PVCSec 74: Eye of the Champions

PVC Security

Content provided by PVC Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by PVC Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

7+ y ago

MP3•Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on April 07, 2020 16:30 (4y ago). Last successful fetch was on August 20, 2019 01:36 (4+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

On this episode of PVCSec, Ed & Paul talk why we make security difficult, attack attribution, mobile access, Tactical Edge, and more!

Dear Friends,

Welcome to episode 74 of the PVC Security Podcast. This week, Paul duets with the Silver Fox himself, Ed Rojas. The rest of the cast are off on adventures, we presume.

Show Notes

Making InfoSec Hard

https://www.troyhunt.com/security-insanity-how-we-keep-failing-at-the-basics/

Password complexity rules still suck (for your own good, allegedly)
Sites are still breaking password managers (making it hard for people to do good)
HTTPS remains hard (except it’s not)
Crazy password advice (and censoring critics)
Security is often mixed, crazy messaging (and uncoordinated, too)
Because security is just pointless (not really)

Paul’s story: A large international corporation I know does the typical phishing testing in their organization. Quarter after quarter the number of employees who were tricked into clicking on the testing email links fell, showing the program was working.

All of a sudden the number shoots up. No one can explain it, but the numbers start dropping again.

Then it shoots back up again.

Baffled, the security VP sent the team to interview the employees who clicked on the fake email links. All reported back the same thing: there were mass emails sent to employees from HR and benefits outsourcers right before the phishing emails went out. The outsourcers’ used their own URLs, not the corporation’s URLs, in their emails.

Oh, and the phishing emails looked MORE professional than the legitimate ones.

Does Attack Attribution Matter?

http://www.darkreading.com/threat-intelligence/the-attribution-question-does-it-matter-who-attacked-you/d/d-id/1326103

http://www.darkreading.com/analytics/improving-attribution-and-malware-identification-with-machine-learning/d/d-id/1326321

http://www.tripwire.com/state-of-security/security-awareness/events/how-to-rob-a-bank-or-the-swift-and-easy-way-to-grow-your-online-savings/

Paul’s take: NO! Unless you’re a security researcher, it’s not actionable data!

Wifi on the Road

http://www.zdnet.com/article/free-wi-fi-connections-put-business-travellers-at-risk-kaspersky/#ftag=RSSbaffb68

http://www.tripwire.com/state-of-security/security-awareness/finding-using-and-staying-safe-on-public-free-wi-fi/

http://www.darkreading.com/endpoint/5-tips-for-staying-cyber-secure-on-your-summer-vacation/d/d-id/1325930

http://www.darkreading.com/endpoint/staying-cyber-safe-at-the-olympics/d/d-id/1326278

https://heimdalsecurity.com/blog/cyber-security-travelers/

http://www.welivesecurity.com/2016/07/14/comic-con-travel-safety-privacy-guide/

http://www.welivesecurity.com/2016/07/07/types-vpn-networks-work-know-kind-use/

Songs:

Eye of the Tiger by Survivor

We are the Champions by Queen

94 episodes

#Security #Tech #Software Development #Dear Friend