 My tea wasn't ready. So now my tea is ready. So now I can be live, you know important things getting it all up there So we got let's see We're not sure oh, yeah Ubiquity all that stuff. There's so many things to talk about here So many things lots of people live on this one too. I'm running the new version of pop OS. So there's that because that's cool Let's see. Hey everyone Homebrew tech support. Oh, yeah. Hey Cody see what else we have in here Fayette fell, Arkansas Has Ubiquity been hacked no not that I know of I don't know of any hacking going on with them mostly what we know about Ubiquity right now is Over at status dot UI dot com. Let's pull that up because that's a good place to start, right? Yeah, you I calm me switch to that tab Yes, that's the well, that's where the problem really is is at the status page for Ubiquity because Yeah, I don't know update Road access is gradually being restored. This is sometimes a problem when you restore things and this is at 1955 UTC The problem is as you restore things sometimes you restore them really fast Faster than your servers are able to deal with the restore is everyone's, you know, just hammering away refresh refresh refresh And the they're getting the hug of the f5 button by a million people using their product That's my guess of what's going on there. So yeah, you there's they're broken Another lens and more rogue employee, I don't know if it's rogue employees I think Amazon knocked them off. I just don't think they're they're having a good time getting it started back up Amazon took out all kinds of things yesterday, you know, AWS AWS AWS East was last week's problem this week is AWS West to have a turn so you know because Why not? Why not? We need more outages in the cloud and You know, I I took a dig at it. I won't lie the I Took a dig at it because I'm not gonna lie I just I talked about this in my video where I said, should you buy a unified dream machine? And one of my responses is what if the cloud goes down and you can't register your device? Well, here we are the cloud went down. You can't register your device. I mean, I don't really Know what to say about that What's up at the UXG Pro, I Don't know. I I don't know what's up with the UXG Pro. I mean, it's still a unified gateway. So I don't I Got nothing on it. It's it's gonna be run by the same software. So Why it's not an interesting product to me. So I have Yeah, I see people asking about them I The thing is with ubiquities routing products until they get better software their routing products are not relevant to me Their routing is like the big shortcoming of their offering. That's why we don't use their routers This is why Riley from hostified does very well with selling hostify as a service and he'll even tell you This was a comment He just had in a discussion just the other day on Facebook in a forum where Riley said most of my customers Do not run any type of USGs. It's just not what they run because they're problematic and it's the software problem So what you know, you just don't use their firewalls has always been is been my answer I I don't really know what to say about it. It's I see people complaining about it And I'm like, I said it and reiterated in every possible way at every video I can we don't use them and there's people posting in my forums Because they can't get support and ubiquity forums asking for help with things like I don't want to help you with your dream Machine it did that. I don't know So it's uh, yeah They have a feature that says they're going to be removing the single sign-on I don't know why that's a feature because it used to you didn't require it. It's like they Take that feature away from you to be able to sign on yourself and give it back to you. Oh, this is a bragging feature I don't understand why they ever had it in the first place Yeah, I think 49 40 gates gotten better than they used to be but they had some really bad flaws in their product They just I'm hoping they cleaned up their team that did it their flaws weren't like security is hard flaws Their flaws were like we did dumb things kind of flaws and by the way we hard-coded credentials and things like that So I'm I in the past. I've been hard on 40 net because they just I've not been impressed with their product They are really pricey good marketing team to get everyone convinced on them and they sing a song and dance about all your margins And reseller fees you get out of them But as far as like if you look up the flaws that 40 days had in the past they were bad because they were Self-inflicted wounds. That's the best way to describe it. I have you look up my channel It's one of my only rants about 48. So That's where a lot of the problem is there Let's see PfSense is the best router platform. I like pfSense I like untangle because someone else posted in my forum with the usual question Hey, I really like untangle, but I don't want to pay those fees, but I want that web filtering feature How can I get pfSense to give me the same web filtering? I pay for an untangle and I'm like, ah There's no easy way. It's that's what you're charging for you can stop paying untangle and it'll work It just loses the fun web filtering features I mean, that's a paid-for service to do that. So Yeah, it's hmm Yeah, all the all the untangled customers that have the filtering requirements. That's usually what makes people go I need these filtering requirements. No problem. Um, that you know, we'll Jump on it and put an untangle in there and the license fees get rolled in but they work. They're pretty trouble-free Uh Have I heard of the PC security channel they do mayoral testing and TV project to actually perform against real threats, you know I've seen it and they're really novel I mean, there's a there's a couple testing facilities that do that, but It's hard. It's not like any easy way to really evaluate your only thing you're ever doing is evaluating that Moment that's it and that moment changes from time to time because if you look at virus total which runs things against different engines You'll find that randomly one of the engines may find it before the other but that's not a consistent That's this particular virus. So this particular Attempt virus whatever it is was detected or just signature I should say was detected first by this company But then we ran the test next week with a completely new thing and then the other company one It's not a it's out not a really good test I'll just be honest and one thing I've learned especially in this is come out. We've talked about this in the huntress When I've been on their live streams huntress has said this before many times. There is no foolproof system That's it. They're every system. They've seen because huntress Because it's a detection tool it can see the detection it can see their Antivirus they know what was running on the computer at this at the time it was infected They will tell you wholeheartedly nothing stops everything end of story. So Yeah it's just It's one of those things and if you're If you want a better understanding of a lot of security honestly like a lot of CAV vendors are getting rid of free licensing That's probably true. Honestly Just use the one built into Windows. It's actually really solid Even huntress one of the thing huntress offers is their managed a v product through managing these Tools inside of Windows. This is you know, I talked about this if you look at one of my I can remember when I did it probably it's probably we might even last year everything's kind of a blur One of the last update videos I do with huntress talks about their manage a v features I think I even showed how it worked at least a little brief overview of how it can manage Windows Defender Windows Defender is if you look at some of those AV ratings by companies that they've done The what is the let me find it. It's an AV labs company Virus What was that company called? This one and a long time since I looked at it, but last time I looked and let's all results current security products for Windows 10 Hey, look at how close they all score. Where's Microsoft Defender? Listed as a top product because Yeah Protection against zero day September 100% 99 100 That's the thing. They it's pretty solid This is actually me and Xavier talked about this a couple times when we were talking about some of the hacking stuff Is just how good AV has become? Specifically Windows Defender AV it's gotten Substantially better than it was before and it's ranking up there with the other things Does it have other bells and whistles? No, that's why some people go. Well, I need all these other things on there I think it's actually a pretty solid product. I actually I've recommended it to people before too. So I don't really Yeah, yeah, AB test AB comparison. This is the the domain is AB dash test org. They're actually some type of independent lab They haven't about us. So there's a fact page on here Test forums makes test results bill private for you to charge. This is some product blah, blah, blah Advertises government student companies for testing selection implementation. Yeah So their AV testing place has there been any network controller compromise of log for Jay I don't know that anyone has been able to weaponize it yet Not that I've seen Not but I still if you have a publicly exposed controller, you are at risk if you don't patch bottom line Specifically the five five the five four patch the latest five five patch is a denial of service condition, but It doesn't mean someone won't figure out a way to make it better because these attacks only ever get better so nonetheless the I Highly recommend having it patch. I don't know of any way to weaponize it, but people do know it's vulnerable So it's only a matter of time before someone weaponizes it And if someone weaponizes it and that someone doesn't happen to be on the good guy's side As in their white hat if there's a black hat out there and then they're going to exploit it And they're going to leverage it for whatever they can do with it. So Yeah, I wouldn't I Wouldn't doubt it won't be long before it gets weaponized. That's yeah Is it just once publicly reach full of risks? I have a troll running a doctor to join to the Unify cloud I don't know of an angle at this moment that they could come back through the Unify cloud and get it But as long as you're not publicly exposed that just means Publicly no one can do it if something is on your network. It becomes a pivot point this is where a lot of people get a little bit confused about how lateral movement works and With lateral movement that means kind of like the name implies they get in your network and they pivot and move laterally So if a threat actor takes over your computer and your computer can talk to other devices They can then leverage that connection to start looking for exploits So even if you're behind a firewall, I mean obviously depending on the security of your network It's lower risk because hopefully you've got your network secured But it's just so understanding where the attack plays it goes from an external you did nothing threat to a You know existential crisis because it's facing the internet and things can start hitting it But if you have it running local on your network and there's nothing on your network that's Going to try and attack it. You should be good so um Yeah, not publicly reachable. Um Do let's see Uh Yeah, the um, I do admit the back to the topic of This actually let's let's log into it. Say a few people asked about this. Um, the unify video Is not Not uh Of a potential attack factor it's not affected by log 4j We get logged into this There we go Let's bring it up real quick the um unified video Uh, yes, John Hammond's video with uh, john strand was actually that's great. Go watch it if you don't they got some cool stuff coming out Uh, he's got the pay as you go options for cyber security training when people ask you about cyber security stuff John Hammond just follow him. He's great. Awesome. Does a great job of it. So Uh, definitely worth following if you want to dive deeper into some of the cyber security things But the uh, yes the unify camera system, uh, not vulnerable to that particular Uh, log 4j. It's just it's not something that's um Not something that's a problem with the camera system if anyone's wondering Let's see Let's see docking station. It takes down the network side of the computer being connected. I Unify network 16 20 ap the problem is that one device can take down a network Sounds like a loop in the network. Um and spanning tree that's usually when one device can do it, but uh need a lot more details to solve a problem like that I stole your lord of the rings post uh for a discord server. Oh, yeah, please I want memes to be shared. I any meme I take the time to make please share it I don't even care if I get credit. It's not It's not like that matters to me. I'm like, I just want to see memes go around I always laugh I posted memes on reddit and have found them on facebook later And I'm not even doing the posted them. I'm like, hey, look, there's that thing I did I'm just happy to see it. So Uh, I never use open media vault. I don't have a use case for it, but it does Uh work on raspberry pi where true nas doesn't I use more um Thing I use true nas because I use bigger things all the time that require Uh things like true nas that exceed the ability of things like Uh open media vault. So it's cool for that limited just use case I use the higher end use cases for everything When it comes to the true nas. So that's what I use I I'm you know using if you want I don't have any preference for it I don't have a use case for it is as I've said many many times Let's see Oh, you know, I I could probably even share this here. Let me go look through my linkedin I want to give a shout out to my friend ray. Where did I linkedin is garbage for figuring out Things sometimes like where I posted stuff. So let me find the message from ray Because it's easier to share it from there because I'll do ray a favor here. Oh, look at this Look at this. We'll just drop this right here for people all right, so uh support technician Tier one. I will drop this link here in the live stream as well But if you follow me on on linkedin by the way connect with me on linkedin That's easy enough to find me on linkedin connect with me there But I'll drop this link in here. This is my friend is looking for someone over at oit white. They're hiring. So Yeah, if Reach out to them if you are looking for a job and They're looking for support texts. So I figured I'll bring that up Let's see What else should I say It should take care of the loop, but I've seen people Disable it turn it off. I need a whole lot more information. It troubleshoot a problem like you're having I don't think it could be done here in a live stream It's probably something better left over to the forums Uh, what do you use for internal dns back in figure pf sense So pf sense does our back end dns here What service do you recommend for unified clock shoulder would be for uh, I hostify If you don't want to manage to control yourself just use hostify We have a ton of people who recommend it's funny because I get weird requests once in a while And they're like, oh, I want you to manage your time. No problem. You want me to manage your controller I'm going to just take and sign you up for a hostify account and ambillia for it. Um And I'll put a markup on it. So I've told that to people like well, I could probably sign up a hostify myself. I'm like, yeah, you're probably good I mean, that's our usual recommendations unless we're actually going to be actively engaging in doing it. So Uh, let's say I I have no bearing on what they're paying. Um, 31 to Uh, 45 000 for a support tier one support technician working from home I don't know if that's good or bad for the particular industry. He's in or not. So that's going to be nonetheless, um That's another thing hostify has been really quick Riley's done a great job of being right on top of all the updates. That is at least something that less people have to worry about. So Buffering buffering buffering. Yes You should be doing Schoolwork get that project score up marcus Get your uh, get your grade up. That's my son for those of you wondering Is this a regular salary in the u.s. I don't know maybe Average I would say probably, uh, it's market average It really depends and it varies greatly with what other perks the jobs offers are If you're in california, that's not even a living wage If you live in some of the areas of california where the cost of living or new york city New york city has got a really high cost of living And compared to be speaking the cost of living has substantially lower in somewhere like well where i'm at right now So Uh Ireland starts at 42 45 k euro okay Yeah, it's it's gonna vary a lot from country to country cost of living and everything else is wildly different in those different places Uh junior network engineer around 70 80. Hmm not for junior I I mean maybe that but not that many juniors They usually want someone a little bit more seasoned before you get up to that. So Yeah, this is I preached about this in my video about the unifies. I was like, yeah The udm pro being down people are, you know, people reached out to me. Oh, uh, ubiquity is not responding And I'm like, I can't I can't respond anymore than they're down and they decided forced registration is their idea Here's forced registration guys. Oh wait, our cloud was down. Yeah, sorry. You can't register and turn on the devices So Yeah, it it generally I mean it depends on the market, but it does take some experience to make the over 70 k um You know that it's uh, it's it's complicated and depends where you work and depends on the work environment Um, you know, it's one of the things like if you're just in it for the money Go into financial side of the world too because if you get into some of the um high end financial markets You can make a lot of money in it outside of tech. Um, so it's yeah Why are we hanging on the employment crap? Uh People ask employment questions. I mean, I don't think we're dwelling on it too much. I think it's uh You know, it's relevant. You gotta make some money in this to pay the bills Neckier insight was seen about stopping out last time I looked neckier insight I I think he emailed me and I called them out for their website being um, having a lot of dead links in it I As far as I know they don't have anything that you can host. It's all they're hosting. So I it's like a pass for me on it. So I I'm not interested in another cloud that I'm attached to where all my stuff is in their cloud and I have no control over it Perfect point in cases. What brought many of you here was in the title unify outage because unifies got this Outage going on for way too long now I mean, it's not like they were just down at the beginning of this, uh podcast. It's like They're still down now. I mean that's This zoom way in here. That's a lot of red 14 15 16 so yeah 15 uh 15 and 60. I'm sorry Partial outage for 14 hours Yeah, that's That's not good. I mean That's why in ah, yeah, it's just It's aggravating. We'll just say that so I'm not interested in another company. Let's see Yeah, I mean a man a private cloud versus public cloud. It members, you know, who's got the rack of servers and where they're at so Log for j much the log for j is going to one. Oh, where's all those memes at so hold on that was my uh Other thing I want to find is all the Memes for there's a great memes page for j memes Where did it go or did they All right, there was a whole page dedicated to it. Oh, there it is Straight one. I make sure if I don't actually pull something up. It's inappropriate here Oh, the site's not loading it was loading before because there's been so many good memes for log for j there we go These look way better than the ubiquity status page It's spinning slowly Oh, yes, and then I told them There's so many So one cv. Yes. What about second cve? We've already had two cvs The internet is one vulnerable open source project away from collapse. It always has been yes. Yes Four shutters you good ones here Yeah, breaking into minecraft servers until your internet on fire sounds about right This one just this one really needs to be labeled like december December 9th december 10th Uh Now this one I tweeted security through antiquity Um, this is one of my friends that said that that's that's their company solution is security through antiquity We're still running on the one x version. I was like, yep, we'll go for that. That's I have trust issues with uv and t in their games. I just don't I I don't play it. I I run our own controller I think ubiquity is great because they have their own controller and they have a reasonably priced product and uh, That's where we're at. So that's how it works Uh, let's see Updates on a new studio. Yes, uh, I had the construction people stop by my house today For the mudding and drywalling that actually begins in a week So yes, everything I was just waiting on the people to come do the mud to drywall and everything else So we got all the walls up and everything else in the studio, but that's that's where I'm at now Yeah, amazon is actually pretty transparent. They do nice debriefs on their outages. Um, so that's definitely uh Something I would Go read through their outages. It's a it's complicated running a data center that big it's not like you have a playbook of This is standard practice when you are the data center at the scale that they're at where No one else is quite as big as you mistakes are going to be made because you're at the cutting edge You are the cutting edge therefore When they do things at the scale they do they run into unexpected conditions because there's not like hey Let's ab test this real quick. Let's see what the other big company exactly the same size as this is doing And aws is so big. It's not like there's easy ways to compare notes not to mention They're not built the same way. So yeah, that's definitely um, it's really interesting But oh to address the last part. Yes, the coming back online is kind of specific to ubiquity. That's for sure But don't send me a message Grayson. I mean thanks for the message, but send a message to the people hiring. That's uh, um That's that's who you need to talk to which is ray. Uh ray's been on my channel before But it's his company over at oit boy pair Oh, uh oit boyp. So I At some point it is is aws town versus is the internet down? Well a section of the internet is down when adfs goes down I think it's seen I didn't watch all of it But I seen lewis rossman had posted about this and that's one of the things he said was he got screwed over when aws east went down because his redundancies the two separate cunt Well, he thought separate companies he had were both hosting their services in the same data center that went down So when you yeah It's it's a mess. It's a mess. It's uh, we got the too big to fail problem because every time it fails We all get a day off. So uh This one I did really like this is um Uh, I can't remember the number of it too and I had it in my head a minute ago But this particular one really visually sums up what's going on all modern infrastructure log 4j and then the code so Yeah dual for screen connect was down too Yeah, google uh google amazon and azure they're The only I mean they are massively bigger than any competition. I remember seeing some of the percentages I I I I don't know where it's at today, but I remember at least a year or two ago Um amazon was like 50 percent and google and azure made up some percentage of the rest Some large percentage of the rest, but the other companies linode and digital ocean and vulture Those guys are all like the tiniest percentages of it. Like it was amazing how small I mean, they're big companies too Uh, but just how small of the cloud pie that they have I don't know what I would do user groups for inside of pf sense with a with a unify I don't understand it as a question. So I haven't done a video on it because I don't understand the question Yeah, aws is transparent Um, yeah, it takes a little while before we get the debris found it too. They try to be thorough on it it's uh I don't like I said it is complicated Yeah, there's The interconnection of the cloud providers is a whole different topic too. They're not they're not as siloed Uh, is a lot of people think they are because there was a problem with I remember I think it was screen connect and connect wise a lot of their services were not able to authenticate because of some components missing from aws I'm not a we don't use any of the connect wise authentication. We use the screen connect product from connect wise So we don't use our authentication tools. So that was a uh I didn't experience it but I seen people complaining about it. So I was aware of the problem and uh, yeah, that's about it Back to the um, I don't know. There's the memes, of course to do do do So many So many things we were lucky. We didn't find much. I didn't look today, but uh digging through graylog I didn't find much in the way of uh attacks on us mostly it was in my um I found most of the attacks inside my forums outside of my forums though. I didn't really see anything Uh, google compute plus google's own service to make them more comparable Uh, yeah, I mean google runs a big data center, but I also don't know just how much They actually take the time Sharing any notes. I know a lot of those people know each other. Uh, there's there's at least some population uh Some sharing of knowledge that does go amongst some of them a lot of them are part of I believe it's called the There's an open consortium for how they build some of the things So they do even because facebook's included us as facebook runs their own data center And facebook has actually contributed a lot back to the community in terms of that aspect of it the way they talk about um The way they build their servers the way they build out their data centers There's been a lot more knowledge sharing in that space because they all want to The the reality is what they took they took the time to realize something The servers are not the value the data that is within them is the secrets Is the gold is the oil the whatever tangible thing is just that data But the data center itself if we all collaborate how to run a better data center We can all slurp up more of your data that we can monetize uh Really so fos is getting into the switching market. That's interesting So shared market is uh, aws according to canal says Really I thought aws was more than 32 of the market share Huh, um, I'm curious aws cloud Market share This is not easy stuff to calculate either Let's see I like to do an image search for these things as I'll go with who has the biggest image Man, who's got a slow site Park my cloud Many sites are not going slow not loading fast today Here's the one that I think you found is this one here It's just the page is loading really slow There we go Man Loads another page. Hold on Other slow page. There we go. Yeah, according to this they only own 32 percent Interesting That's still pretty big because others is a lot of other little companies So it's a little bit more diverse than I expected it to be And diversity is better for the ecosystem as opposed to aws goes down and everything goes down so interesting now Is president laws from a public expo system and someone presses rate militia stream them? Yes Yeah, the uh, you know what there was a good, um They had a really good one. I think it's here if I can find it. I'll pull this up Yeah, this is right here good discussion topic If I can here we go get it. Does it fill the screen right there we go So yeah, this is exactly, um What we're talking about right here So yes, you even With that you're getting external hits because it comes in and this is by the way, I'll drop this in there. This is just the Swiss gov cert So you guys can look at a little bit closer But yes, if you have a system that has the logging in there That's how it exfiltrates the data malicious LDAP server People like say vulnerable log j4 log 4j implementation This is the workflow that attackers can send things And this is what's so scary about it is it hits your logging server and your logging server cannot you know I use gray log which did have a patch out immediately for this But there's also tools like, um Some of the sim tools a lot of the stuff that's all based on elastic Which is really popular in the open source space if you have some type of elastic server, which is why log Gray log had they have an update for it to solve the problem with elastic server This is the real threat is that your own logging server, which usually runs and somewhere important in the network Could be the device that gets taken over and that's why this is a particularly scary Attack because it can it's just the logging Um, that's yeah You can disable the problem part of the plugin. Yes That's true Oh, let's see Ah, that is this is a good point to that other uh graphic I had pulled up that's My ratio is probably thinking of the u.s. Market yet probably Uh global market because you have in europe is it obh? Is that I think that's the big provider That's the dominant one not the only one but the dominant one in the european market And uh, I don't think amazon's as big in europe as they are here. So yeah Yes Um, if you send everything to dev know if you have no logging servers, you are at less at risk. You're absolutely right Not wrong at all Uh, so our commercially available routers affected that I'm guessing. Yes, um Let me pull that up That is true I'm gonna get you guys the link here for people wondering There's a list and people said do we have a list of everything there's not going to be a list of everything But there are lists out there of many things that are affected by this And we'll go ahead and uh switch it to here And the number this is an ever-growing list on github and I'll drop a link right here too but yeah, this is um When you start, you know for what's vulnerable in here, there's so much it's Lots of services in amazon had this problem Lots of services that are apache are um Arista networks, so lots of stuff from arista Of course all the stuff from alasian that's going to be where we're going to see this for a while the uh, alasian bit bucket This one right here alasian and confluence is just hard to set up and hard to maintain Uh, I know a few people that are maintainers of it and they're like, yeah, this is Not good Uh, who else is in here? Bitwarden not vulnerable. So just just case anything they didn't write it in java. So that's not an issue. Um BMC where else we got? Pretty big list Cisco cisco it depends on the product. So not all cisco things, but some cisco things are vulnerable because Some cisco stuffs in java some of us not so if it was written in java There's a good chance that it is extreme networks lots of their stuff yeah, this is This is a really long list. Uh, vmware was in there too because the vmware Uh watch card firebox not vulnerable not vulnerable. So off point but vmware Especially where is it like the vcenter and vcenter servers workarounds available. So yeah, all the big names are in here Uh, well, let's see Yeah, that's that link for what I was covering on there Well, at last see an on-prem will go away soon soon as a relative term Eventually soon, I don't know but eventually yes. I don't think there I I'm not positive Didn't they quit selling at last see an on-prem? Uh is juniper srx on there juniper is listed as under investigation juniper space is vulnerable juniper north star controller paragon paragon And that's it So their paragon product line looks like it is you got to check each individual vendor. That's one thing about it There's a lot to keep an eye on for that that This list isn't just huge this list gets bigger as we're doing this if I refresh the page I bet something else got added to this list So this will um It's going to take a while. It's going to be um A long time before we this gets sorted out There's so many people that there's so many products that were they're not even actively developed anymore But they're in use somewhere And someone didn't even realize they had a dependency on it That's going to be a real problem for a long time to come Where you know just all those homegrown little applications that someone wrote are vulnerable and someone's going to test for it And go hey, look what I found on this network or exposed on some website as some service someone runs Uh, oh, okay. So at last seeing yeah most time from service will go if vendors get their way Yeah, eventually they'll yeah So that's the thing I've never used it last year and I just know a lot of people see my any of my friends that were admins for it Always always hate it so Oh, yeah, I'm not passionate until I understand the long-term effects of those For sure. We just need enough people patch to get herd immunity on the internet And we're good says we have herd immunity reach will be fine right because that's how that works I did see that posted and I laughed because Ah, yes Do you know if you know if I has stopped remote access functions? I think they have unintentionally stopped remote access functions. So that was the best way I could describe it um The uh, their systems have been down for a while So I don't think they did it I don't think they did it. So uh on purpose. I think they did it by accident I should add job engineers may ask for 10% more go for it. I think people Say, uh, you know put java if you do java, but also I survive log j4 or something along the lines of that. So Uh Oh, yeah, the melissa the melissa's messages started right away with log 4j Um, I only got a very few number of them targeted specifically at my unify controller And I thought that was weird. So they were there was some probes that went out I was patched before I seen them because I didn't even get my first one on my unify controller till december 13th but gray noise, um See we can Drop this here gray noise that started reporting them right away So there's and this is just skyrocketed up Um malicious versus benign ones. So yeah, there's These they were hitting my servers right away. They uh for my web servers I the my web server logs like my forums day one I was finding this as soon it took like no time at all before this started getting ramped up, um out there So Is there a good resource you recommend how to check for the vulnerability? Uh huntress Huntress and this is going to be fun. Let's uh, let's Pull up the huntress labs thing Go to their blog. They have a write up on how to do it John Hammond has done a video on this So yes, there's definitely some They have a really good write up over here at uh huntress and they have a testing tool you can test So that's for sure and then in other funny news We'll uh, let me pull this up real quick and find it. But yeah, here's the Huntress, it's just in her blog post in case you don't find the url, but I dropped it in the live stream here Where's John Hammond posted this yesterday so you guys can all have a laugh about this Oh, so this is a uh A problem that occurred It was this here This is the log tester um That looks incredibly similar to uh a log tester that they wrote. So here's the huntress log for shell vulnerability tester And it turns out that uh trend micro, you know decided to copy it, you know in me with My jokes and whatnot Because I just wanted to throw fuel on the fire here trend micro now credits huntress for coming up with this But yay, thanks trend micro Yeah, you know what went away The silliness of this the fact that they took they copied huntress really trend really copying huntress. That's where you're going with this Oh man, so yep uh Yeah Fishing tool imitating Yeah, who knows Uh any tutorials and uh on vpn in case adms unify go down again I know I mean I the way we just this is the reason I have videos that say why you shouldn't use a udm I don't really have another easy solution uh Have access remote access to a computer behind the udm This is probably the best solution I can come up with So as long as you have remote access to someone local on the network You can then log into the local web interface of the udm. That's it. That that's the only solution. I really have uh to do it so Yeah Trend micro trend copy the writing for huntress. I brought you initially but then chair michael did apologize Yeah, yep Yep, or as I I heard said from someone else, uh, they're called trend micro not cutting edge micro They just follow the trends and uh, I kind of laughed at someone saying that it was Uh, I didn't talk much about pop o s I upgraded uh my system to the latest version. It works great I haven't really dove into the fancy new features jay from learning xcv does have a video on it I haven't watched it yet. Um, I mean it works. I did I upgraded my laptop my desktop It went smooth. I have not had a chance to try the raspberry pi yet um, but overall the um pop o s experience has been good. So I've uh Where's it at? Where's their blog post about it? uh pop o s 21 10 There we go We do it has come out. So Can you install steam? Yeah. Yeah. Yeah Yeah trend trend only apologized to huntress because huntress called them out. Yep pretty much I don't know. I don't know why they thought that was a good idea. So Who knows? Nonetheless Lots of new stuff new features. Um Overall it's been smooth. I haven't had any problems with it. So Like I did like I said, I didn't really dive into the new features on there But I also kind of didn't need to because it just worked So i'm going to uh Play around with it. Maybe I'll give my thoughts on it. I don't do much linux distro review stuff It's kind of off topic for me now I I feel so I I use linux every day But I don't Think about it because like j actually takes a time to look at other distros and offer opinion I don't I like pop o s so much. I never switched distros. I've become very boring. So that's um Yeah, that's pretty much I'm boring. I just keep staying with pop now Um, I prefer to run xcp and g over esxi. So no, I do not run any esxi servers We have clients. I mean I've supported them. I've set them up. Um, they're not my thing though I'm not a specialist in esxi Do you think this vulnerability will trust will change our trust of third party libraries? Absolutely No, and it's a just not relevant anymore. That is so far beyond what can be done No one's got time. It's just not tenable It is not a thing that could be possibly done now is do it I mean i'm sick Do you are you going to grind your own silicone after the uh specter and meltdown things? Are you going to start designing your own chips that way you can trust the chip design and architecture? And then you're going to write the assembly language and operating system yourself at some point You always have different things to trust doesn't mean we can't make the supply chain better But you can't throw the supply chain away. That's just not something we can do Any reasonable thing here. So it's not about trusting the libraries Uh, there's going to be more scrutiny because this is what needs to happen to get that scrutiny I don't I wish this isn't what needed to happen before we got this level of scrutiny, but You know, everything's getting better slowly by solely one giant fire at a time Hey, thanks for your donation Grayson. At least team does not break pop o s. Uh, just like part one of ltt I hope not I hope it doesn't break it But I don't I don't load. I don't play games on my linux computer. So There's that I don't have a really answer for that today log 4j tomorrow ss h is just 2020. Uh, yes Yeah, if s h breaks it's time to go home Like that's uh, that's that would be worse Yeah, you just can't write everything. It's not It's it's a great thought and I know a lot of people always start there But once they start realizing you work in larger software development projects, you go, this isn't reasonable I can't find enough people to write this much code for a large scale project. So it's a combination of things because uh, the dependency confusion problem that we seen was that 2020 or 2021 I can't remember look up dependency confusion. That was a An exercise in understanding how the supply chain is a little broken with implementation But something really good that was completely a white hat Experiment that made a lot of people think differently about how we pull libraries in so it we're getting better all the time It ain't perfect log 4j will let us know it ain't perfect. We're just getting better Oh, I would definitely say the supply chain has gotten better The fact that we're even talking about it if you knew how easy it was to get something submitted 20 years ago compared to today and just drop anything anywhere I mean it there's actually some vetting. There's a lot more scrutiny. There's people looking at it We are way better. Um, then we were a long time ago, so No means perfect. This is just better than we were but still more to go is how I would answer It's not like I'm saying we're done cross, you know Sit back relax in our chairs. No, no, no, there's still more work to do so Writing everything yourself. Well, I mean, there's some super genius that maybe could do it There there's somebody out there with some skill set that's so incredible that they could probably write everything in assembly I doubt those people are able to Do it but maybe there's someone out there that's just so incredible. They could do everything themselves But yeah, it's it's honestly just not practical And this is the challenge right now software development. There's a shortage of developers That's completely That's a real world issue that we are looking at right here in 2020 2021 and into 2022 The demand for talent is exceeding the num the amount of talent available on the market space right now So that's for sure. It's hard though. It doesn't mean there's an automatically a job for you Just because you studied some type of development or got some development skills They do require and it does take some learning. We need more apprenticeships. That's harder I think apprenticeships are kind of hard in tech. I think that somewhere tech needs to get better at is apprenticeships and methodologies for it Rather than just throw everyone at the help desk and hope if they if the help desk doesn't destroy you You'll come out stronger and in wonder to the higher positions But you know the help the help desk is your trial by fire in the tech market Can you survive it? Can you can you be a functioning human being after sitting at a help desk and answering people's calls? because That's that's like your test that's your trial by fire um, I tweeted about that that topic about management wanting things new And uh, I actually encourage everyone to listen to Uh, make find it real quick. So I'll drop the episode link for you Where did it go? Where did it go? It's the risky biz recent interview. They did Security onion. I I tweet too much sometimes and I sure finding it but it was uh Where did my risky biz tweet go? I tweeted risky biz did an interview recently and in that interview One things I end up talking about when it's it was great. Uh, specifically about the demand for new being such a problem with People chasing news cycles instead of stopping to really look at their code refactor things um, that's That's really it's trying to find that balance. And this is where it was specifically with right here I'll actually drop a link my tweets are public. So I could just drop a link to there So in case you want to follow the people um anyways, it was uh with haroon mere and Let me pull it up over here Risky business or a mere about building a business that people want to use the products On the problem of creating something new for the sake of new and it's you write a lot of it is bad management And this is where haroon has done um a good job of being a manager And managing the company in a way because he's been running the same company growing the company and not really making anything So to speak new for the sake of new It was a great if you listen to that particular episode You'll know that um, you may work somewhere that does not follow these rules But there are companies out there that actually do the right thing and follow the rules So a great great podcast if you're not familiar with risky business podcast in general, I really like it It's great that particular interview. I thought was insightful on that particular topic Oh, let's see Yeah started at the help desk move up to infosec Hey, not many people start in infosec. Uh, I mean there's exceptions for sure, but you I I would say I mean I there are some young people that right away jump right into hacking before they ever had a job and You know, there's there are other career paths out there if you're in cyber security But cyber security is really you you look at those people and some of that stuff they do It's exciting, but it is really high skill. You have to have those that skill that accumen to do it Um, don't assume that you will get this overnight. Um Yeah, that's So that's a whole different topic almost When vetting rmm since most are closed servers, how can you effectively audit evaluate security? Well, you have to rely on your third party sock audits That's one of the things that's important if you're looking at them. So there's The the only way you can really answer that is have they gone through a full security audit Do they have external audits? They follow uh sock compliance. These are really Questions you have to ask these companies And it's also one of the reasons because everyone keeps tweeting at me at least I get a dm or tweet a couple times. It seems like every couple weeks. Hey, tum What about tactical rmm and I'm like, I don't think I think it's a cool project I'm not ready to move everything to something like that because it's an open source project That seems to have a lot of passionate developers But that's not the same as going through a solid code review Someone really taking the time to make sure there's no flaws in the implementation and things like that You have to use a company that's gone through A level of auditing a level of compliance and having their You know and part of the auditing they do is having third parties test them on a regular basis And by the way, even when third parties don't test them They're being tested and we can't just have this In I'll call them out kaseya claim to do some testing kind of vaguely. They clearly were not When we found that flaw hit with kaseya and it turns out they had a fail open in their code That's even the most rudimentary of code reviews would have caught something like that. So Yeah, that's it comes down to The contacting them sometimes they won't give you the audit reports until you're engaged with some rmm companies Like through an nda and things like that Uh, it's not I I wish they could post more of it publicly I don't always know why they can't but nonetheless, it is a thing You should ask any company you're going with for rmm tools If they went through all that so audits don't catch everything comes on the auditor. You're right. There's no There's no way to ever catch anything Things can be audited by one firm. They don't find it the next firm that does the auditing does find it Simple as that it comes down to the auditor themselves That's you know Been part of many stock audits iso 27 2701 certification is much more valuable to me it's not got and even To go a step further comes down to How good was the auditor that could even be brought into question? You know having solid processes and everything on the inside. There's there's so much to it There's no easy answer because even with the best of it if that product has a failure later Was the failure obvious was it a really clever Stacking these on top of each other and some of the hacks are really clever like that's it the hacks themselves are like really nice and That's in this is right here. I someone's saying a percentage of the Audits aren't worth the paper. They're printed on this is like I said it comes down to who the auditor was Were they more friendly? Were they actually following a rule? It's It's not easy. There's no For people think there's a hard answer for any of these there's really not there's not like this This is the answer end of story. You either have this certificate or you don't and that's it It's not like that at all It is it is a complex topic with no easy answers Everything's we did the best we could But if you happen to audit the If you if you have a hack as big as the casea one and you find out that they had a fail open And in the code for the login. Well, someone didn't even bother looking at that I want to know who code who coded that because that was Yeah, that was a Trust no one, but you'll never have any friends So you can you can it's cool. You'll never run a business. You won't have friends You can't say trust no one because people always ask me well How do you you know, how do you vet this or do that? I'm like you just have to if you ever want to grow a business You'll never scale your company unless you decide to delegate some trust that you let other people have access to Passwords and have access to security if they don't do it You don't grow and the story and maybe that maybe grows not for you and that's fine, too Um, I don't know the right answer It's it's not for everybody. Um, we are actually laughing About you know a couple of my friends. I'm like maybe my dad has it figured out He lives in the woods. He doesn't use computer much We we me and my father could not be much different from each other You know, he's unaware of log 4j has no idea. He he doesn't really even watch the news So my dad likes my dad likes reading history books like there's It is my dad's like, what's the log for what's a java like coffee? He's not technical Zero trust yeah zero trust is everyone's favorite zero trust ai that's you got to put the two together Is zero trust that ai bought yet because that's that's probably a great domain Like can we just string buzzwords together to make domains? I mean there's You know, there's ways you could probably pull that off. So You know just uh Live there's still places you can live. I remember watching Uh show something they were farmers not farmers. Uh sheep herders I didn't even know this was the thing that they live very off-grid I'm like, this is still in america. It was a rural area And I was like, yeah, they just they're people that live off-grid for while doing it. I mean and we still have um Different more narrower groups of people like the amish who aren't really Probably quite as worried about the log for j either. So there's there's ways to get around it But that's not the industry. I'm in or the lifestyle I'm into. So yeah Bit site score can give you yeah One of the things um, I really like too Was uh bit warden bit warden Code review Code audit There's a series of these too. I'm just grabbing the first one to pop up in google, but they've got Um They have a whole page on this somewhere. I'm sure I remember the pages off the top of my head but They've bit warden's very transparent about their code audits. They're also open source. Uh They have well, oh, this is just a lot of stuff on here. By the way, they you can download the pdf of Their security assessment reports Their code review. This is there. I like how transparent they are with all of this. So Have you seen bit warden off from family plans those enterprise licenses? I've never really Never really dug into it. I just recommend a lot of people too bit warden I think they have a solid product is what we use internally here. So Yeah, that's um pretty good stuff Long for j is the it guys way of punishing java users. Yeah, the world's being punished. I don't know what the java users are really being punished The world is dealing with it more so than the java people It's a problem But yeah, bit warden does a good job with that. I want to wind this down Uh, let's do some 10 more minutes of final questions. There's a lot of you here Smash the like button 57 likes um, so It's kind of cool watching how all this ramps up and everything Let me share. I'll actually share for those of you that want to see it Because no one wants to just look at me There we go Here's how the uh So let's get this number up. Oh, look at that. Thank you 68. Whoo Numbers getting bigger now. We're gonna watch the infinity thing happen slowly by slowly There it is the the fun delay that that is that Oh 144 p. Oh no Oh, I didn't know that if you have an enterprise license that she's for yourself They're offering a family plan for the staff. Well, that's cool Um, I have not looked at any new Dell products. So I don't have an opinion or any insight into them I didn't know Dell was trying to do something like framework, but Oh, it's just my camera. Yeah cool Camera just had it there Prepared for Chris. I'm not prepared for I don't like Christmas that much. I'm not a big Christmas person Yeah, I'm not I'm not too festive Uh, let's see any other questions before you want to wind this down We got plenty of you clicking the like button rough to 109. So yay Finally split code of my house to capture portal free radius. Thanks again. Awesome. I'm glad we were to help That's great love here in it Do I fear that pfce is getting abandoned? No, I don't worry about it Have I ever gone to a video conference just a vid summit? I've thought about going um I feel like I should go because then I'd interact with people But I have not gone if I would if I were to go I would go to probably something like vid summit. So Um that my cousin goes to it who's big into youtube. Uh, she runs a bigger channel than me, but I I I don't know. I feel like I'm a real Because I'm kind of in a in a niche Like I don't know I guess I could learn more about what I should be doing It's just hard for me because I know the things I should be doing that I'm not doing so that's That's the fun thing about youtube When will you get more unifier brand or spot something from target for temp? I don't know supply chains no fun Any horror stories? Yes, uh kind of We can drop this out there real quick. There's a There was an attack found on Bleeping computer had posted it. Let me find it real quick here I mean, it's kind of to be expected though Where'd it go? But there's been a there's already been an attack where they think that was what they used to get in so I mean I don't think that's anything more than just expected behavior Yeah, I'd have to find the bleepie computer articles. I'd seen it and scrolled by so my my log for j horror story is going to be In the future for sure Yeah, the 655 yesterday. I posted a video about that on my channel. That's uh, the probably besides the live stream I did I did a video yesterday about that on 655 Not really. Um Done a performance comparison different hardware running windows in xcp ng not really lack of interest so Yeah, who knows what bug will find out that it's moving fast. So Wonder how long apts have known about log for j. Well, here's the thing There's enough honeypots on the internet that A lot of this stuff sometimes gets discovered because of that. So because we and also by the way Uh, because we know what to look for once you have some code out there and we know what the code is All the people like for example, my friend works for a very large fortune 500 company They keep Incredibly good logs when there is an incident they have six months backwards of logs. They can go through They're not the only company that can do that even we keep a pretty good number of logs in days back So after we knew what to look for we could then go through our logging server and see if anyone had ever sent that before so It's how long did apts know? It depends if they ever on the off chance hit anywhere with it that had logging at all They could have gotten caught with it. So it's kind of uh, I don't know. It's kind of interesting It was interesting because the um Is a 2013 is when the particular vulnerability came in there. So 2013 when they introduced the Gndi lookup feature that is improperly sanitizing the input data that allows for the Where you would basically instead do a lookup you can set inject code in there You basically exceed what it was supposed to do for the log It doesn't parse it properly and it runs and executes whatever's in that particular spot That wasn't introduced until then and introduced isn't the same as we all started putting it in systems So it took a little while before it got in systems, etc. And yeah Claim that december 1st was the first known attack Yeah, I haven't looked I mean as people like I said as people are able to go through their logs And see when it first came up That's when we're going to know if someone had it beforehand and if they had it they were really quiet about it They only use it in very very limited use cases to get in somewhere That's going to be the question because sometimes that's that's a weird problem You run into from an investigator standpoint. You don't know how the person got in It's a mystery. You don't have that piece of information They know that they're in if you follow through the details of the solar winds the threat actors that were Utilizing the solar winds made sure anytime they got their deployment actually what was really strange about how they did it They tested to see if they could get into the code They didn't deploy until three or four months after the test Then they deployed and then they removed it from the code to make it harder to figure out it was only A very narrow version of the solar winds or ion tool that was ever deployed with a payload in it that made finding it Extremely hard because you could look at the more recent versions matter of fact There were numerous versions released and you can go back numerous versions ago there's nothing in any of this and As soon as they would get in they would pivot and move away from the product that got them in so as not to Let you know how they got there. So there's a lot. It's really really challenging figuring all that out so Thoughts on pegasus by anis ogre. Do you think their Rain is finite. There'll be another one. They're in trouble now. Some other name will come up and they'll be in trouble then Uh awareness is the hard part. So Well, the quite slow attacks are a lot scarier the quite the espionage attacks are a very different type of attack Because their purpose is for espionage not for Trying to do a smash and grab they're not trying to drop ransomware. So yeah very very different attack Very different purpose because their goals to exfiltrate data or Just stay persistently in there so they can listen and watch and exfiltrate data over time So because they have a different goal and their goal is not to be detected their goal is often not to damage things So it becomes a whole different thing. So Oh, yeah, the minecraft player. That's that's what I love about this and I'll start up a minecraft we're just gonna we're just gonna drop this in chat and uh We're gonna hack a minecraft server and when someone goes. Oh, yeah, minecraft has a code flaw They're like, no java has a code flaw. Oh who uses this library everybody. Oh, that's not good Yes, this is an important thing as sam brings up right here with log 4j You're unlikely to see any in your logs if you're compromised matter of fact when it's activated It doesn't log that's it doesn't go to the log. So that's uh, definitely a potential problem it can be tricky to find because that particular command Because it executes instead of logs You may not see it. So there's yeah, there's this is just the complexities of deciphering these things It's not easy because it's actually executing the code instead of writing to standard out Here we are so And by the way, usually people use this to avoid writing to standard out because you're piping it to a logging Some type of other log somewhere else. So it is not an easy problem to solve It's an easy problem to patch for from a development standpoint pull in new library That does proper sanitation and away you go, but Yeah in the end It's a mess all right Well, thank you all 200 and something people that joined today and I see 280 of you still here smash that like button for you leave Reach me over in the forums twitter connect with me on linkedin if you'd like LinkedIn's a good spot to Talk business sometimes so all the different places I'm easy to find forums as if you have tech support questions or of course, you know If you want to hire for projects that you can head over to warrant systems.com for that too That's a whole whole other thing on there. So All right, Ewan. Hey, no problem. I'll try to keep these heads up posts I try to keep them short when I do them So I may do more of the short little heads up posts I do When things are out there I thought like this might be something easy for me to add to the channel when there's just something to announce It's short. You don't have to watch much. I don't put much I put the little I'm not doing a spiel in those videos. I should say I'm not talking about search for sale or anything like that It's just kind of to get you out there and get you noticed But I do tweet a lot. So if you I try to tweet any of the security information So if you follow me on twitter, I try to keep in Memes and relevant information if the memes I post are all but tech related So it's either some humor or some security information So all right. Thank you everyone who came and joined and have fun