Down The Security Rabbithole

We kick off a week of on-the-scene podcasts live'ish from Enfuse Conference 2017, hosted by Guidance Software in Las Vegas, Nevada with Lori Chavez VP of Corporate Marketing. She is the brains responsible for the amazing conference including speakers, content and everything else. Lori gives YOU an insider preview of Enfuse 2017, and tells us a little about what we can expect and some history of the conference - and we can't wait to give you MORE! Stay tuned in all week as we bring you more fantastic content from Enfuse Conference 2017. And as always, use the hashtag #DtSR to talk back to James and I or #EnfuseCon17 to interact with speakers and attendees! Just for DtSR listeners - we will post a special coupon code for next year's registration... just for listening. Don't miss it later this week!

This week we are live from Enfuse Conference 2017 in Las Vegas, Nevada. Special thanks to Guidance Software for having us out and getting us access to a whole host of fantastic speakers. On this episode Greg Hoglund and Ryan Butterworth of Outlier Security join us to talk about the DFIR space with all it's problems including a shortage of qualified labor and sub-optimal tools. This fantastic discussion wanders all over the DFIR space including the "data problem" and tools, tools, tools. That tool that Greg mentions, which is free, is right here: http://unbouncepages.com/supertimelines-free/   Guests Greg Hoglund - Founder and CEO, Outlier Security, Inc. Ryan Butterworth - Principal Software Engineer, Outlier Security, Inc.

Microsoft warns ransomware cyber-attack is a wakeup call As of recording, it is reported that 200,000 computers were infected. Patch for flaw was released in March, 2017 Microsoft has since released a patch for older systems Lots to discuss on this - including Microsoft's letter to the NSA Link: http://www.bbc.com/news/technology-39915440 Link: https://www.infosecurity-magazine.com/news/microsoft-xp-patch-wannacry/ Link: http://www.bbc.com/news/uk-39921479 United flight attendant accidentally leaked door codes online Flight attendant somehow posted the codes online Insider threat? Multiple layers of security needed and additional controls here Link: https://www.infosecurity-magazine.com/news/united-flight-attendant-door-codes/ Link: https://www.wsj.com/articles/uniteds-cockpit-door-security-codes-inadvertently-revealed-1494794444 Keylogger discovered preinstalled on some HP laptops Audio driver inspected keystrokes looking for events like Mute, Unmute, etc..  but also stored keystrokes in a file.

This week - live and in person from Denver, Colorado and the RMISC Conference I interview Stephen E. Coury the CISO of the County and City of Denver. The conversation leads off with Stephen's journey through cloud computing and weaves through some of the challenges municipalities and city governments are facing. It's a fantastic conversation that is readily applied to both public and private organizations - you need to check this out. Thanks Stephen for coming out and talking to us!   Guest Stephen E. Coury - CISO of the County and City of Denver, CO. 

Chrome to mark more HTTP pages ‘Not Secure’ In October, 2017, all HTTP sites will be marked ‘Not Secure’ while in incognito mode. Incognito mode allows surfing the internet without saving your browsing history. Enterprise: Have you seen any negative feedback from the previous changes to show not secure? Does this change your priority for moving to always HTTPS for all sites? Link: https://threatpost.com/chrome-to-mark-more-http-pages-not-secure/125255/   2017 Verizon DBIR Highlights: Analyzing the Latest Breach Data in 10 Years of Incident Trends Oh, the headlines. Slow the roll, folks. Stop the password hate and turn the mirror around Let’s talk about people… and why they are not the weakest link. Grow up. So many obvious points, yet so much insight not being talked about - why? Hint: It dispells the doom and gloom and asks tough questions Example: Page 13 - patching ... looks like after 2 weeks "If it's not patched, it's not getting patched". Ask yourself, what patch percentage you're at after

This week the team gets together to talk Management and Leadership in the security industry and in general. Our very own Michael Santarcangelo joins us as our featured guest to dispense knowledge on leadership by the truckload. So grab a cup of coffee, something to take notes and listen in.

NewsCast for Tuesday April 18th, 2017   Dallas Tornado Sirens Hijacked Tornado sirens in Dallas all simultaneously went off Suspected hijacking of the emergency system, lots of speculation of how this happened Now believed to be a radio hijack Link: http://content.govdelivery.com/bulletins/gd/TXDALLAS-1936de1   Two Inmates in Ohio Jail Hacked it From the Inside Talk about an “insider threat”! These were made from spare parts, hidden in ceiling, concealed well Unauthorized access to network (no NAC?) made infiltration possible Link: https://qz.com/958503/two-ohio-inmates-hacked-their-prison-from-the-inside-using-makeshift-computers-built-from-spare-parts/   SWIFT Launches New Anti-Fraud Controls in Wake of Wire Frauds New tools to ‘detect suspicious transactions’ Appears to be free in addition to other fraud-detection tools Link: https://www.swift.com/news-events/news/swift-launches-new-anti-fraud-payment-control-service-for-customers   Huge Adobe Security Update Just Released 59 total vulnerabilitie

This week the Down the Security Rabbithole podcast hosts Sven Krasser of CrowdStrike. Sven is an actual machine learning data science expert (as opposed to an "expert") who has been dabbling in machine learning, artificial intelligence and other forms of advanced computational science for a long while before it was popular in security. This week we James and Raf sit him down for 45 or so minutes to discuss the real facts and separate them from the fiction of what machine learning really is and the promise that it may hold for the enterprise security world. As always, join us, share, and engage our crew using the hashtag #DtSR on Twitter. We'd like to take a moment to thank Sven and Crowdstrike for the time and expertise to our show.   Guest: Sven Krasser ( @SvenKrasser ) - Dr. Sven Krasser currently serves as Chief Scientist at CrowdStrike where he leads the machine learning efforts utilizing CrowdStrike’s Big Data information security platform. He has productized machine learning-based systems for over a de

Pew Center Survey Finds Americans Lack Understanding of Cybersecurity Measures Most ‘typical’ users simply don’t understand security because it’s “magic” to them Basics must be understood by average Jane - attackers count on you not knowing How do you take knowledge and push to enterprise, while keeping up with consumers? Link: http://www.pewinternet.org/2017/03/22/what-the-public-knows-about-cybersecurity/   Suspect Charged in USD 100m Whaling Scheme $100 Million dollar - from just two companies How would your executives (and those supporting staff) fare against this attack? More importantly, how does your “awareness” program deal with this? Link: https://www.justice.gov/usao-sdny/pr/lithuanian-man-arrested-theft-over-100-million-fraudulent-email-compromise-scheme   Google's Android Security 2016 Year in Review Report: Android Security Improving Overall, Google is making great strides The fragmentation problem isn’t getting better for legacy devices that have long life-spans Going forward, things appe

This week, on the Down the Security Rabbithole Podcast, Michael and I are back with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from Dallas, breaks down the latest issues that affect Cyber Security and the Law - with that business perspective you've come to expect from our podcast. As always, we love hearing from you and if you have questions don't hesitate to hit us up on Twitter using hashtag #DtSR or you can always hit up Michael (@catalyst), myself (@Wh1t3Rabbit) or Shawn (@ShawnETuma) directly! Thanks for listening and spread the word!

The Cost of Cybercrime - Let’s Take a Different Perspective Cybercrime is reported as a $450B drag on the economy; the absolute number sounds big The question to ask: “How big is the global economy?” Turns out that this is only 0.57% of the global economy, in 2014 (nominal) By way of contrast - how many minutes are in a day? What is 0.57% of your day? What it means - we’re doing a good job. Fraud is low. Cybercrime might be on the rise, but for now, it’s at low relative percentages Does it mean we don’t matter? No. Don’t be silly. Our efforts are why the numbers are low Keep up the good work http://www.en.netralnews.com/news/business/read/1249/cybercrime.costs.the.global.economy..450.billion https://en.wikipedia.org/wiki/Gross_world_product Home Depot to Pay Banks $25 Million in Data Breach Settlement New settlement with banks http://fortune.com/2017/03/09/home-depot-data-breach-banks/http://www.cnbc.com/2017/02/21/home-depot-earnings-q4-2016.html → has autoplay with the same video Survey: Experience

Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 ( http://podcast.wh1t3rabbit.net/dtsr-episode-122-enterprise-architectures-role-in-security ). This episode is a revisitation on Enterprise Architecture and it's importance to security with a perspective on enterprise tech stack, business segmentation and micro services in a modern distributed enterprise. Marie-Michelle's experience and extensive insight into the topic should give you something to think about as you go back to your day job in security.   Guest: Marie-Michelle Strah ( @CyberSlate ) - Marie-Michelle Strah. PhD is currently Senior Principal in the Enterprise Architecture Group at Infosys Ltd and based in New York City. A highly collaborative, diplomatic and inspiring thought leader Michelle is able to effectively drive business and technology strategy and business insights across corporate boundaries and departmental silos. A seasoned management and t

A Note on the Passing of a Legend Howard Schmidt passed away this week Long, distinguished career as one of the CISOs who “got it” He will be missed in government and private industry - he was on our show too (December 2015) http://podcast.wh1t3rabbit.net/dtsr-episode-166-cyber-security-from-board-room-to-white-house Are SysAdmins Violating the CFAA? This is, by all accounts, an insane criminal defense...or is it? Can what sounds like a stretch logically, be used maliciously by employers? The law is about intent - does this invalidate his claim? Link: https://nakedsecurity.sophos.com/2017/02/27/it-admin-was-authorized-to-trash-employers-network-he-says/ Yahoo Board Sends Message That Echoes After a string of breaches, the board conducted an investigation CEO will not receive 2016 bonus or 2017 equity award Top lawyer resigns (or was asked to, which ever) Is this THE event that will put CEOs on notice? Link: https://www.nytimes.com/2017/03/01/technology/yahoo-hack-lawyer-resigns-ceo-bonus.html?_r=0 Cl

This week, the interview is extra special because we have a guest I've personally been following for a long while, and I finally got a chance to virtually sit down and talk through his considerable areas of expertise. I'm pleasured to say we had a chance to sit down virtually with Professor Tom Nichols and talk international affairs, foreign policy and all the important things getting lost in the off-color political arguments lately. These are important issues to cyber security professionals that impact our daily lives - but rarely get discussed by someone with actual, credentialed expertise. Enjoy this one, friends, I know we did recording it. I want to thank Tom for being an awesome guest and lending his time to our show. If you want to read Tom's latest book, you can get it on Amazon, link HERE.   Guest Tom Nichols ( @RadioFreeTom ):  Dr. Thomas M. Nichols is a Professor in the Department of National Security Affairs at the U.S. Naval War College and at the Harvard Extension School, where he worked with t

This week, fresh on the close of RSA Conference 2017 James, Michael and I discuss the happenings of the conference, lessons, and features along with some inside anecdotes you won't get from anywhere else. Of course, we add our own unique blend of snark and humor - but that's what gets you listening and coming back for more. We'd like to say a big thank you to everyone who voted for us in the RSA Social Security (Security Bloggers) Awards. We didn't win, but we feel good about the audience we've acquired and will keep working hard to spread the message. So to all of you, thank you.   Let's get on with the show!

This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating discussion, we discuss many of the topics security executives and leaders are talking about right now - but as you have come to expect this is less about 'security' and more about protecting what matters. We want to thank Neira for taking the time out of her busy schedule to join us on the show, and encourage discussion on the topics we covered - if you listen, and you have an opinion (I know you do) then let's discuss using the hashtag #DtSR on twitter.   Guest Neira Jones (@NeiraJones) - Independent Advisor & International Speaker| Payments | Digital Innovation | Information Security | Fraud Non-Executive Director, Cognosec Chairman, Comcarde Chairman Advisory Board, Ensygnia Advisory Board Member & Ambassador, Emerging Payments Association Partner, Global Cyber Alliance Neira can also be fo

It is that time of year of W-2 Scams There have been multiple reports of companies releasing W-2s through email scams. Link: http://cbs4indy.com/2017/01/31/scammer-gets-copy-of-w-2-form-for-every-scottys-brewhouse-employee-after-data-breach/   Cops use pacemaker data to charge homeowner with arson, insurance fraud Becoming a common occurance with IoT devices.  If you are creating these devices, are you considering: Storage of the data Privacy policy Education around how data is stored and could be used From an enterprise perspective: How many of these devices are inside your organization How do any of these tools factor into your own forensics approaches? Have you explored any of the liabilities What if you were subpoenaed for the information in your IoT? Links: http://www.networkworld.com/article/3162740/security/cops-use-pacemaker-data-as-evidence-to-charge-homeowner-with-arson-insurance-fraud.html http://www.abajournal.com/news/article/data_on_mans_pacemaker_led_to_his_arrest_on_arson_charges

On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the finer points of Internet of Things (IoT) security ... or complete lack thereof. If you own gadgets that are 'connected' or you are ever around them (hint: you're surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017.   Guests: Stephen A. Ridley aka "@S7ephen" Jamison Utter aka "@jamison_utter"

Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled) Link: https://devops.com/2017-social-security-blogger-awards-open-voting/   Digital transformation forces businesses to rethink cybersecurity A change where operations are being held accountable for security James has commented on this before. In order to get better security, it needs to be embedded in the teams within the organization, not just the security team. Link:http://www.cio.com/article/3157478/security/digital-transformation-forces-businesses-to-rethink-cybersecurity.html   Mobile is still the safest place for your data Most breaches are taking place in physical mediums, or traditional platforms Mobile was designed in the midst of the discussion on ‘digital threats’ - designed with security Mobile platforms are encrypted, more secure by default Link:http://www.infoworld.com/article/3155946/data-security/mobile-is-still-the-safest

This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing risk/usability and how some of the things you've heard about endpoint may simply be ... wrong. Join James and I as we let Paul endow us with his wisdom and experience... take some notes, this one's going to be good. Guest Paul Hershberger - @pjhersh13 - Director IT Global Security Risk and Compliance at The Mosaic Company.