Intro
Welcome back! This is episode 35 of The Insider Threat podcast, for the week of March 12th, 2018.
This has been a pretty tough couple of weeks. My graphics card went out on my main desktop that I use for the podcast, so I have to get that fixed. That won't stop us though.. the show must go on! That said, this episode will be just a little bit shorter than usual but we are talking about something that I've been wanting to delve into for a while.
I don't really have any more announcements for this episode so...
Infosec Trivia Question
It's time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!
The question last episode was "Kristoffer von Hassel became famous in 2014 be becoming the youngest ever officially recognized hacker and security researcher. How old was he and what did he hack?"
The answer was "that he was 5 years old and he found a way to hack into his XBox Live account".
Kristoffer wanted to get around the parental controls that his father set on his gaming console, so he tried different combinations of inputs until he was able to get around the lock. He discovered that he was able to put in an incorrect password, then enter five spaces on the next screen to get inside.
Congratulations to Tahlia from Staten Island, Alisha from Wichita, Wade from Indianapolis, John from Kentmere, Gary from Prescott, and Christian from Newtown for getting the correct answer.
Here's your question for this episode: "Roman Seleznev became famous not only for his exploits, but also for getting the longest prison sentence ever in the United States for hacking. How many years did this Russian face in prison?"
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Marlboro Blend".
Discussion Topic for the Episode
This episode’s discussion topic is unlikely insiders
People
Janitorial Staff: how much access do we give them in our organizations, sometimes none, but they handle our garbage, clean our office spaces, and witness everything we do
Security guards: like the cleaning crew, often a third party contract
Technology
Smart TVs (mos common IoT device in organizations, public exploits for turning them into surveillance devices) [https://www.technobuffalo.com/2017/03/07/wikileaks-cia-can-turn-your-smart-tv-into-a-surveillance-device/]
Home automation (echo, google home, apple) always listening
Personal activity or health trackers (strava's fitness tracker) [https://www.theverge.com/2018/1/28/16942626/strava-fitness-tracker-heat-map-military-base-internet-of-things-geolocation]
News
23,000 HTTPS certificates axed after CEO emails private keys
Trustico, a digital certificate reseller asked Digicert, one of their certificate providers to revoke over 20 thousand certificates, claiming that they were compromised
Digicert responded, saying they required proof that the certificates were compromised before they would revoke them
Trustico CEO emailed private keys for 23 thousand certs to Digicert, so they had no choice but to revoke the certificates
Interesting move by Trustico, unsure what the motive was
Trustico shouldn't have even been storing the private keys, since they were just a reseller
Listener Feeback
Review from KenEggs
This is not a platform for some vendor to sell you the solution to Insider Threart (InT). Just as Steve has mentioned, he is not selling anything. This podcast supports the community of InT with great information pulled from a number of good sources. Steve thanks for taking the time to pull together InT related information. Keep Up the good work. I like hearing your podcasts, and consider tech-guests in the InT domain's or CISO's or CEO's to communicate relevent to the community.
Closing Thought
Our closing thought for this episode comes from Sam Ewing. He said, “Hard work spotlights the character of people: some turn up their sleeves, some turn up their noses, and some don’t turn up at all.”
Outro
Thank you for listening to episode 35 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we've covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.
Thanks again and I'll see you folks next time!
Contact information:
Call in number: (443) 292-2287
Email - steve@theinsiderthreatpodcast.com
Blog - http://www.stephenhigdon.com
Twitter - https://twitter.com/stevehigdon
LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/
Comentarios