Welcome to Security Explained, where we strive to make the complex realm of cyber security better understood by everyone. Join our three hackers / hosts Christopher Grayson, Drew Porter, and Logan Lamb for approachable conversation and a few laughs on the world of hackers, how to think about privacy and security in today's rapidly changing world, and how to keep yourself and your loved ones safe.
…
continue reading
In recent days we've heard whistleblower testimony from Peiter Zatko (aka Mudge) alleging some pretty serious security problems at Twitter. This comes at a fairly opportune time given Elon Musk's interest in buying the company and subsequent cold feet due to Twitter's "bot problem." For the uninitiated, Mudge is a long-time hacker (an "OG" you coul…
…
continue reading
Welcome back for our FIFTH season :) So it turns out that Uber got hacked... and it looks to be bad. Hats off to their PR team for the job they've done keeping things quiet since. We go over the ins and outs of what we know so far and touch on the status of our DEF CON recordings too! Here's to our best season yet! - https://twitter.com/BillDemirka…
…
continue reading
It's the last episode of our fourth season! The security gods were kind to us and gave us a softball with some exploits that are in the news recently; code execution in Confluence and a new ms-msdt code execution exploit in Windows. Lastly, we talk about preparations for DEF CON (we hope to see you there)! We've loved his journey so far and are so …
…
continue reading
We directly address the question of how hacking actually works by going through some of the underlying issues that contribute to a hack, tell hacking stories, then wrap up with a very brief explanation of the differences with state sponsored hacking! https://xkcd.com/327/ - Little Bobby Tables https://www.saleae.com/ - Example Logic Analyzer…
…
continue reading
We cover 3 security related news events as well as 1 space related news event in this weeks episode. From ransomware to NASA sending nudes into space, get your download of news that sparked our interest in this episode.By Chris Grayson, Drew Porter, Logan Lamb
…
continue reading
Join us as we discuss the black magic of radio communications! What is a radio? Why do phones have so many of them? After covering the basics of radio we delve into radio security (confidentiality/availability/integrity) and its implications with the war in Ukraine.By Chris Grayson, Drew Porter, Logan Lamb
…
continue reading
1
Privacy Rights and Legislation (CCPA & GDPR)
52:38
52:38
Play later
Play later
Lists
Like
Liked
52:38
How inclined are you to use tobacco? What were your salaries at your previous jobs? Your family and friends may not know, but data brokers sure do! Join us as we discuss CCPA and GDPR, two foundational privacy laws which lay the groundwork for taking back our privacy. We discuss actions citizens of California and EU can take to exercise the rights …
…
continue reading
It's been a bit over a week since some troublesome photos were posted to Twitter that appeared to show a breach of Okta's administrative portal. In the days since there have been a number of statements from Okta that leave us... disappointed to say the least. When you're such a critical part of modern digital infrastructure (and a security product …
…
continue reading
It's been a few weeks since the start of the Russian invasion of Ukraine. Throughout the war we have seen repeated examples of what it means to be engaged in a 21st century war. In this episode we dive in to some of the electronic warfare that we've observed so far coming from both sides of the conflict. It's no exaggeration to say that there have …
…
continue reading
1
Crypto Market Hacks w/ Royal Rivera
1:02:45
1:02:45
Play later
Play later
Lists
Like
Liked
1:02:45
Today we have the pleasure of speaking with Royal Rivera, CCO of HaasOnline. We discuss some of the major hacks and current cases in the Crypto space. HAAS Online https://www.haasonline.com/ 4.5 Billion of Stolen Crypto https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency Open Seas Social Engineeri…
…
continue reading
1
Lockpicking, Covert Entry, & TOOOL w/ Deviant Ollam
45:55
45:55
Play later
Play later
Lists
Like
Liked
45:55
Today we have Covert Entry expert Deviant Ollam to talk about physical security, how he got into the industry, his stories from in the field as a Red Teamer, and how he is looking to change a phrase that many have adopted in the industry. https://deviating.net/ YouTube: https://www.youtube.com/user/DeviantOllam Twitter: https://twitter.com/devianto…
…
continue reading
Hello and welcome back! It's been a bit of a hiatus for us here at Security Explained, but we're BACK in action and kicking things off with a casual conversation with our good friend Samy Kamkar. Samy has been a staple in the infosec community for years and even has a worm named after him (the Samy Worm!). He's got a list of wild projects longer th…
…
continue reading
We're currently on an extended break between seasons 3 and 4 but LO AND BEHOLD the Internet has given us an early Christmas (non)gift . Log4j has been all over the news recently as one of the most impactful vulnerabilities disclosed in recent memory. From AWS to GCP, Cloudflare to DigitalOcean, the Log4shell vulnerability is forcing all manners of …
…
continue reading
1
Security Research v I - IPv666, Ubuntu Phones, and OpenBTS OH MY!
59:02
59:02
Play later
Play later
Lists
Like
Liked
59:02
In this final episode of our third season we take the time to chat about a topic near and dear to our hearts - security research! We each picked one of our favorite projects to discuss, ranging from enumerating IPv6 addresses on the Internet to hacking the fledgling Ubuntu mobile phone to Drew's mischievous habits spinning up his own cellular base …
…
continue reading
With the spectacular new Dune movie just having been released, it's only appropriate to talk about one of the most devious of Internet malware denizens - worms!! While certainly technologically interesting, worms are some of the most destructive instances of malware to ever be created. What's more is that these days, worming technology is so ubiqui…
…
continue reading
1
Twitch Hack, Facebook Outage, Epik Hack Part Deux, and Pandora Papers!
54:08
54:08
Play later
Play later
Lists
Like
Liked
54:08
We weren't planning on it, but too much happened since our last episode to not do another security in the news episode! We'll be covering the Twitch hack, Facebook global outage, another Epik hack release from Anonymous, and the Pandora Papers.By Chris Grayson, Drew Porter, Logan Lamb
…
continue reading
1
Apple 0-days and EpikFail - Security in the News
56:23
56:23
Play later
Play later
Lists
Like
Liked
56:23
The news has been ripe with some pretty wild security stories recently, and in this episode we dive into the nitty gritty on the two that we found most interesting. Specifically, we're talking about the multiple Apple zero days which have been released and the controversy around them as well as the Epik hack named Epik Fail. Join us!…
…
continue reading
In this episode we dive into the details of recent (ie: the last 5 years) security trends, where things stand currently, and where those trends are likely to continue. From application security, to corporate security, to infrastructure security, to physical security, the last half a decade has seen some serious changes with respect to how secure mo…
…
continue reading
If you've been keeping up on security news recently you've likely heard of the Pegasus spyware and its authors, the Israeli firm NSO Group. While Pegasus is an impressive piece of software, the capabilities it brings to the table are nothing new (nor are the ethical and moral implications of government surveillance programs). Join us as we sit down…
…
continue reading
1
Social Engineering w/ Kevin Mitnick
1:02:31
1:02:31
Play later
Play later
Lists
Like
Liked
1:02:31
Today we have special guest Kevin Mitnick. The most wanted hacker in the world now helps secure businesses worldwide. We cover the topic of social engineering as Kevin talks about his real-world exploits, he performed on some of the largest companies in the world. Join us on our lighthearted conversations on social engineering with one of the great…
…
continue reading
1
Hacker Culture v. II - Security Conferences
56:43
56:43
Play later
Play later
Lists
Like
Liked
56:43
With DEFCON about to start, we wanted to give folks a peek inside of what one should expect during a hacking conference as well as list some of our favorite conferences. From everyday tips and tricks for surviving the con to how to make the most of it, join us as we talk about hacker summer camp and more.…
…
continue reading
Just because you’re paranoid doesn’t mean they aren’t after you. Government spying on citizens is so common place that folks are not even surprised by it any more. While US citizens are often not surprised, they are unaware of the particular details. So, sit back and relax while we walk you through some of the history of government spying on its ci…
…
continue reading
From the Colonial Pipeline to the NYC MTA, from the city of Atlanta to CD Projekt, ransomware is doing its dirty deeds across numerous sectors and industries and causing real harm to individuals and businesses. Initially more of a novelty that some creative criminals came up with, ransomware has grown into a massive criminal enterprise with signifi…
…
continue reading
It’s one of the more controversial topics within the information security realm - vulnerability research. It’s the practice of pulling software and services apart and finding how they were put together incorrectly. What you do with that research, whether it be submitting to a bug bounty, responsibly disclosing, or selling the information on an expl…
…
continue reading
Whether you're on the enterprise side looking to hire some short-term expertise, or on the consulting side looking to cut your teeth and learn some security chops, security consulting is an industry that receives a bit of well-deserved attention. That doesn't come without its drawbacks, though, and in this episode we discuss at length the pros and …
…
continue reading
It's a question we get all the time - "what can I do to be more secure?" It's also a question that there's not a great concise answer to. That being said, we did our best to boil down the hottest tips that we have for keeping your personal things and data secure. From password managers to multi-factor authentication, from browser plugins to downloa…
…
continue reading
Securing your small business may seem like an impossible task or something you do not have to worry about right now. Unfortunately, it is something every small business has to worry about in todays world. In this episode we talk about how non-technical small business owners can improve their security around their business without breaking the bank,…
…
continue reading
Is your refrigerator running? If so, perhaps it's participating in a DDOS attack. This is the reality of the world we live in. There's a computer in just about everything, and in many cases those computers are compromised are part of a botnet. In this episode we sit down with our friend and industry expert Yacin Nadji and hear from him on what botn…
…
continue reading
Hacker culture is one of those terms that means different things to just about every member of the security community, and in this episode we do what we can to describe what it means to us. From our experience in industry, to our participation in conferences and security research, to our open source projects and the ridiculous depictions of “hacker…
…
continue reading
It's the year 2021 and just about every common household good can be purchased with a computer in it. From your refrigerator to your toaster to your television to your water bottle, it seems that there is no end in sight for just how many "helpful" things computers can do for your home and life. We're here to challenge that assumption and hopefully…
…
continue reading
In today's episode we have our first installment of Righteous Hacks, a discussion of some of the coolest, most impactful, or funny hacks seen in the world. From State sponsored to lone researcher, we break down a few of the most righteous hacks.By Chris Grayson, Drew Porter, Logan Lamb
…
continue reading
In this week’s episode we’ll be discussing a burgeoning new asset class, cryptocurrencies. "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks." This is the message which is embedded in the genesis block of Bitcoin, the most valuable cryptocurrency in the world. In just under twelve years, Bitcoin has gone from nothing to a $345 …
…
continue reading
In this episode of Security Explained we cover one of our favorite hacking targets, cars! We cover the myths and realities of car hacking with special guest Craig Smith, a leader in the car hacking community and the man who literally wrote the book on car hacking. Some of the topics we cover include the DEFCON car hacking village, right to repair l…
…
continue reading
Throughout our careers in the security industry it’s not uncommon that we’re asked “how can I get started in security?” It’s also one of the questions we like to answer most, as we love for others to be able to learn from our mistakes (of which we have made plenty). In this episode we talk about reasons to consider or avoid the industry, our person…
…
continue reading
When we're considering the security properties of something, whether it's a building, an app, an API, a network, or really anything else, there is a core set of concepts that we lean on to inform our evaluation. These core concepts provide a foundation to reason about whether the security provided by the entity in question is sufficient and, in the…
…
continue reading
It's the year 2020 and if you're anything like us, you may feel that there's no such thing as objective truth anymore. The tirade of untrue statements, propaganda, and conspiracy theories is enough to make even the most resilient people wary of their own minds and experiences. We are all collectively being gaslit through both misinformation and tar…
…
continue reading
Have you ever seen one of those ADT stickers on the window of someone's home and wondered if they actually have a home security system? Does having a sticker alone offer much security for your home? What is the best way to keep your home and its contents safe from intruders? Join us in this week's episode as we cover home security systems, how they…
…
continue reading
The Department of Justice has recently released a new memo entitled "International Statement: End-To-End Encryption and Public Safety," and while it says a lot about helping trafficked kids and combating other crime, the memo outlines proposals that will do nothing of the sort. In this episode we discuss the content of this memo and the eerily simi…
…
continue reading
Did you know that there's a Nigerian prince that just so happens to know you and needs you to help them transfer some money into your country? How about you download and share this FREE Starbucks gift card that your company's benefits program has enrolled in? Do you need to update Adobe Flash? If you've ever seen an email informing you of anything …
…
continue reading
With 20 days left until election day, the security of America's upcoming presidential election is something on a lot of peoples' minds. What can you do to ensure that your vote gets counted? What should you be concerned about and what isn't such a big deal? How are elections hacked and how can we protect them? We've got some stories and information…
…
continue reading
Passwords are like opinions - everyone's got them. The bad news is that it's likely the bad guys have your password(s) too! In this episode we cover the basics of passwords, why they're so ubiquitous, where they fail from a security standpoint, and how you can protect your accounts from getting hacked even when someone else steals your password.…
…
continue reading
There's a lot of FUD (fear, uncertainty, and doubt) when it comes to stories of governments being able to hack into everything, corporations listening to your every move, and radio waves causing disease. Join us for the first installment in our conversations on conspiracy theories, where we'll help debunk (or potentially lend credence to) a number …
…
continue reading
In this episode we cover the ins and outs of virtual private networks (VPNs) and how they can affect your security and privacy. Have you heard that VPNs will make you unhackable? That they'll make you untraceable? We've heard all that too, so let's talk about what they'll actually do for you. Featuring Chris Grayson, Drew Porter, and Logan Lamb.…
…
continue reading