?
MasterChen always says that the year is split into two seasons. Pre-DEFCON and Post-DEFCON. What happens during the con? It's too much of a blur to know that without a review. So, we did that. Krux, from Crash & Compile and the Hardware Hacking Village, our DEF CON Press team, and others give their take on how the con went. WE also mention the Facebook and Ad-block war, but we figure that will go back and forth for a while.
This episode is one major discussion about what we planned to do during DEF CON. We refer to it as Hacker Summer Camp, and as you can tell by the audio, we were kinda looking forward to it. Too bad it was cancelled. F0x talks about who she will be interviewing during the con, MasterChen talks about how he talks too much, and all of the excitement brings us to the Lightning Round.
We bring back a segment from one of our old podcast shows called "WTF Happened to MasterChen". Chen explains how he turned his phone into a $600 paper weight for the first part of his leave, and then fixed it! All this tells everyone is that MasterChen doesn't know how to vacation. Of course, we have to talk about Pokemon GO as the latest game craze. It may sound like we are ripping the game apart from the security perspective, but we all agree that the game in itself is a pretty interesting concept. Does it differ from Ingress? MagicDave brings up an interesting point regarding 4chan posting versus Facebook posting. What are your thoughts, dear listener?
MasterChen is missing! ...or having a week-long Luau. We start the show by discussing the missing warrant canary for Silent Circle. Was it really a business decision, or is there more to the story? D0xy wants to talk about Facebok's integration with Signal messaging, but the topic detonates a conversation bomb that lasts most of the episode. F0x ha an opinion on the latest Hillary Clinton email news, which leads us up to the lightning round. Sit back. You might want to grab popcorn for this one.
There is a lot of chatter going on right now, especially when it comes to contesting speeding tickets. The chatterbot that acts as a lawyer has successfully contested 64% of 250,000 speeding tickets. We discuss these implications as well as the problem with watching Harry Potter while your Tesla drives for you. Are security experts extra smug compared to the average user? If so, why?
F0x returns from her travels! We talk about "Brexit" from a hacker perspective. Now that PM Cameron is leaving, will the UK get their porn privileges back? Let's hope their next PM understands the underpinnings of privacy. We move on to Log-MD and how it can help admins with their logging capabilities, and we realize d0xy hates bluetooth headphones; among other things.
Due to BGM's Sangria, this episode became one big round table discussion of everything and nothing at the same time. WE hope you enjoy it! Krux reviews toorcamp. We evaluate how to properly block regular users from downloading potentially big system changing software. D0xy is keeping us up to date with mobile phone news, and we stumble into the lightning round, although that's no surprise.
Everyone wants to know how the con artist pulls off their latest scam, but what happens when the con goes wrong? What happens when the con artist didn't do their homework? Let's discuss! Also, will your social media soon affect your credit score? We discuss that too! MasterChen does a book review on "Data and Goliath" by Bruce Schneier. And the lightning round always leaves us open for a good debate.
MasterChen thinks that his presentation at con last year is why IFTTT changed their policy on Instagram automation, but it may be something much simpler and less eccentric than that; like an update to an Instagram internal feature perhaps. Who knows. TeamViewer gets hacked, but is in the denial stage of grief. D0xy talks about Google's Project Soli and we have questions from the audience! As always, we end with a slow but fun lightning round!
In this episode, we talk about implications and implementation of physical security. Why? It's because MasterChen got a little lax with his. Nonetheless, a lesson is a lesson. MagicDave joins our discussion on the latest Bluecoat news and what it actually means in regards to security certificates. We spend some extra time in the lightning round, but no one seems to mind. We suggest listening to this episode with headphones on; not because of NSFW language, although there is that too, but the audio may be weird without them. It was only after the episode was recorded that MasterChen realized the mics were recording at .4 of the recording volume instead of 1.0. That will never happen again.
BGM has a question that needs answering! MasterChen does a quick book review on The Nerdist Way by Chris Hardwick. F0x talks about Privacy Week. D0xy has a gripe with Google and the way they are splitting one of their central apps! Why split hairs when you have an app that can, and already has, combined communication!? The world may never know....
We start off the discussion with the proper pronunciation of "gif", which somehow lead to the term BiQuerious; meaning to use two different search engines to compare query results. We then move on to other goodness with the ROSS/Watson AI project being used as a lawyer. Is quicker research capabilities fair? Canadian privacy gets a mention as they deal with their own version of anti-terrorism law.
It's a relatively full house after the 2600 meetup. In this episode, we start with an impromptu topic since d0xy got his phone hacked into by Zenifi using social engineering. It's an excellent case study. Then, we discuss the latest implications of "rule 42" in regards to the way things TOR. If you're the victim, can you still be implicated? And BGM's going mad! ...but what else is new?
MasterChen starts the episode by explaining why he is teaching a Social Engineering Workshop. What good is all the tools in the world if the user doesn't know how to use them!? The tools don't make the Engineer! It's the wit! Cheronobyl joins us again and he sits in on a mini HTC Vive review as we look forward to the main event: Scaring MasterChen. All we know is, the group will be at BGMs house more often, ditching reality for the virtual.
Moki The Destroyer has released his very first app/game on both the Apple and Google Play Store! He sits down with us to discuss the process of developing and releasing his music to the world through his software. The game is called Moonstruck, and you need to give it a shot! The FBI is in the news again. In the cyber realm, where does their jurisdiction stop? Can they touch servers that are outside of the US without assistance by other agencies? Maybe the vague laws are vague for a reason. Whether it's a good enough reason is up to you to decide. What is the most expensive thing you've ever lost? Share your story with us! all[at]greynoi.se
The Department of Defense announces a semi-open bug bounty program. The Burr-Feinstein bill that we warned about last week is here as more than a draft. All of this forces us to ask if the different branches and departments of government know or even care what the other is doing. We cannot have a Bill on anti-encryption,, and still hope for a secure communications for military and everyone for that matter. Do our lawmakers know this? 43,000 petition signatures give us hope.
There is a ghost in the beginning of the show!...Or it could be d0xy, but MasterChen still has his money on a ghost. In this episode, we are talking about the implications of "Facebook as a utility". SpaceX lands a rocket successfully, and Tesla's Model 3 gets the ol' Greynoise analysis.
Zenifi, the one who's been bringing you all the video production, sits in on the 'cast today! We are discussing who fell for what, since this episode was recorded on the First of April. Embarrassingly enough, it was the social engineer who fell for the most trolling attempts. Maybe it's hope that makes trolling so easy. Bad publicity for Oculus as it is revealed to "always be on" and sending data to the mother ship. Time to get something less invasive in our honest opinion.
It's somebody's birthday! Can you find out who by listening to the clues? There are no clues! However, USB malware is back in the news. We also discuss Microsoft's "Tay" Chatterbot on Twitter. As funny as it was, can you instill morals in an A.I? Don't be jelly of the Jell-O Shots!
Technical difficulties all over the place! But we'll still bring you the news. We review lockpick night and other cool things happening at the SYNShop. No one can be forced to write code.... at least not at Apple, but by the time you listen to this, you will have learned that the Apple vs FBI case has been dropped! Stay tuned anyway because the lightning round is a doozie, as always!
So, we tried out a new group messaging app that claimed to be encrypted and secure, but Dave is with us in this episode to show us why an app shouldn't be trusted if any part of it is closed source. They just don't play well together. We explore the use of a wireless mic to take listener comments, but it ends up saving us from losing the episode all together. Don't mind the gap. Or mind... we don't mind.
In this episode, we review our experience at the Las Vegas Mini Maker Faire. Then, we move on to the discussion of Red Team vs. Blue Team defense exercises. We bring up the case of Apple vs. FBI again because of McAfee's CNN appearance and what is needed to bypass the lock screen. The whole thing forces a review of our Bill of Rights, but who's keeping track anymore?
We are counting down to the Las Vegas Mini Maker Faire! L4bF0x asks us to take a trip down phreak memory lane. We talk about the latest DNS vulnerability, and how it affects the Internet of Things (their name, not ours) specifically. More activity in the IRC channel is always a great thing too!
Yes. The Apple vs FBI story is being discussed and debated. Our stance on Encryption hasn't changed. The people pushing for backdoors are woefully misguided to how the Internet works, and why "just this one time" will never be just that. Hopefully some myths are dispelled, but that's up to you, the listener.
The alleged hacker who has been d0xxing intelligence officials has been apprehended. We re-iterate that d0xxing is generally a bad idea. But what is this? A federally proposed bill to stop individual States from mandating backdoor'd phones? There may be hope for us all yet.
Welcome to Episode 30! It was enough of a reason to pop a bottle of Champagne. In this episode,, we are discussing Goggle's move to merge their search engine and Artificial Intelligence departments into one. What does this mean for you? Smarter searches? Is the Chrome browser a conflict of interest? Are your best interests considered? Probably not, but have no fear! The lightning round is here for you!
Vigilant Solutions is providing police with easier License recognition technology, but at what cost? We revisit the why behind Clinton's email server. BGM describes his week in hardening Gr3yBoT from the clutches of DavidEGrayson and McNut. As always, stay tuned for the lightning round and questions at the end of the show!
DavidEGrayson sits in to discuss how he broke BGM's beloved Gr3yBoT. Was BGM mad? No way! It only makes him a better programmer, and we had a chance to talk about a great injection attack. This was the hacker ethic at its finest! Dave also chimes in with his two cents on phones with backdoors in them... since California wants to follow New York's lead.
Would you like to play a game? We seemed to have been in a mood to do so. Let the games begin!... after we discuss the outrageous Bill proposed in the New York State legislation that could potentially require phone makers to install backdoors on encrypted phones sold in the state. If passed, can it be circumvented? And how so? BGM also discusses some new features he has added to the bot.
It's a full house in this episode with the original cast plus krux of the SYNShop! L4bF0x gives a review of her week at CES 2016, and we go into an in depth discussion on T-Mobile, the EFF's criticism of their "Binge On" program. Our advice? Just make sure that you are getting what you are paying for.
It is our first show of the year, and there are plenty of things going on. BGM announces the new site and what is up and coming in development. We check in on the cluster of bots that is Ashley Madison. Then, comes the discussion of a potential major iPhone vulnerability, and Lenovo has been spying on MasterChen for almost a year...sorta. We are still missing L4bF0x, but she is with us in spirit.
So, this episode is not a conventional table discussion of information security. We thought it would be cool to give the gifts of song and story telling for the holiday season. Please enjoy! Our normal banter will continue next week on New Year's Day to start the year off right!
It's somebody's birthday!...but in the interest of privacy, we can't tell you who. So, you'll just have to say Happy Birthday to all of us. The debate on smart tech as an educational tool continues. One thing we seem to agree on is that, if there is a failure, it's in the way the devices are used. Some of this week's exploits can be safeguarded against by simply encrypting your hard drive, but will that motivate you to do it? Encrypt everything is our advice.
What is the appropriate age for a child to have a smart phone or tablet? Is it helpful or harmful to their development? We had tech when we were toddlers, and we seem to have come out relatively well adjusted. You can debate that claim by emailing us. BGM's been working extra hard to get commlinks back online. The coolest thing about this episode? Live interaction with our listeners! Keep it coming. We love you!
We were working with a skeleton crew in this episode, but it somehow ended up 10 minutes longer than the norm. In this episode, we are talking about wearables and the likelihood of this technology getting hacked, in respect to Bluetooth vectors. This discussion leads into a brief review of the "CIA" of information security.
Here is a quick ~3 minute file of sound bytes from various pre-shows of our podcast. Have a listen at what happens behind the scenes before the big blue light on the livestream camera turns on. Also, get a glimpse at what makes 30 seconds of silence so difficult, yet hilarious!
All four hosts are back in action! BGM poses a very important question: can you remove or delete yourself from The Internet? While we all agree that it would be extremely difficult, the real question is, at what length would one go to become a shadow again? F0x introduces a new segment, and if it's anything like the lightning round, we're going to have to push the show to an hour and a half!
MasterChen is missing, but the rest of the crew is talking about the power and practical use of Tor. The important thing to remember is that metadata will kill you. The darknets are the true arena of free speech now, but to what extent and capacity? Let's listen in as the debate continues.
F0x returns and together, we all take turns discussing an article by a "cyber" psychologist about how Freud may have the answer to why we do what we do. So, we'd like to welcome this particular author to the early 20th Century. The only hacking going on here is cutting and pasting an outdated theory and trying to make it relevant. Now, does this author bring up a need for a new measurement, the TQ, Technical Quotient? Maybe, but we'll let you come up with the answer to that one.
In this episode, Dave puts his two cents in on the previous doxxing discussion. We then take a few moments to reflect on the past year, and what we want to accomplish in this year to come. Please excuse the audio for this round. It seems only fitting that we record this episode with the snowball microphone with which we started this podcast.... or maybe MasterChen has to ask his drunken self what he did with the recording equipment. Y'know, whatevs.
The recent hacking of the CIA Director's email account is the topic of discussion. Our view? Well, aside form the hack being the low lying fruit that is social engineering, we feel there is a difference between leaking documents for social justice, and just doxxing an official for the hell of it. Guess which one we support. Go ahead and guess. Did you say the choice that is not doxxing? Yes! But listen to the episode to find out more.
Please Pardon the Plethora of Periodic Pauses Plotted in this ePisode. We had quite a few moments of fact cchecking...so much so, that Dave and ch4lox (read "Rocket Fuel") had a minute of debate which certainly educated the hosts on HTML5 issues. It's hard to debate subjects that we fundamentally agree on. For instance, Flash is practically, or should be, dead. You won't find any argument there. Also, John "Cap'n Crunch" Draper stopped by to visit the 'cast. We didn't know he was joining us until 10 minutes before the show. Good surprises lead to interesting content.
If you listened to last week's episode, you might have noticed that we kinda threw d0xy to the wolves when he mentioned getting the phone that has a high potential of a stock rootkit installed. Well, d0xy comes back to solidify his point and stick to his Nexus 6P lovin' guns. He made such good points, that even our Senior Privacy Advocate gave him a nod. Dave is back from Berlin, and he states that we can rest easy with privacy development going the direction that it is. Before all of this, Krux swings by to give us the IPv6 correction that we needed.
In this segment MasterChen sits down with Weston Hecker (@westonhecker) to discuss more VoIP security. Weston Hecker has been attending DEFCON since DC 9 and is best known for his efforts in TDoS mitigation and most recently his work on defeating credit card skimming. What happens when phreaks sit down to discuss tech?
In this segment MasterChen sits down with Patrick McNeil (@unregistered436) to discuss the history, the present, and the future of Voice Over IP Telephony. Has your VoIP PBX been compromised and used for rogue international calling? Patrick has given a few talks at DEFCON and most recently DerbyCon on securing your PBX. It's only fitting that this interview was recorded through an Asterisk PBX setup. So, sit back, relax, and listen to the old school phreaker mentality in a new VoIP infrastructure'd world.
We start off with BGM explaining how he scared you with the eerie new intro music for the Halloween season. Then we sprinkle a little bit of 2600 meeting and general hacker space updates. MasterChen goes complete fanboy over a book on the history of phone phreaking. Dessert is a 3 on 1 attack against d0xy and his desire to have a phone made by an inherently un-trusted company. D0xy defends himself honorably and gets the rest of the crew to think twice. Only future research will convince this jury. IRC conversation is also blowing up, so why aren't you on it yet!?
In this edition of One-0n-1, L4bF0x interviews Linux Forensics author Dr. Philip Polstra. Join in as they discuss the steps involved in doing forensics on systems, the differences between Windows and Linux as well as nightmare scenarios for investigators. Come get your dose of forensics and anti-forensics!
Well, in this episode, we started off with good intentions, but then the conversation degraded into one of our sexiest tangents yet. The United Kingdom's ban on porn was what started that snowball; more specifically, GCHQ's tendency to track the browsing habits of their victims, erm, citizens even long after they have left the porn site in question. How is this trend protecting the youth or British society? We'll leave that for you to decide. This was all after we did a little bit of IPv6 math. Answer: it's a lot.
This was our last episode recorded in Downtown Las Vegas as the SYNShop moves to its new location, 1075 American Pacific Dr. Suite C in Henderson, NV. Volkswagen vehicles are being recalled for hacking smog checks. Bugzilla was compromised and Mozilla moves to required two-factor authentication and password changes for its developers. We cover Chicago's ridiculous "Amusement Tax". Microsoft is rolling their own Linux for network management, and we briefly mention the now infamous Clock of Irving, TX before moving on to the lightning round.
Are you doing what you're doing online for the sake of attention? If so, let's educate you on why you shouldn't! We have some news about the SYNShop and we discuss the ideas of the Singularity and BGM is going mad...about nothing.....He's going mad about absolutely nothing.
In this episode we get to interview the creator of Demonsaw, Eijah. What is Demonsaw? It's a secure and anonymous social chat, file sharing, sftp, and (soon to be) streaming service that is completely encrypted end-to-end. We ask Eijah about the product and the security platforms on which it stands. Hey, remember that one time where we made a podcast episode in a place with a thing that happened? Remember that thing? Yeah, that's our encryption key now.
Author and Information Security professional Justin Seitz gives an interview to L4bF0x about the power of Python. Justin also gives his insights on Open Source Intelligence (OSINT) and explains how learning Python could pave the way into better security. Also, can python power spaceships?
In this episode we touch up on Ashley Madison simply because of the mention that it could have been an inside job. The discussion leads into cyberstalking as a social (ab)normality. L4bF0x discusses a book on OSINT via social media vectors, and MasterChen gives his opinion on Social Engineering: The Art of Human Hacking. Kali 2.0 gets a mention, although a complete review of the new software is absolutely necessary.
Bond, B. J. (2009). He posted, she posted: Gender differences in self-disclosure on social network sites. Rocky Mountain Communication Review, 6(2), 29-37.
Lewis, K., Kaufman, J., & Christakis, N. (2008). The taste for privacy: An analysis of college student privacy settings in an online social network. Journal of Computer-Mediated Communication, 14, 79-100.
Lewis, K., Kaufman, J., Gonzalez, M., Wimmer, A., & Christakis, N. (2008). Taste, ties, and time: A new dataset using Facebook.com. Social Networks, 30, 330-342.
Henson, B., Reyns, B. W., & Fisher, B. S. (2011). Security in the 21st century: Examining the link between online social network activity, privacy, and interpersonal victimization. Criminal Justice Review, 36(3), 253-268.
It may be inevitable to discuss the Ashley Madison case on a show like ours, but how we apply what we have learned from this incident will set us apart from the norm. This is just a case of a company not securing whatever information they are holding for their clients. The aftermath of such a breach is just that... the aftermath. Regardless, leakers gon' leak. Scrapers gon' scrape. This episode looks ahead at what is in store for the 3.2+ million people involved. We should also remind our listeners that not everything is as it seems, and open relationships are a thing for some people. Companies need to take a second look at their security, and this is just another exhibit in the museum of security fails.
L4bF0x heads down to The Hustler Club in Las Vegas to meet up with the man, the myth, the legend: John McAfee. John talks about privacy issues that relate to any free person, as well as discusses some recent projects of his that serve themselves as solutions. If you want to learn how to keep your conversations away from prying eyes, this interview may help shed some light.
BGM'S NOTE: This interview was conducted inside of a nightclub, which is a very loud environment. I've done the best I could with both the audio and the transcript, but you should expect some background noise.
Read the transcript here.
EFF Technologist Cooper Quintin hangs out with L4bF0x and discusses some of the EFF's really cool projects. It's all about privacy everywhere, everyone!
Read the transcript here.
Josh Pitts, the mastermind behind The Backdoor Factory, takes some time during DEF CON to talk to L4bF0x about his ingenious payload delivery system. Are your downloads safe? Nnnnnnnope.
Read the transcript here.
L4bF0x grabs a hold of the creator of Kautilya, an open-source penetration testing tool for Arduino devices on the floor of DEF CON 23 and conducts an impromptu interview about his software.
Read the transcript here.
We are now in post DEF CON season of 2015 and we are all feeling it. The week went by way too quickly, so we used this episode as a way to catch up, comment, and convince anyone who has not been to DEF CON to make plans to go to DEF CON! Krux hangs out with us and gives his take on running the DC darknet and Crash & Compile. BGM and d0xy share what they learned and took away from the con, and MasterChen....well, he explains what happens when he attempts to give a DC Skytalk when tequila hits halfway through. Our legal correspondent, Smaction, discusses the problem companies may run into with overly sensitive copyright bots.
L4bF0x interviews the Executive Director of the Open Information Security Foundation, Kelley Misata, about OISF's current project, Suricata. In addition, Kelley shares with us her incredible life story that got her interested in information security to begin with.
Read the transcript here.
Firstly, we apologize for the late upload of this episode. This episode was recorded just a few days before DEF CON week, and the preparations for that week was insane! We will definitely be giving the full report of the CON in the next episode. For now, enjoy the musings of d0xy's love of Android in general and the One Plus 2 specifically. This episode is all about mobility! MasterChen and BGM are missing, but we have a great guest in the show! Remember the YouTube link!
The hard thing about doing a weekly podcast is that by the time Friday hits, new news becomes stale, but who cares!? In this episode, we are talking about the Ashley Madison hack of course! We don't care about who cheated on who. That's none of our business, but it does become our business when the breach was due to a simple SQLi. If you don't care about the information you are paid to protect, someone will care...in the wrong way. Cheronobyl is alive, and as a car guy, he gives us his take on the Car Hacking news. More DEFCON news, naturally, and DJ Jackalope stops in to say hi!
Every system has one. We are talking about Central (or Single) Points of Failure in this episode! Do you know your company's SPoF? Can you identify them in various systems? You may after listening to this particular show! We also have great DEFCON news and some bleepity bleeps in the lightning round!
What are the security implications in sharing your DNA with the scientific community for the good of mankind? Would you trust those in charge of keeping that data safe? Present day practice may convince you otherwise. The voice of Asterisk gets an honorable fanboy mention by MasterChen. And while d0xy is MIA, you'll love our impressions of him!... we think. Also, Pao as the Reddit scapegoat.
Great news! We are not getting sued! We are now known as GR3YNOISE. We briefly discuss the transition, but then get back to our usual antics. Is Microsoft's new wireless infrastructure inherently insecure? Can a password be too complex versus the information it protects? Just as you listen to our thoughts, we'd like your input too!
The podcast formerly known as the SynAck Pack comes to an end... in name only! We are continuing as GR3YNOISE and the show will go on! Now, in this episode, we discuss the steps that got us here, and where we go from this point forward. Let's re-define our "why" and come back renewed! At the recording of this episode, we did not have a new name yet, but it may be fun to hear us throw ideas all over the place!
Are you a hacker that gained your wits through experience, or an analyst with the hacker mindset? Today we talk about multiple paths to the hacker mindset. Test your way to certification? Hands-on experience? Does a four year degree put you 2-3 years behind? You as the listener will probably agree with at least one of us in this episode!
In this episode, we first discuss ways of getting around the Human Resources firewall of certification requirements when looking for new employment. We then get to the juicy topic that is Reddit banning everything that hurts your feelings and Chairman Pao. Will this episode get banned? Not as long as you, The Listener, keep listening!
L4bF0x is back! We asked her about India, to which her response was "It was awesome". In this episode we discuss the new TV show "Mr. Robot" and the possibility that maybe...just maybe, Hollywood can portray hacking accurately....at least somewhat. The whole thing boils down to entertainment versus suspension of disbelief. Where can we define and draw the line?
In this episode, we started with a simple discussion of new Android M features, which escalated into how these features can be used, or are already being used to propagate the Surveillance State. Not all is bad. Our friend at Mozilla also mentions a new and very powerful programming language.
In this episode, bgm talks about his new IRC bot, SynackBOT, while d0xy and MasterChen discuss the steps they take to crash it. We have a brand new visitor to the SYNShop...Oh, and the lightning round of news headlines happened.
In this episode, we discuss the vacuity of the next generation of humans who grew up in the era of the internet and smart phones. Who would have guessed that, in the age of communication, communication skills are becoming a lost art? Oh, right, Aldous Huxley. And Wall-E. Where will we go in the future if we continue to trend on impersonal relationships?
Also in this episode, we discuss the supreme court's ruling that the metadata collection by the NSA done in the past was illegal, paving the way for legal action against the NSA.
And in this week's bgm's going mad, we discuss NASA's EmDrive, and what it could mean for the future of travel. Are compressed gravity displacement waves breaking the third law of thermodynamics?
In this episode, we discuss the infosec dangers you might face if you're in a large crowd. We also talk about how to dress like a social engineer. Does encrypting your data make you an accomplice to hackers?
Do you want to share your location?
In this episode, L4bF0x gives us a rundown of a few of the things she learned at the RSA conference last week. We also get some early impressions on the Firefox OS Phone care of Dave Huseby, and we answer the age old question: can you teach a robot to teach a robot?
Also, break out the tinfoil hats everyone, we discuss an America under constant surveillance.
In this episode, we have a few special guests from Apertus: Open Source Cinema and Mozilla with us to answer our questions about how to build your own super high-definition camcorder and the Firefox OS Phone. Also in this episode, we answer a question from one of our listeners who wants to know what is the best way to prevent a hacker from getting your information. Additionally, in this week's BGM's Going Mad, we discuss what time actually is, what it represents, and then go on a tangential diatribe on whether or not math is an invention.
Special thanks to Herbert P÷tzl and Sebastian Pichelhofer from Apertus as well as Dave Huseby from Mozilla for answering our questions!
Quantum Immortality, Trolling, Phishing, Snowden, and Bookmarks!
In this episode, we discuss the alleged Russian White House Hack. We also talk about what kind of things we keep in the bookmarks section of our browsers. We also discuss This week Tonight, in which John Oliver interviewed Edward Snowden. What is a troll, really? And, finally, we introduce a new section called BGM, which stands for BGM's Going Mad. Yes, it's a recursive acronym. And in the opening version of this section, we talk about the idea of Quantum Immortality. Have you ever wanted to be immortal? Well you might already be.
We are recording straight from the 2600 meeting in Las Vegas, NV!
In this episode, we discuss what do we do to fight off the inherently stagnant habits programmers and hackers can fall into. What were the results of the Github DDOS? Is the Patriot Act disappearing?
Allow us to muse about Windows going open source and share with you our Google searching secrets.
Featuring special guest speaker, Smaction!
Notes about the audio clicking: It was a little windy where we recorded this episode, and the noise removal overreacted a bit, but, trust me, it sounds better than the raw audio.
In this episode, we discuss the Bar Mitzvah attack, in which both SSL and TLS are compromised by an older technology, RC4. L4bF0x also takes us all the way through a mock security audit scenario.
This week we talk about the ins and outs of Penetration Testing featuring our resident pentester, L4bF0x! Ever wonder how legal hacking works? Well, F0x guides us through the process. Also in this episode, we discuss what a secure password is and what defines password complexity. We talk about the admins of the darknet merchant Evolution absconding with $12 million in Bitcoin.
NOTE: Our microphones didn't record properly and we didn't catch it until after the show was already recorded, so the audio isn't up to the normal standard, unfortunately. We'll get it straight next week!
It's pi day (and pie day) at SynShop Las Vegas! Come with us as we hop into the wayback machine and discuss the Heartbleed Vulnerability. How expandable is your Raspberry Pi? What is the measure of a man's intelligence? Are we close to real AI? Why is Hilary Clinton using a non-government (and non-public) mail server to send government emails?