All righty then , ladies and gentlemen , welcome back to Privacy , please . Cameron Ivey , here with Gabe Gumbs , as always , my sidekick , my friend , my homie , mr .
Speaker 2Gumbs .
Speaker 1My home skillet , home slice , how you doing . It's another Friday in the world of digital nonsense , right on Preparing for an above average weekend , are you Probably ? Yeah , I mean , I'll have , we'll get on , we'll get some adventures and maybe that's above average . That's above average I'm excited right uh , yeah , um a lot going on in the world today , gay or in in busy in this cyber and privacy world .
Speaker 2There's a lot happening . There are a lot of topics that are worthy of coverage , but there are a few things in particular that came up over the last week that we've been asked some questions about , so we wanted to make sure that we covered those front and center . Just bringing you the latest updates from around the community ?
Speaker 1Yes , we are . Let's go ahead and dive right in . Hackers be getting hacked .
Speaker 2It's a thing . Being a hacker does not prevent you from getting hacked . No . One of the primary drivers of data breaches is misconfigurations , and it would appear that hackers are no less susceptible to such shenanigans .
Speaker 1Well , I mean , you know that world more than me , so let's dig into it real quick . So the first topic is cybercrime forum exposes its own members . So a well-known cybercrime forum forum place where stolen data is bought and sold had its own massive data breach this week .
Speaker 2If you haven't heard , so let's talk about how that happened . The bat . My first thought is you've got some
pretty bad opsec . If you are a cyber criminal and you're like reusing usernames and other things that are tied to your identity in any meaningful way , it's just you know why because they're still human gabe uh , it's fair .
Speaker 2That's a fair point . They are indeed human . They are indeed human , so they're gonna make human mistakes . They do , and they made a very human mistake . They accidentally misconfigured a database and left it wide open for the world . So this wasn't a hack so much as it was a breach , and breach was a literal byproduct of just pure misconfiguration . We talk about this frequently . We talk about this to folks directly in the security community , we talk about it on the show frequently , but just the basic hygiene of configuration , as you can see , leads to even breaches for the bad guys , and so there's been a whole lot of chaos in some of those forums because it breaks a bit of the trust .
Speaker 2There's a strong requirement , even in the criminal world , for there to be a trust element between the administrators of these sites and the users of these sites . That element of trust is necessary both in terms of okay , is this guy a reputable vendor ? If you give this person some Bitcoin , are you going to get an exchange goods and services that you find to be worthy of exchanging monies for ? The only real difference between cybercrime and sanctioned or otherwise non-criminal business activities really is just the law aspect of it . So much else of it really just translates . Trust is a necessity for successful business operations and that's really no different for these folks . Anonymity is everything in the cybercrime world and anonymity being compromised completely ruins , in this case , this cybercrime forum in particular . How many people return to that forum ? If I'm a cybercriminal , I don't go back at all . I don't even care if they tell me they fix things . Maybe I make my way elsewhere , maybe I do , maybe I don't .
Speaker 1Dare I say a digital friendly fire , Little digital friendly fire .
Speaker 2Little little digital friendly fire Indeed yeah .
Speaker 1Did a robber accidentally shoot his own foot ?
Speaker 2I think so , I think so .
Speaker 1I think that's what happened .
Speaker 2I think it happened .
Speaker 1Well , we'll keep . We'll keep our eyes on that one , but that's that one's . That one's funny to me , that one's funny .
Speaker 2Yeah , yeah .
Speaker 1The second topic is a code red for corporate IT . Sharepoint was under attack active attack . This past week we saw SharePoint getting attacked quite broadly .
Speaker 2And as most folks in the IT world know , sharepoint is somewhat ubiquitous inside of organizations . You know , one of the biggest challenges is , even if you don't necessarily use SharePoint directly , a number of other Microsoft services are directly tied to SharePoint and so you likely have it in your environment , regardless of how intimately your organization may be using it . But for what it's worth , lots of organizations do use it quite heavily . They rely on it as a document repository , they rely on it
as a core part of their overall data management strategy , and we've seen SharePoint get attacked before . Another reason why we see that continued attack pattern is , again , it is somewhat ubiquitous . Microsoft has bundled it with so much that there's a lot of it deployed , and so if I'm an attacker , it makes for a good attack surface because I'm likely to get my hands on more environments and more data , not less , just by sheer volume of users .
Speaker 1Yeah , so this is , I mean , this is considered enormous because it's not just personal information , this is company stuff , this is like organizations , yeah yeah , we don't see that very often , do we ? Yeah ?
Speaker 2No , we also don't see remote code execution flaws that are present in software that is . This ubiquitous right Like the attack surface of SharePoint can't be understated . It's huge . It's not a niche product , it's massive . And being able to exploit , run exploit code remotely means that they can take full control over of that server from anywhere , yeah , anywhere . That's a problem , that's a problem ?
Speaker 1Well , this is obviously ongoing , but what do you ? I mean , this is so new , I mean this coming out now . Do you think this happened a while back , or is this happening , like just this past week ? This was like . You know how we hear things later on .
Speaker 2Yeah , I don't recall the specifics of when the patterns were started to be detected in the wild , but you know , suffice to say that quite frequently with these types of attacks , by the time we notice them , it has been going on for some period of time , right , Like even if this were a quote zero day attack . The amount of damage that can be done within a day , within a week , is quite huge . When , again , the attack service is this large , you can attack a lot of SharePoint servers in a short period of time just because of that . But you know , since this story has been breaking it's only been about a week so far since this story has been breaking , yeah , Well , we'll keep an eye on that one as well .
Speaker 1Just wanted to update you guys here . We'll move on to the next topic . So we got Children's Privacy Act . There was a major movement in California this week . They passed a significant new regulation aimed at curbing how companies collect and use data from children and teens . So this is huge . I mean , they've been talking about this for a while , but it seems like it's not just California Gabe , this is a national trend that's kind of going through the wave here . Yeah , it's always protecting the children .
Speaker 2I get it , I agree . I always struggle , though , with legislation that feels difficult to enforce . Yeah , I'm intrigued as to , in particular . So this regulation mandates stricter requirements for getting parental consent . Cool , great . How are you going to get that parental consent and validate that it was indeed a parent
that gave the consent ? It's another pop-up box where you simply check a box on a website . I don't think that type of enforcement really achieves the goal . That being said , it is still better to at least have the rules in place that do govern . Okay , you have that data . Now you have to take special care of that data , regardless of how that consent was granted , and that's kind of the side of the fence I fall on is I'm not particularly super anxious to further regulate how the consent is granted . I'm really more interested in what happens once the data is in the corporate hands .
Speaker 1Yeah , that's a good point . I also think , like I feel , like even parents , there should be no information from kids , like you , shouldn't have to give any kind of information , even if and obviously , there should be guidelines around things that are used by kids , whether it be apps or learning apps and things like that . This is such a sensitive subject because , you know , even if our , you know , let's not get into the even even the government isn't the safest place for kids . Let's be honest , even if their , their goal is to protect children's privacy . I know that the CCPA is , you know that's the goal , but I think you get what I'm trying to say . I do , I do . That's a . That's a different show .
Speaker 2And that's the challenge , right like there is the spirit of what is trying to be achieved with that new legislation . And then there is the real world . The messiness , yeah , is the real digital world well , a little shameless plug .
Speaker 1Shameless plug on our new show . I might as well . I think it's a good time . The problem lounge .
Speaker 2You're talking about digital messiness yeah , a little digital messiness so we're launching , launching a new show launching , launching a whole new podcast network . So we've been now studio delivering studio . We've been delivering privacy please now for five and a half years or so , and we've long wanted to expand into some other areas . We've had a lot of requests to cover some other topics , but they don't neatly fit into this show . So we're launching the Problem Lounge studio , which will be the overall umbrella org that produces and brings forth Privacy Please . So nothing's changing there . You will still get access to your Privacy Please , but we are launching two new shows under that banner , the first of which I'm happy to announce today the Problem Lounge .
Speaker 2So those episodes I think they're going to drop the week of Black Hat , right , like we're going to start dropping . We're going to drop the week of Black Hat , so that's August .
I think the week starts on like the 5th . We're going to be dropping on the 6th and the 7th , so stay tuned for that . We have a new website launching with that as well too . We'll announce that website here shortly . Well , it is theproblemloungecom , but it is soft launched at the moment . So again , don't at me , don't at me .
Speaker 2Yeah , yeah , shameless plug indeed , and so why don't you tell listeners what exactly is the problem lounge and what are we going to be covering on ?
Speaker 1Oh , that's a good question Gabe .
Speaker 2Well , I mean the census of it is , or is that ?
Speaker 1the right word , the consensus , the entirety of that podcast is to kind of highlight the messiness of being human in a digital world , being human in a digital world . So we're going to be covering tons of content on just like life and it's still going to kind of mix in , you know , privacy and security and but it's going to kind of hit on more life situations and interpersonal , personal , yeah , yeah versus the , the business topics that we cover exactly yeah , we're really excited about .
Speaker 2We're going to get a little looser on that show . That show is definitely . It's PG-13 if the year is 1995 . The year is 2005 . You know , it's NC-17 . Yeah , yeah , yeah .
Speaker 1Yeah , we're going to be showing some stuff .
Speaker 2Yeah , yeah , we're saying some things .
Speaker 1We're going to say some things .
Speaker 2We're going to say some things . We're going to say some things , we're going to say some things .
Speaker 1We're going to keep it real and just continue to be us . So , if you want to keep supporting us and tell your friends and family .
Speaker 2Come support the new show . Come support the new show . You'll be able to catch that show biweekly , same place . You pick up your privacy , please . So we're launching across all the platforms Apple Podcasts , spotify , you name it Everywhere you go to get your podcast YouTube the whole night . You can come check out the Problem Lounge there , as well , we might even be on TikTok .
Speaker 1We'll see , we'll see . But yeah , anyways . Last topic , gabe . Next week on Thursday , the Minnesota Consumer Privacy Act goes live on the 31st of July , and this one's really cool . There's a couple things that's very different about this law compared . It's not just a copy and paste of other state laws , so if you're a Minnesotan , hold my hot dish , you know what I'm saying . So they're joining a group of other states , of course , with this comprehensive privacy law . So it gives citizens the rights to access , delete , correct and , crucially , opt out of their data being sold or used to targeted ads and profiling . For any business that operates nationally , they now have to
navigate another , slightly different set of rules , definitions and obligations . Compliance is becoming incredibly complex , obviously because of all these different state laws . It's like having different allergies for each human . We're getting real . What's the word ?
Speaker 2Not compartmentalized , but specialized .
Speaker 1I'm specialized , but like granular , Granular granular . Yeah , these state laws are all getting so granular and just they have little different things about them . That notable feature for Minnesota is a right for consumers to question and get human review of automated decisions , a key protection in the age of AI . That is huge . That's a pretty big one , yeah .
Speaker 2That's awesome one . Yeah , that's awesome If and when the implementation of AI expands further into making decisions for us , whether those be health insurance coverage , and that's probably one of the biggest ones , really right , like an AI agent makes a decision to deny or approve a procedure , for example , you should be able to question that and get an answer from a human why that is a thing .
Speaker 1I agree , 100% , absolutely . Well , that's pretty much it for this week , though I mean that's a big one , so look for that to go live on the 1st and that's it for Privacy . Pleased this week . We appreciate you guys . Thanks , gabe .
Speaker 2Always a pleasure , Cam Good to see you .
Speaker 1Don't forget everyone . Come check out problem lab , pull up a chair . Yeah , you get an exclusive early look . Problemloungecom , the problemloungecom . We'll see you guys soon , peace .