Intro
Welcome back! This is episode 36 of The Insider Threat podcast, for the week of April 2nd, 2018.
Happy Easter for those who observe it
Very happy to be back from our family vacation that kept me from doing an episode last week
Infosec Trivia Question
It's time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!
The question last episode was "Roman Seleznev became famous not only for his exploits, but also for getting the longest prison sentence ever in the United States for hacking. How many years did this Russian face in prison?"
The answer was "27".
Roman got jailed for stealing, selling, and setting up online shops for credit card numbers between 2003 and 2012. Fun fact - he also survived a terrorist attack while on vacation in Morroco in 2011.
Congratulations to Edward from British Columbia, Mario from Toronto, and Hunter from Sait Paul for getting the correct answer.
Here's your question for this episode: "Steve Wozniak, a co-founder of Apple, went back to school at UC Berkely and graduated with his engineering degree in 1986, barely anyone recognized him. That's because his diploma had a different name listed. What was the name he used when he finished his studies?"
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Italian Superman".
Discussion Topic for the Episode
This episode’s discussion topic is Odd Tips for Personal Internet Safety
Email aliases (throwaway accounts)
If you own your own domain, you can usually set up something like 100 email aliases
Create "burner" or throwaway accounts for sites you don't yet trust
Segment your different online accounts so compromise of one doesn't mean all are vulnerable
If one gets popped, just delete it and create another
Keeps your real email address as private as possible
Check HaveIBeenPwned.com and set up alerts
Check all your email accounts
Some entries will have passwords in plain text
Use WHOIS records
Whenever you get an email that you aren't sure that you should trust, you can look up the email's domain record to see who it is registered to
Send scam emails to rescam.org
Very interesting service that will actually communicate with the scammers and waste their time (revenge)
Rename administrator accounts and don't use them for normal use
Common practice for enterprises, but this should also be done at home.
Canary Tokens (canarytokens.org)
Create little canaries (like in coal mines) out of word documents, pdfs, windows folders, and more
Use password managers
There are a ton out out there. I recommend LastPass
Helps you to create multiple strong passwords or passphrases and not have to remember them
News
Atlanta ransomware attack
New Georgia law mandates 1 year jail time for any "unauthorized computer access" http://www.legis.ga.gov/Legislation/en-US/display/20172018/SB/315
Initial versions of the bill were very vague and could even be applied for users in organizations that went against authorized use policy, much less security researchers and penetration testers
My Fitness Pal (owned by Under Armor) breached, 150m accounts
Usernames, email addresses, and hashed passwords
Closing Thought
Our closing thought for this episode comes from American comedian Elayne Boosler. She said, "I am thankful the most important key in history was invented. It's not the key to your house, your car, your boat, your safety deposit box, your bike lock or your private community. It's the key to order, sanity, and peace of mind. The key is 'Delete.'"
Outro
Thank you for listening to episode 36 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we've covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.
Thanks again and I'll see you folks next time!
Contact information:
Call in number: (443) 292-2287
Email - steve@theinsiderthreatpodcast.com
Blog - http://www.stephenhigdon.com
Twitter - https://twitter.com/stevehigdon
LinkedIn - https://www.linkedin.com/in/stevehig
Comentarios