Go offline with the Player FM app!
PVCSec 74: Eye of the Champions
Archived series ("Inactive feed" status)
When? This feed was archived on April 07, 2020 16:30 (). Last successful fetch was on August 20, 2019 01:36 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 155887624 series 1055659
On this episode of PVCSec, Ed & Paul talk why we make security difficult, attack attribution, mobile access, Tactical Edge, and more!
Dear Friends,
Welcome to episode 74 of the PVC Security Podcast. This week, Paul duets with the Silver Fox himself, Ed Rojas. The rest of the cast are off on adventures, we presume.
Show Notes
Making InfoSec Hard
https://www.troyhunt.com/security-insanity-how-we-keep-failing-at-the-basics/
Password complexity rules still suck (for your own good, allegedly)
Sites are still breaking password managers (making it hard for people to do good)
HTTPS remains hard (except it’s not)
Crazy password advice (and censoring critics)
Security is often mixed, crazy messaging (and uncoordinated, too)
Because security is just pointless (not really)
Paul’s story: A large international corporation I know does the typical phishing testing in their organization. Quarter after quarter the number of employees who were tricked into clicking on the testing email links fell, showing the program was working.
All of a sudden the number shoots up. No one can explain it, but the numbers start dropping again.
Then it shoots back up again.
Baffled, the security VP sent the team to interview the employees who clicked on the fake email links. All reported back the same thing: there were mass emails sent to employees from HR and benefits outsourcers right before the phishing emails went out. The outsourcers’ used their own URLs, not the corporation’s URLs, in their emails.
Oh, and the phishing emails looked MORE professional than the legitimate ones.
Does Attack Attribution Matter?
Paul’s take: NO! Unless you’re a security researcher, it’s not actionable data!
Wifi on the Road
http://www.darkreading.com/endpoint/staying-cyber-safe-at-the-olympics/d/d-id/1326278
https://heimdalsecurity.com/blog/cyber-security-travelers/
http://www.welivesecurity.com/2016/07/14/comic-con-travel-safety-privacy-guide/
http://www.welivesecurity.com/2016/07/07/types-vpn-networks-work-know-kind-use/
Songs:
Eye of the Tiger by Survivor
We are the Champions by Queen
94 episodes
Archived series ("Inactive feed" status)
When? This feed was archived on April 07, 2020 16:30 (). Last successful fetch was on August 20, 2019 01:36 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 155887624 series 1055659
On this episode of PVCSec, Ed & Paul talk why we make security difficult, attack attribution, mobile access, Tactical Edge, and more!
Dear Friends,
Welcome to episode 74 of the PVC Security Podcast. This week, Paul duets with the Silver Fox himself, Ed Rojas. The rest of the cast are off on adventures, we presume.
Show Notes
Making InfoSec Hard
https://www.troyhunt.com/security-insanity-how-we-keep-failing-at-the-basics/
Password complexity rules still suck (for your own good, allegedly)
Sites are still breaking password managers (making it hard for people to do good)
HTTPS remains hard (except it’s not)
Crazy password advice (and censoring critics)
Security is often mixed, crazy messaging (and uncoordinated, too)
Because security is just pointless (not really)
Paul’s story: A large international corporation I know does the typical phishing testing in their organization. Quarter after quarter the number of employees who were tricked into clicking on the testing email links fell, showing the program was working.
All of a sudden the number shoots up. No one can explain it, but the numbers start dropping again.
Then it shoots back up again.
Baffled, the security VP sent the team to interview the employees who clicked on the fake email links. All reported back the same thing: there were mass emails sent to employees from HR and benefits outsourcers right before the phishing emails went out. The outsourcers’ used their own URLs, not the corporation’s URLs, in their emails.
Oh, and the phishing emails looked MORE professional than the legitimate ones.
Does Attack Attribution Matter?
Paul’s take: NO! Unless you’re a security researcher, it’s not actionable data!
Wifi on the Road
http://www.darkreading.com/endpoint/staying-cyber-safe-at-the-olympics/d/d-id/1326278
https://heimdalsecurity.com/blog/cyber-security-travelers/
http://www.welivesecurity.com/2016/07/14/comic-con-travel-safety-privacy-guide/
http://www.welivesecurity.com/2016/07/07/types-vpn-networks-work-know-kind-use/
Songs:
Eye of the Tiger by Survivor
We are the Champions by Queen
94 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.