Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Content provided by SiteLock, Jessica Ortega, Ram Gall, Topher Tebow, Jessica Ortega, Ram Gall, and Topher Tebow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by SiteLock, Jessica Ortega, Ram Gall, Topher Tebow, Jessica Ortega, Ram Gall, and Topher Tebow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Decoding Security
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A free-ranging set of discussions on matters of interest to people involved in user experience design, website design, and usability in general.
…
continue reading
A podcast about tech and society, hosted by Ben Thompson and James Allworth
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
The Fragmented Podcast is a podcast for Android Developers hosted by Donn Felker and Kaushik Gopal. Our goal is to help you become a better Android Developer. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
The podcast about Python and the people who make it great
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Equihax
Archived series ("Inactive feed" status)
When?
This feed was archived on March 18, 2021 00:10 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 188441674 series 1591306
Content provided by SiteLock, Jessica Ortega, Ram Gall, Topher Tebow, Jessica Ortega, Ram Gall, and Topher Tebow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by SiteLock, Jessica Ortega, Ram Gall, Topher Tebow, Jessica Ortega, Ram Gall, and Topher Tebow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Surviving a Data Breach
…
continue reading
Equihax
In A Few Words
The Internet is still the Wild West, and that hasn’t been more apparent than it is right now, in the wake of the Equifax breach. You never know how safe you really are online, even with some of our most trusted companies. Yet, even with all the Internet outlaws, weaknesses, and chaos, there are things we can do to protect ourselves, and even some unexpected heroes.
Unexpected Heroes
Teen Vogue, typically known as a teen gossip magazine, has recently made a habit of breaking out of their typical topics, and included several articles about the InfoSec industry. One of the most recent articles was an interview with Amanda Rousseau, a.k.a. Malware Unicorn, on her experience as a female hacker.
Recent InfoSec articles in Teen Vogue: http://www.teenvogue.com/story/what-being-a-female-hacker-is-really-like - What Being a Female Hacker is Really Like - August 26, 2017
http://www.teenvogue.com/story/ransomware-everything-you-should-know - Ransomware: Everything You Need to Know - May 16, 2017
http://www.teenvogue.com/story/why-two-factor-authentication-is-important - Why Two-Factor Authentication Is So Important - March 27, 2017
Equihax
One of the largest data leaks in the history of the internet was announced earlier this month. The private data of millions of people was compromised when Equifax servers were breached, as originally reported by CNBC.
Proper handling of incident response
There has been a lot of discussion about proper incident response, and whether Equifax is following acceptable procedures. An article on Krebs on Security even went so far as to call their response a “dumpster fire.”
Equifax has put up a dedicated website to determine if you’re impacted, however, some people are reporting random results, or different results for the same information, depending on the browser being used, mobile vs. desktop, etc.
Equifax is offering free credit monitoring and identity theft protection. Initially their terms of service included a clause that waived right to sue them, but that clause has since been removed.
Several top executives at Equifax sold millions in stock during the time between discovering the breach and disclosing it. While the legality of this may not have been fully determined yet, it has certainly created a lot of backlash in forums and social media.
This breach is allowing monitoring companies to capitalize on fear, by selling credit monitoring and lock services to victims of the breach.
https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/
Apache Struts
The March Apache Struts vulnerability was speculated to be the cause of the breach, but this was not confirmed until September 13th, 2017. Equifax confirmed that it was the March vulnerability that was exploited on the website the setup for information regarding the data breach, https://www.equifaxsecurity2017.com/.
The Apache Struts vulnerability, CVE-2017-5638, was patched on March 6, 2017, which means that Equifax had approximately six weeks to update their servers before the breach occurred. They reported that the data leak occurred over a period of time, from mid-May through June. What has yet to be announced is if Equifax was in the process of updating their servers to patch the vulnerability, or if they were simply left unpatched with no update plan in place. Patching the Apache Struts vulnerability is labor intensive, and difficult, requiring a migration and rebuild of all apps that used the old version.
Related article: https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/
Layered security
It is always a good idea to assume breach, and have multiple layers of security in place, so that one web app vulnerability is not what stands between a bad actor and sensitive data. There are some steps that we can all take to help protect against this type of data breach.
Any time you have sensitive data, it is a good idea to have a firewall in place. With a properly configured firewall, you are making it much more difficult for bad actors to get to your data, and will even have the opportunity to track when breaches are attempted, along with data about the attempt.
Network and log monitoring can help you identify breaches. By monitoring your network traffic and server logs, you can see where visitors are coming from, the type of user agent they are using, what they are attempting to do within your network, and a number of other statistics that can help you identify malicious access. You can also set up alerts when certain types of activity occur.
Air gapping sensitive data and networks is a crucial part of protecting sensitive information and systems. It should not be possible to directly access certain information from outside the local network. A level of separation from the Internet should be required for data like social security numbers, credit card numbers, etc.
Consumer Protection: What To Do Now
This breach impacted as many as 143 million consumers in the United States, and another 44 million in the UK, with the numbers for Canada yet to be released. Even if you were not directly affected by the breach, you likely know someone who was. For those of us who were affected, all hope is not lost. There are some steps you can take to protect yourself in the wake of this event.
- Go to https://www.equifaxsecurity2017.com to see if you were impacted.
- Consider freezing your credit.
- Keep in mind that the information needed to unfreeze your credit is also the information that was breached, but along with a PIN that is assigned. Once you have your credit frozen, you should immediately change your PIN.
- Check existing accounts, and your free annual credit reports, for abnormalities.
- Consider a third party, non-credit score company, solution for credit monitoring.
- Update bank account passwords, and remember to not reuse passwords.
- Watch for phishing. Some of the data that was accessed can be used by a bad actor to convince consumers that they are a collection agency, credit card company, or other creditor trying to collect any debts you may have.
Related infographic: https://sc.cnbcfm.com/applications/cnbc.com/resources/files/2017/06/08/dataBreach_v06.jpg
Decoding Security is hosted by Jessica Ortega and Michael Veenstra, and produced by Topher Tebow for Sitelock.
Music: "Upbeat Forever" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/
SiteLock is the leader in Business Website Security Services.
Copyright © SiteLock 2017
29 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on March 18, 2021 00:10 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 188441674 series 1591306
Content provided by SiteLock, Jessica Ortega, Ram Gall, Topher Tebow, Jessica Ortega, Ram Gall, and Topher Tebow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by SiteLock, Jessica Ortega, Ram Gall, Topher Tebow, Jessica Ortega, Ram Gall, and Topher Tebow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Surviving a Data Breach
…
continue reading
Equihax
In A Few Words
The Internet is still the Wild West, and that hasn’t been more apparent than it is right now, in the wake of the Equifax breach. You never know how safe you really are online, even with some of our most trusted companies. Yet, even with all the Internet outlaws, weaknesses, and chaos, there are things we can do to protect ourselves, and even some unexpected heroes.
Unexpected Heroes
Teen Vogue, typically known as a teen gossip magazine, has recently made a habit of breaking out of their typical topics, and included several articles about the InfoSec industry. One of the most recent articles was an interview with Amanda Rousseau, a.k.a. Malware Unicorn, on her experience as a female hacker.
Recent InfoSec articles in Teen Vogue: http://www.teenvogue.com/story/what-being-a-female-hacker-is-really-like - What Being a Female Hacker is Really Like - August 26, 2017
http://www.teenvogue.com/story/ransomware-everything-you-should-know - Ransomware: Everything You Need to Know - May 16, 2017
http://www.teenvogue.com/story/why-two-factor-authentication-is-important - Why Two-Factor Authentication Is So Important - March 27, 2017
Equihax
One of the largest data leaks in the history of the internet was announced earlier this month. The private data of millions of people was compromised when Equifax servers were breached, as originally reported by CNBC.
Proper handling of incident response
There has been a lot of discussion about proper incident response, and whether Equifax is following acceptable procedures. An article on Krebs on Security even went so far as to call their response a “dumpster fire.”
Equifax has put up a dedicated website to determine if you’re impacted, however, some people are reporting random results, or different results for the same information, depending on the browser being used, mobile vs. desktop, etc.
Equifax is offering free credit monitoring and identity theft protection. Initially their terms of service included a clause that waived right to sue them, but that clause has since been removed.
Several top executives at Equifax sold millions in stock during the time between discovering the breach and disclosing it. While the legality of this may not have been fully determined yet, it has certainly created a lot of backlash in forums and social media.
This breach is allowing monitoring companies to capitalize on fear, by selling credit monitoring and lock services to victims of the breach.
https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/
Apache Struts
The March Apache Struts vulnerability was speculated to be the cause of the breach, but this was not confirmed until September 13th, 2017. Equifax confirmed that it was the March vulnerability that was exploited on the website the setup for information regarding the data breach, https://www.equifaxsecurity2017.com/.
The Apache Struts vulnerability, CVE-2017-5638, was patched on March 6, 2017, which means that Equifax had approximately six weeks to update their servers before the breach occurred. They reported that the data leak occurred over a period of time, from mid-May through June. What has yet to be announced is if Equifax was in the process of updating their servers to patch the vulnerability, or if they were simply left unpatched with no update plan in place. Patching the Apache Struts vulnerability is labor intensive, and difficult, requiring a migration and rebuild of all apps that used the old version.
Related article: https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/
Layered security
It is always a good idea to assume breach, and have multiple layers of security in place, so that one web app vulnerability is not what stands between a bad actor and sensitive data. There are some steps that we can all take to help protect against this type of data breach.
Any time you have sensitive data, it is a good idea to have a firewall in place. With a properly configured firewall, you are making it much more difficult for bad actors to get to your data, and will even have the opportunity to track when breaches are attempted, along with data about the attempt.
Network and log monitoring can help you identify breaches. By monitoring your network traffic and server logs, you can see where visitors are coming from, the type of user agent they are using, what they are attempting to do within your network, and a number of other statistics that can help you identify malicious access. You can also set up alerts when certain types of activity occur.
Air gapping sensitive data and networks is a crucial part of protecting sensitive information and systems. It should not be possible to directly access certain information from outside the local network. A level of separation from the Internet should be required for data like social security numbers, credit card numbers, etc.
Consumer Protection: What To Do Now
This breach impacted as many as 143 million consumers in the United States, and another 44 million in the UK, with the numbers for Canada yet to be released. Even if you were not directly affected by the breach, you likely know someone who was. For those of us who were affected, all hope is not lost. There are some steps you can take to protect yourself in the wake of this event.
- Go to https://www.equifaxsecurity2017.com to see if you were impacted.
- Consider freezing your credit.
- Keep in mind that the information needed to unfreeze your credit is also the information that was breached, but along with a PIN that is assigned. Once you have your credit frozen, you should immediately change your PIN.
- Check existing accounts, and your free annual credit reports, for abnormalities.
- Consider a third party, non-credit score company, solution for credit monitoring.
- Update bank account passwords, and remember to not reuse passwords.
- Watch for phishing. Some of the data that was accessed can be used by a bad actor to convince consumers that they are a collection agency, credit card company, or other creditor trying to collect any debts you may have.
Related infographic: https://sc.cnbcfm.com/applications/cnbc.com/resources/files/2017/06/08/dataBreach_v06.jpg
Decoding Security is hosted by Jessica Ortega and Michael Veenstra, and produced by Topher Tebow for Sitelock.
Music: "Upbeat Forever" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/
SiteLock is the leader in Business Website Security Services.
Copyright © SiteLock 2017
29 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Decoding Security
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A free-ranging set of discussions on matters of interest to people involved in user experience design, website design, and usability in general.
…
continue reading
A podcast about tech and society, hosted by Ben Thompson and James Allworth
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
The Fragmented Podcast is a podcast for Android Developers hosted by Donn Felker and Kaushik Gopal. Our goal is to help you become a better Android Developer. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
The podcast about Python and the people who make it great
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
