1

00:00:00,40 --> 00:00:06,879

hi and welcome to another edition of the
inside out security show i'm sending a
2
00:00:06,879 --> 00:00:11,620
writer for Verona TSA's inside out
security blog and as always I'm joined
3
00:00:11,620 --> 00:00:17,740
by security experts my puppy and Killian
engler hey Killian this end it is going
4
00:00:17,740 --> 00:00:18,880
good
5
00:00:18,880 --> 00:00:26,740
hey Mike hey sandy its Mike so i have a
question Killian and Mike so if there's
6
00:00:26,740 --> 00:00:29,259
something strange in your neighborhood
7
00:00:29,260 --> 00:00:35,440
who should we call for one they'll come
and like pick up trash or like random
8
00:00:35,440 --> 00:00:37,989
cats that have like gotten around the
place
9
00:00:37,990 --> 00:00:43,120
so well what if something's really weird
and it doesn't look good
10
00:00:43,780 --> 00:00:48,100
who should i who else should we call on
niantic they're in charge of pokemon go
11
00:00:48,100 --> 00:00:52,720
the long way home and you can get any of
the pokemons and wandered and the kids
12
00:00:52,720 --> 00:00:59,440
didn't get you're not good at playing my
game I don't like you you're asking
13
00:00:59,440 --> 00:01:01,690

questions i'm giving you honest answers

14
00:01:01,690 --> 00:01:05,530
so I'm lucky I'm looking for the
ghostbusters
15
00:01:05,530 --> 00:01:10,840
Oh or does anyone know the theme song to
the Ghostbusters because today we're
16
00:01:10,840 --> 00:01:16,30
going to be talking about how interest
that people are like the Ghostbusters
17
00:01:16,30 --> 00:01:20,140
they're like there and i kind of root
like to refer to them as the threat
18
00:01:20,140 --> 00:01:30,760
busters to do do do do do some people
also Thank You Lewis and the news on so
19
00:01:30,760 --> 00:01:33,610
I I want a new drug
20
00:01:33,610 --> 00:01:38,110
yeah there was a couple lawsuits about
that I like that
21
00:01:38,830 --> 00:01:47,140
humming sound because if if you look on
youtube for the original Ghostbuster a
22
00:01:47,140 --> 00:01:48,580
theme song
23
00:01:48,580 --> 00:01:55,390
there are over fifty six million views
on YouTube for the original Ghostbusters
24
00:01:55,390 --> 00:01:56,229
theme song
25
00:01:56,229 --> 00:02:00,610
so you know I think after our video goes
live
26

00:02:01,299 --> 00:02:06,70

we're going to get 56 million views just
because Killian hum that tune
27
00:02:07,90 --> 00:02:10,410
you're not gonna get slapped with a
lawsuit yeah that was my thought
28
00:02:10,410 --> 00:02:15,480
that they will do the form comparison
signature thing and be like this killing
29
00:02:15,480 --> 00:02:15,899
guy
30
00:02:15,900 --> 00:02:22,230
not him again the homing well all I have
to say is at least we'll have more than
31
00:02:22,230 --> 00:02:27,959
just one viewer which is probably like
my retired tiger mom and she's hard of
32
00:02:27,960 --> 00:02:36,570
hearing and she only has half a viewer
and so I don't talk about your mother
33
00:02:36,570 --> 00:02:39,570
always ND she raised you
34
00:02:39,570 --> 00:02:42,870
she loves you I now I love my mom
35
00:02:43,590 --> 00:02:54,420
I'm too old to be talking about my
parents in that way maybe i'll still be
36
00:02:54,420 --> 00:03:02,70
90 and talk about my parents like
everyone else and so okay so back back
37
00:03:02,70 --> 00:03:03,209
to threat busters
38
00:03:03,210 --> 00:03:06,360
so if there's something strange on the
network who should we call

39
00:03:07,110 --> 00:03:10,590
I the the security team
40
00:03:10,590 --> 00:03:13,680
yes the threat busters
41
00:03:13,680 --> 00:03:18,690
so when i watch the movie at this
weekend
42
00:03:18,690 --> 00:03:24,480
I just reminded me a lot of why infosec
people are like the Ghostbusters so
43
00:03:24,480 --> 00:03:29,940
first I notice that they're super geeky
and nerdy they were in the school
44
00:03:29,940 --> 00:03:34,470
basement trying to figure out if ghosts
really exists and crew they have all
45
00:03:34,470 --> 00:03:41,790
sorts of cool technology just that they
they're working on and they're in the
46
00:03:41,790 --> 00:03:48,780
basement working really hard and infect
people are kind of the same and somewhat
47
00:03:48,780 --> 00:03:55,320
a few things I found online were that
their researchers creating a computer
48
00:03:55,320 --> 00:04:01,320
chips that self-destruct kind of like in
Mission Impossible on there are people
49
00:04:01,320 --> 00:04:08,459
creating ghost towns kind of like honey
- honey honey
50
00:04:09,810 --> 00:04:19,829
it's thank you I was a ghost and it just
was weird that i like that honey pots it
51
00:04:19,829 --> 00:04:21,239

that it
52
00:04:21,238 --> 00:04:31,169
it's designed to create fake fake ghost
towns and it if they kind of go there
53
00:04:31,169 --> 00:04:38,280
it alerts the business that an attack is
it might be underway on and and another
54
00:04:38,280 --> 00:04:39,270
thing
55
00:04:39,270 --> 00:04:45,210
- I don't know if this is possible but
there's a firm that thinks that you
56
00:04:45,210 --> 00:04:51,810
should encrypt everything all the data
and then except you can create certain
57
00:04:51,810 --> 00:04:57,60
attributes to control the decryption and
then set the axis controls
58
00:04:57,690 --> 00:05:03,719
what are some of your responses to just
all the hard work that info SEC people
59
00:05:03,720 --> 00:05:10,560
are doing or any of the new security
things that these researchers have found
60
00:05:11,190 --> 00:05:16,680
well I like the analogy that you know
network security people are like the
61
00:05:16,680 --> 00:05:21,150
ghostbusters III think there's still a
lot of nostalgia for the Ghostbusters
62
00:05:21,150 --> 00:05:24,989
because I came about at a time when
there weren't a lot of like popular
63
00:05:24,990 --> 00:05:31,710
heroes that were into you know like you
said like the technology and science

64
00:05:31,710 --> 00:05:36,60
aspects i would even in the sort of
fantastical way but i remember i can
65
00:05:36,60 --> 00:05:41,789
really clearly identify with them and in
the same way you are doing research into
66
00:05:41,789 --> 00:05:46,800
a lot of these you know areas where it's
difficult to tell like we're threats are
67
00:05:46,800 --> 00:05:49,590
coming from what's causing them
68
00:05:49,590 --> 00:05:54,690
so one of the things I i want to pull
out from what you mentioned was you know
69
00:05:54,690 --> 00:06:00,570
the honey pots the ghost towns of data
or different areas and I think that too
70
00:06:00,570 --> 00:06:05,310
often that's something that's confined
to a research role that
71
00:06:05,310 --> 00:06:08,910
hey you know where a big company we're
going to try to see if we can put out an
72
00:06:08,910 --> 00:06:15,30
unsecured server on the internet and
then see what attacks it but I I think
73
00:06:15,30 --> 00:06:18,479
of a new technique I've seen you in for
some of the ransomware
74
00:06:18,480 --> 00:06:26,370
mitigation is to put out you know I a
file share with a file and if no end
75
00:06:26,370 --> 00:06:32,640
with no one should be changing it hits a
honeypot file and if something does then

76
00:06:32,640 --> 00:06:37,530
oh it looks like we have a problem on
the network and that's a more practical
77
00:06:37,530 --> 00:06:41,159
way of taking some of this theoretical
stuff you know
78
00:06:41,160 --> 00:06:44,430
- - the local sysadmin side of things
79
00:06:44,970 --> 00:06:49,530
so where where my mind goes to meet with
some of those stories is you know with
80
00:06:49,530 --> 00:06:54,90
the self destructing chip the first
thing that I think about is I like the
81
00:06:54,90 --> 00:06:58,619
idea is kind of interesting very sci-fi
Mission Impossible like Cindy mentioned
82
00:06:58,620 --> 00:07:01,740
but what are bad guys going to do with
it
83
00:07:02,430 --> 00:07:07,470
they're just gonna destroy your phone
denial of service attack right there so
84
00:07:07,470 --> 00:07:10,530
its security is always a double-edged
sword
85
00:07:10,530 --> 00:07:19,590
I'm trying to balance accessibility and
security and that that's kind of the the
86
00:07:19,590 --> 00:07:23,909
first thing that I thought about their
and with the encryption i like the idea
87
00:07:23,910 --> 00:07:28,920
of encrypting everything kind of but it
just makes the problem
88

00:07:29,730 --> 00:07:35,430

infinitely infinitely more complex in
terms of access control because you're
89
00:07:35,430 --> 00:07:38,490
doing it at a file level as opposed to
something else
90
00:07:38,490 --> 00:07:41,610
so if you think about managing thousands
of folders how difficult that is
91
00:07:43,20 --> 00:07:48,479
you know what if you have 10 files per
folder and you're trying to manage
92
00:07:48,480 --> 00:07:50,370
encryption every single one of them
93
00:07:50,370 --> 00:07:55,650
the that's 10,000 object you need to
manage permissions on but i like the
94
00:07:55,650 --> 00:07:58,710
idea of encrypting everything it just
has to be done smart
95
00:07:58,710 --> 00:08:02,430
well and I think we have examples of
that now like you know most laptops
96
00:08:02,430 --> 00:08:06,240
corporate laptops you know they have
full disk encryption that you know you
97
00:08:06,240 --> 00:08:12,300
need to work around that someone just
Yanks the hard drive out of it that you
98
00:08:12,300 --> 00:08:15,900
know you're still they don't know
immediately get access to all your data
99
00:08:15,900 --> 00:08:18,900
that's a that seems reasonable
100
00:08:20,130 --> 00:08:23,790
you can see that same sort of thought to

extend it out more and more

101
00:08:24,380 --> 00:08:30,590
but it does it creates management issues
just like you're saying I guess the
102
00:08:30,590 --> 00:08:33,289
other scary things we you know we're
always really concerned about ransomware
103
00:08:33,289 --> 00:08:39,500
like Josh what happens if you an
adversary takes your keys or switches
104
00:08:39,500 --> 00:08:42,80
the keys that you're using to encrypt
everything it's like a built-in
105
00:08:42,80 --> 00:08:47,180
ransomware vector like this was great i
took the key switch to it now
106
00:08:47,180 --> 00:08:51,380
everything on the entire network is mine
ya know
107
00:08:51,920 --> 00:08:59,810
yesterday the chief privacy officer of
netapp and gave a presentation and we
108
00:08:59,810 --> 00:09:05,780
went around the table and asked about
why they're there and they're all
109
00:09:05,780 --> 00:09:13,610
worried about ransomware and people are
still wanting to be educated and it'd be
110
00:09:13,610 --> 00:09:15,980
interesting
111
00:09:15,980 --> 00:09:19,130
it'd be interesting just i I II III
112
00:09:19,130 --> 00:09:23,90
I write I write a lot about it but it
113

00:09:23,90 --> 00:09:29,720

I'd like to hear it's my it was my first
time hearing people outside of our
114
00:09:29,720 --> 00:09:37,100
organization talk about it live in
person and maybe if we collaborate it
115
00:09:37,100 --> 00:09:40,730
like for instance you made the
ransomware identifier
116
00:09:41,300 --> 00:09:46,939
have you heard of people people's
responses for that has it been helpful
117
00:09:46,940 --> 00:09:49,610
or what if they've been doing with it
118
00:09:49,610 --> 00:09:54,230
oh well mostly it's the first step
119
00:09:54,230 --> 00:09:57,320
it's a first step in the process which
is that someone gets hit with ransomware
120
00:09:57,320 --> 00:10:01,460
and all we have is this mysterious note
so they need to figure out what it is
121
00:10:01,460 --> 00:10:05,360
and so if anyone's listening they want
to check it out if you go to barona scom
122
00:10:05,360 --> 00:10:12,80
/r i will take you right to the ransom
or identifiers and all it does is it
123
00:10:12,80 --> 00:10:15,860
helps you identify which of these
hundreds and hundreds of strains of
124
00:10:15,860 --> 00:10:18,860
ransomware out there based upon you to
the file extension
125
00:10:19,740 --> 00:10:24,930
of the encrypted files or the name of

the ransom note but from there

126
00:10:24,930 --> 00:10:28,589
you know there's supposed to be a
remediation process whether that's you
127
00:10:28,590 --> 00:10:32,250
know we're storing for backups are or if
those aren't available
128
00:10:33,000 --> 00:10:36,540
trying on the decryption things that as
a last resort if you really need the
129
00:10:36,540 --> 00:10:39,360
files on paying the ransom
130
00:10:39,360 --> 00:10:43,200
- interesting things that come out of
that recently won
131
00:10:44,130 --> 00:10:48,390
there's a new strain of ransomware that
is pretending to be a different strain
132
00:10:48,390 --> 00:10:53,340
of ransomware and so one of the reasons
ransom has been so effective is that you
133
00:10:53,340 --> 00:10:57,720
know the ransomware makers and vendors
actually a really good customer service
134
00:10:57,720 --> 00:11:00,930
which always cracks me up because it's
really in their interest to be like oh
135
00:11:00,930 --> 00:11:02,520
yes absolutely if you
136
00:11:02,520 --> 00:11:05,939
you know I need some Bitcoin help to
give us this money - then decrypt the
137
00:11:05,940 --> 00:11:07,290
files and get them back to you
138

00:11:07,290 --> 00:11:13,140

happy to help calm and even like having
live chat and other things and like
139
00:11:13,140 --> 00:11:15,390
weird
140
00:11:15,390 --> 00:11:20,490
um and so what this new strain was doing
was pretending to be one of those but
141
00:11:20,490 --> 00:11:25,920
actually just leaving your files are
around about that is technically
142
00:11:25,920 --> 00:11:29,430
sophisticated like yeah sure you get
your files back just give us the money
143
00:11:29,430 --> 00:11:35,670
so I thought that was interesting in
that me you know again
144
00:11:35,670 --> 00:11:38,849
part of the reason it's been successful
is that you will get your files back if
145
00:11:38,850 --> 00:11:41,70
you paid but if that comes into question
146
00:11:41,70 --> 00:11:44,820
you know far less likely that someone
would be willing to you know pay
147
00:11:44,820 --> 00:11:51,60
thousands of dollars for that the other
new strain of ransomware actually it is
148
00:11:51,60 --> 00:11:53,99
something more like an insider threat
149
00:11:53,100 --> 00:12:01,110
where what they want is to you know that
the infection . something that's
150
00:12:01,110 --> 00:12:05,400
compromising so they determine that your
work and they have this big gambling

151
00:12:05,400 --> 00:12:08,189
site that you're on or a fake porn site
or something
152
00:12:08,190 --> 00:12:15,240
and so they say oh well if you you know
in install this you know this little
153
00:12:15,240 --> 00:12:18,50
application or take these steps or
154
00:12:18,50 --> 00:12:22,399
you know in return well you know we
won't email this to your boss that you
155
00:12:22,399 --> 00:12:22,820
know
156
00:12:22,820 --> 00:12:27,290
IBM or whatever ooh that sounds scary
157
00:12:28,160 --> 00:12:36,170
you mention one of it just remove the
one before
158
00:12:37,160 --> 00:12:43,579
they're just to not trust them and i
remember a hospital paid the ransom and
159
00:12:43,579 --> 00:12:50,750
then they wanted more money for the rest
of the files so they're not exactly
160
00:12:50,750 --> 00:12:53,990
honorable people and they
161
00:12:53,990 --> 00:13:01,579
it was kind of part of their customer
service in in and just it's a business
162
00:13:02,149 --> 00:13:06,920
ransomware is a business I just wonder
how that conversation went like well the
163
00:13:06,920 --> 00:13:09,199
top half of the chest x-ray

164
00:13:09,200 --> 00:13:12,230
it came back fine but you know if you
really want to get the rest of this done
165
00:13:12,230 --> 00:13:19,220
we need another six bitcoins and I think
it was confirmed and or someone
166
00:13:19,220 --> 00:13:24,200
something was written about how a
ransomware is a HIPAA violation
167
00:13:24,200 --> 00:13:30,950
- so I be worried and concerned for the
hospitals
168
00:13:30,950 --> 00:13:37,640
- so another reason why infosec people
are like the Ghostbusters is because
169
00:13:37,640 --> 00:13:44,899
it's very hard sometimes for people to
take security threats like like ghosts
170
00:13:44,899 --> 00:13:50,839
seriously and in the movie there was a
Ghostbuster who is trying to get tenure
171
00:13:50,839 --> 00:13:55,940
and spoil alert she was caught on video
seeing that ghosts are real
172
00:13:56,959 --> 00:14:05,479
like on YouTube and then she didn't got
that get tenure and so I just it really
173
00:14:05,480 --> 00:14:14,209
i think doing infosec work security work
is very is is very challenging and I
174
00:14:14,209 --> 00:14:17,689
really liked the article that
175
00:14:17,690 --> 00:14:24,890
I think he was the vp of security or C
so and he wrote an article about how he

176
00:14:24,890 --> 00:14:33,350
managed last year's Republican National
Convention and he had a great master
177
00:14:33,350 --> 00:14:36,260
plan from the outside in and inside out
178
00:14:36,260 --> 00:14:42,110
and even if there was a goes he he
probably had a plan for that because he
179
00:14:42,110 --> 00:14:47,420
was planning for the unexpected and and
as you know security people you have to
180
00:14:47,420 --> 00:14:51,79
write be right every single time and the
bad guys only once
181
00:14:51,620 --> 00:14:55,850
what are some common problems you see
that make it hard for people
182
00:14:55,850 --> 00:15:03,50
infosec people to get their jobs done or
just to get an initiative executed
183
00:15:03,50 --> 00:15:08,930
so I i think a great . you brought up
again and probably the Ghostbusters is
184
00:15:08,930 --> 00:15:12,199
people don't believe in things they
can't see
185
00:15:12,200 --> 00:15:16,790
so we often get in a mindset or non
security people get in the mindset light
186
00:15:16,790 --> 00:15:21,800
like we've never had this problem before
so why would we have it now and you know
187
00:15:21,800 --> 00:15:29,660
and and i think that's that's very it
can be very detrimental because the the
188

00:15:29,660 --> 00:15:36,410

threats are constantly changing and
evolving and assuming that the the kind
189
00:15:36,410 --> 00:15:39,260
of the devil that you know is the one
that you're going to protect against but
190
00:15:39,260 --> 00:15:41,810
it's that's never the case it's always
the one you don't know that's going to
191
00:15:41,810 --> 00:15:42,829
get you
192
00:15:42,830 --> 00:15:50,450
so it takes a lot of planning and
strategy to mitigate some of the unseen
193
00:15:50,450 --> 00:15:53,570
threats are the ones that you don't know
about just yet
194
00:15:53,570 --> 00:15:59,810
so slight segue something I wrote that
it's going up butts up right now on the
195
00:15:59,810 --> 00:16:04,880
site is assist admin guide and I pitch
this is like everything that's not in
196
00:16:04,880 --> 00:16:05,930
the man you all
197
00:16:05,930 --> 00:16:09,770
I'm so sad a guy and one of the things
that's in there is about communications
198
00:16:09,770 --> 00:16:14,510
where it's such a challenge and IT that
you can imagine this first met some
199
00:16:14,510 --> 00:16:17,710
awesome so sad and everything unlocked
they've got
200
00:16:17,710 --> 00:16:21,730
you know everything set up everything is

wonderful but they are getting credit

201
00:16:21,730 --> 00:16:25,750
for that and credit and likes the sort
of generic sense like a recognition that
202
00:16:25,750 --> 00:16:27,160
like wow
203
00:16:27,160 --> 00:16:31,569
everything is working so that means that
there has been a tremendous amount of
204
00:16:31,570 --> 00:16:32,620
effort put in
205
00:16:32,620 --> 00:16:35,950
not that everything is working why do we
even need these people because
206
00:16:35,950 --> 00:16:37,780
everything works great all the time
207
00:16:37,780 --> 00:16:43,89
um so part of that is communicating up
to management and the other stakeholders
208
00:16:43,90 --> 00:16:46,210
in the organization part of its
communicating down the communicating up
209
00:16:46,210 --> 00:16:51,190
something is very effective is to take
responsibility for just sending other
210
00:16:51,190 --> 00:16:55,900
things around within your industry that
if you're you know manufacturer to some
211
00:16:55,900 --> 00:16:58,660
things around that like hey there was
this weird
212
00:16:58,660 --> 00:17:02,140
brandon Moore attack at this other
factory and messed up their machines and
213

00:17:02,140 --> 00:17:05,709

they had a huge amount of you know the
floor wasn't running for two days which
214
00:17:05,709 --> 00:17:09,910
is you know detrimental to the business
and just to let you know this is the
215
00:17:09,910 --> 00:17:14,589
kind of thing that we're monitoring and
helping to prevent to try to make that
216
00:17:14,589 --> 00:17:19,510
more real to try to make it something
that you know that is not so out of
217
00:17:19,510 --> 00:17:27,790
sight out of mind and also collaborating
and getting all the different and
218
00:17:27,790 --> 00:17:34,930
departments and constituents to just
understand why it's it's a good
219
00:17:34,930 --> 00:17:43,600
investment and why it's worth their time
and and I guess it's all it also segways
220
00:17:43,600 --> 00:17:48,100
to that thing not acknowledgement you
mentioned Mike
221
00:17:48,100 --> 00:17:52,629
so finally in at the end of the
Ghostbusters movie the mayor's office
222
00:17:52,630 --> 00:17:58,750
recognize that the Ghostbusters a very
valuable and they save this city and
223
00:17:58,750 --> 00:18:03,580
they're willing to provide them with
support and that acknowledgement really
224
00:18:03,580 --> 00:18:09,820
meant a lot to them and and I feel the
same way with infosec people and they
225

00:18:09,820 --> 00:18:12,730

work extremely hard around the clock
226
00:18:12,730 --> 00:18:19,900
I think our see so I sent out an email
around 11pm her time she has kids
227
00:18:19,900 --> 00:18:24,850
she's working around the clock and she
was warning us about a stupid game
228
00:18:24,850 --> 00:18:27,110
pokemon it's not stupid
229
00:18:27,110 --> 00:18:32,510
but it's making it much trouble you know
so many protons assaulting your house 230
00:18:32,510 --> 00:18:39,49
but I'm just kind of also i'm playing
the devil's advocate that's what i'm
231
00:18:39,49 --> 00:18:45,650
doing but it's kind of like she is
working really hard and I just finish
232
00:18:45,650 --> 00:18:53,990
speaking with a cybersecurity attorney
at teen I Otis and she's she brought up
233
00:18:53,990 --> 00:18:57,500
a really great point of just
collaborating
234
00:18:58,130 --> 00:19:05,390
because you have different individuals
with their own goals and metrics that
235
00:19:05,390 --> 00:19:06,860
they need to meet
236
00:19:06,860 --> 00:19:15,139
how why do why is it important to work
and trust another department and and
237
00:19:15,140 --> 00:19:19,940
when you have different people with they
we really are

238
00:19:20,450 --> 00:19:24,440
I think we're getting better at it
though I'm in terms of working with
239
00:19:24,440 --> 00:19:29,540
others because there's this cyber
security alliance where we have
240
00:19:29,540 --> 00:19:35,720
different organizations from like Palo
Alto network and spunk and other
241
00:19:35,720 --> 00:19:39,530
organizations that are working together
and say hey we really need to come
242
00:19:39,530 --> 00:19:45,49
together share what we know in order to
combat the bad guys
243
00:19:45,49 --> 00:19:53,330
so I'm wondering what are some info SEC
people you recommend as following or
244
00:19:53,330 --> 00:19:59,449
checking or a tool that we should check
out so that someone who's kind of like
245
00:19:59,450 --> 00:20:04,850
the underdog really get like the
recognition that they're helping people
246
00:20:04,850 --> 00:20:09,168
before we get there I want to go back to
a point you touched on
247
00:20:09,169 --> 00:20:11,929
so think about the Ghostbusters movies
you know you mentioned that the mayor
248
00:20:11,929 --> 00:20:15,559
finally recognizing that there is the
problem but think about the preceding
249
00:20:15,559 --> 00:20:21,49
seen at least in the original where they
shut off the the grid that held the

250
00:20:21,49 --> 00:20:22,129
coast and containment
251
00:20:22,130 --> 00:20:26,210
it wasn't until you know it blew up and
the ghost started running a muck and
252
00:20:26,210 --> 00:20:29,390
destroying the city that they finally go
wait a minute there is a problem like
253
00:20:29,390 --> 00:20:31,40
this is a real issue
254
00:20:31,40 --> 00:20:35,300
so they think kind of the thing to think
about our I'd like to pose is have we
255
00:20:35,300 --> 00:20:39,559
reached that point in cyber security is
there enough of these incidents in the
256
00:20:39,559 --> 00:20:40,190
news kind
257
00:20:40,190 --> 00:20:43,580
running a muck where someone's gonna go
like we'll wait a minute
258
00:20:43,580 --> 00:20:46,789
like this is real this is something
serious to consider
259
00:20:47,509 --> 00:20:50,600
I don't know if you guys have an opinion
on it
260
00:20:50,600 --> 00:20:55,668
the size of the Twinkie of it and so so
so we're talking about that one big
261
00:20:55,669 --> 00:20:57,710
twinkie can get 20
262
00:20:57,710 --> 00:21:03,620
yeah I what I was gonna say the same

thing which is that and I think even it

263
00:21:03,620 --> 00:21:07,729
could be even worse which is that I
still think there's a lot of issues and
264
00:21:07,730 --> 00:21:14,539
in the vulnerability community in terms
of finding reporting vulnerabilities
265
00:21:14,539 --> 00:21:17,600
working on security stuff where there's
a lot of shoot the messenger
266
00:21:18,409 --> 00:21:25,940
we're I you I I guess that's my real
concern so that makes me really angry 267
00:21:25,940 --> 00:21:26,840
whoo
268
00:21:26,840 --> 00:21:31,850
because you know you have that you know
very often you find a situation where
269
00:21:31,850 --> 00:21:35,240
the ite group for saying like hey we
need to take these steps to help protect
270
00:21:35,240 --> 00:21:40,39
us and what comes back is like a sign of
priority right now but it's not a
271
00:21:40,39 --> 00:21:44,269
priority and then once there's a breach
at once there's an issue they get blamed
272
00:21:44,269 --> 00:21:50,330
for not you didn't can basically they
get blamed for not being more convincing
273
00:21:50,330 --> 00:21:53,928
that there is a greater threat and we
even have this and some of our stuff for
274
00:21:53,929 --> 00:21:59,419
we have some things out and what comes
back is like oh you guys are just fear

275
00:21:59,419 --> 00:22:03,379
mongering that you are actually serious
about this this isn't a real threat
276
00:22:03,379 --> 00:22:05,959
while simultaneously
277
00:22:05,960 --> 00:22:09,620
you know having all these stories of
like oath thank God we have yourself
278
00:22:09,620 --> 00:22:11,239
with helped us so much
279
00:22:11,240 --> 00:22:17,240
um so I i think the message is not
getting through at least not enough
280
00:22:17,899 --> 00:22:22,459
I think it's getting better and i think
as it gets more popular
281
00:22:23,360 --> 00:22:29,600
I'm in the mainstream that it is that it
gets better because so much of those
282
00:22:29,600 --> 00:22:32,689
decisions aren't driven by the IT group
283
00:22:32,690 --> 00:22:38,600
I think I like I used to do a lot of
work in hospitals they're just run by
284
00:22:38,600 --> 00:22:39,350
the doctors
285
00:22:39,350 --> 00:22:43,189
I mean the you know the head of
radiology says I can't take two more
286
00:22:43,190 --> 00:22:47,000
clicks - to get through something it has
to just be I sit down and immediately it
287
00:22:47,000 --> 00:22:47,879
starts working

288
00:22:47,879 --> 00:22:53,309
and you know I leave and it magically
takes care of everything and you know
289
00:22:53,309 --> 00:23:01,319
that the security of it is not is not a
concern it's the productivity but is as
290
00:23:01,319 --> 00:23:05,639
you know HIPAA has gone about as more
and more security concerns a combat more
291
00:23:05,639 --> 00:23:07,258
and more incidents
292
00:23:07,259 --> 00:23:12,479
there's I i see those things getting
better but still a long way to go
293
00:23:12,479 --> 00:23:18,179
I don't think these I think your point
Mike I think we are starting to see that
294
00:23:18,179 --> 00:23:22,859
change that these you know productivity
is the main concern stopping business
295
00:23:22,859 --> 00:23:24,299
and you know losing money there
296
00:23:24,299 --> 00:23:27,690
but these incidents are starting to
affect that productivity so I think
297
00:23:27,690 --> 00:23:31,229
there's a valid case to make that you
know Francine rock blocks your medical
298
00:23:31,229 --> 00:23:36,719
records it doesn't matter how great your
MRI machine is it doesn't matter i still
299
00:23:36,719 --> 00:23:41,759
can't do what you need to do and I think
they're starting to see that i know i'm
300

00:23:41,759 --> 00:23:43,919

a little bit hopeful about anything
301
00:23:43,919 --> 00:23:49,829
do you think CEOs in Port members would
be open to playing like a pokemon game
302
00:23:49,829 --> 00:23:57,119
of info security and like you know
people like to gamify everything now
303
00:23:57,719 --> 00:24:02,69
and if we did that it might help
304
00:24:02,69 --> 00:24:06,509
I don't I don't know now that you're
bringing this up I'm like how can we get
305
00:24:06,509 --> 00:24:08,129
the message across
306
00:24:08,129 --> 00:24:13,439
I don't know if our any of our listeners
or viewers have any ideas or what if
307
00:24:13,440 --> 00:24:15,719
they've been doing that's been helpful
308
00:24:15,719 --> 00:24:22,919
a lot of what i hear from chief data
officers they say get the small wins in
309
00:24:22,919 --> 00:24:30,59
so you kind of have to build a kind of
short term goals and also work on the
310
00:24:30,59 --> 00:24:36,899
wall ones because also when I was
speaking with tina this cyber security
311
00:24:36,899 --> 00:24:43,708
attorney she was saying that trust takes
a long time and so it you can't just
312
00:24:43,709 --> 00:24:51,329
kind of do a presentation and be like
okay bye bye Felicia by Felipe and be

313
00:24:51,329 --> 00:24:55,168
like give me that you know 10 million
dollars for my security
314
00:24:55,169 --> 00:24:57,270
I don't think it works that way
315
00:24:57,270 --> 00:25:03,120
she mentioned and she brings up a good
point that financial services
316
00:25:04,200 --> 00:25:10,650
there they come together and they're
drinking and they're socializing look
317
00:25:10,650 --> 00:25:17,70
when it comes to their work and and
because they go out and they hang out
318
00:25:17,70 --> 00:25:19,710
and so maybe we need to hate
319
00:25:19,710 --> 00:25:23,490
well I don't know if CEOs and board
members have time to hang out
320
00:25:24,300 --> 00:25:32,760
so I mean I think there are
organizations and and you know I've been
321
00:25:32,760 --> 00:25:36,510
to some some confidence myself that the
goal is to get the you know the C so C
322
00:25:36,510 --> 00:25:41,940
is the executives together to talk about
these issues and I know
323
00:25:41,940 --> 00:25:47,700
black hat does one I was at last year at
executive kind of briefing think there's
324
00:25:47,700 --> 00:25:51,210
two days where where they brought all
these executives together just to talk
325
00:25:51,210 --> 00:25:54,510

about this so i think they are trying to

take it more seriously and realize it is
326
00:25:54,510 --> 00:25:58,860
it's getting more attention from the
board and consumers are starting to
327
00:25:58,860 --> 00:26:05,159
demand more protection and but if it
hasn't i don't think proliferated quite
328
00:26:05,160 --> 00:26:08,160
to the degree that security people like
us would like to see it
329
00:26:11,570 --> 00:26:17,570
so now we're at the parting gift segment
of our show where we share things were
330
00:26:17,570 --> 00:26:24,230
working on or something we found online
for me when i was reading
331
00:26:24,890 --> 00:26:30,920
Andy another blogger for its inside out
security blog
332
00:26:30,920 --> 00:26:37,700
he wrote that there is currently a
federal lawsuit for if you're like at a
333
00:26:37,700 --> 00:26:42,350
hospital and you're waiting to see your
doctor and you go on your facebook
334
00:26:43,280 --> 00:26:47,389
what's happening is they're able to
track
335
00:26:48,230 --> 00:26:52,850
I think with your because you have to
login to use facebook and then they're
336
00:26:52,850 --> 00:27:00,740
serving you like hospital ads and
somehow your your information is is
337
00:27:00,740 --> 00:27:08,420

getting out there and people aren't sure

if that's a HIPAA violation or not
338
00:27:08,420 --> 00:27:14,960
because you need to get consent but
because of cookies that there is there
339
00:27:14,960 --> 00:27:20,600
there's a fuzzy line there in terms of
privacy so and there's also another
340
00:27:20,600 --> 00:27:27,230
lawsuit with snapchat and your they're
using facial recognition software so i
341
00:27:27,230 --> 00:27:33,530
guess some for me i'm just thinking
about my own privacy really when i use
342
00:27:33,530 --> 00:27:38,450
social media because i don't want to
turn into someone who's not aware of
343
00:27:38,450 --> 00:27:41,570
what our young people are doing because
i think it's ice
344
00:27:41,570 --> 00:27:47,899
I think snapchat is really cool like
it's a new form of journalism but it's I
345
00:27:47,900 --> 00:27:52,310
guess there's that tension between
finding the right amount of security and
346
00:27:52,310 --> 00:28:04,70
privacy & Technology Mike or Killian my
parting gift is I was going to talk
347
00:28:04,70 --> 00:28:05,000
about
348
00:28:05,000 --> 00:28:09,620
so we chat about a meeting earlier this
week which was the Amazon IOT button
349
00:28:09,620 --> 00:28:14,330
shop I just think it's super cool which

is a little little button that you can

350
00:28:14,330 --> 00:28:15,399
program too
351
00:28:15,399 --> 00:28:22,238
one tasks and things and they're cheap
don't like 20 bucks and it's like those
352
00:28:22,239 --> 00:28:27,309
amazon - buttons that let you like click
to get a new box of tide but lets you
353
00:28:27,309 --> 00:28:32,109
run whatever you want and they're really
easy to you know hack up and do whatever
354
00:28:32,109 --> 00:28:37,689
you want with they send out a very
recognizable signature on the network
355
00:28:37,690 --> 00:28:41,440
that you can just pick up with your own
stuff or if you want to actually use the
356
00:28:41,440 --> 00:28:46,539
AWS services you can like tie them into
lambda or the other service pieces so
357
00:28:46,539 --> 00:28:51,9
hopefully when we don't project with
those for the blog and some other things
358
00:28:51,789 --> 00:28:57,158
hey what's the first thing that you
would wanna create just press the button
359
00:28:57,159 --> 00:28:59,440
for I want
360
00:28:59,440 --> 00:29:04,269
I wanted the one to get like out of
crazy conversations then it but if
361
00:29:04,269 --> 00:29:07,809
there's like a user or someone who is
just like killing you with like yeah and

362
00:29:07,809 --> 00:29:09,639
the printer on Tuesdays
363
00:29:09,639 --> 00:29:13,689
it doesn't it doesn't print as often as
fast as it does on mondays
364
00:29:13,690 --> 00:29:16,989
how do you like click this button
because it even comes with like a little
365
00:29:16,989 --> 00:29:19,479
i have an intimate just you can see in
the video
366
00:29:19,479 --> 00:29:23,379
it's got like a little keychain thing to
even just like press it and then with
367
00:29:23,379 --> 00:29:26,379
the text your phone like an emergency
code
368
00:29:26,379 --> 00:29:31,178
just like what oh sorry gotta go get our
emergency so so who you going to call
369
00:29:31,179 --> 00:29:32,229
them Mike
370
00:29:32,229 --> 00:29:36,70
I don't I wouldn't i'm going to call
anyone i press this button to come on
371
00:29:36,70 --> 00:29:45,519
like 20 16 in your snapchat no I'm Carol
too buddy
372
00:29:46,210 --> 00:29:49,899
what's your parting gift Killian
373
00:29:51,219 --> 00:29:58,450
I'm gonna part with some paranoia i was
reading an article it was earlier this
374
00:29:58,450 --> 00:30:04,269
week about the the attackers now they're

getting tired of trying to create their

375
00:30:04,269 --> 00:30:09,369
own malicious stuff for or figure out
ways to deliver it to people
376
00:30:09,369 --> 00:30:14,109
so what they started to do is attack
legitimate like system admin tools for
377
00:30:14,109 --> 00:30:15,759
example there was one
378
00:30:15,759 --> 00:30:20,469
I read that they were able to compromise
the site basically load their attack
379
00:30:20,469 --> 00:30:21,849
talking with the code
380
00:30:21,849 --> 00:30:26,289
so when do you know this is a man
download this remote administration tool
381
00:30:26,289 --> 00:30:27,250
i think it was
382
00:30:27,250 --> 00:30:34,480
it automatically installed some malware
some a Trojan applications and its kind
383
00:30:34,480 --> 00:30:38,800
of brilliant because a lot of the
typical like antivirus control say oh do
384
00:30:38,800 --> 00:30:40,270
you want to install this
385
00:30:40,270 --> 00:30:44,230
do you want to install this remote
management tool could be bad they go no
386
00:30:44,230 --> 00:30:47,920
I am definitely doing this like yes I
want to accept it but on the back
387
00:30:47,920 --> 00:30:52,480

it's installing something else as well so I just thought it was an interesting

388
00:30:52,480 --> 00:30:57,700
way to be you know a little bit paranoid
about the software that we use because
389
00:30:57,700 --> 00:31:02,500
we don't really know exactly what it's
doing at all times that I think it's
390
00:31:02,500 --> 00:31:03,280
really interesting
391
00:31:03,280 --> 00:31:07,720
there's this one of those things like I
don't think there's a good general term
392
00:31:07,720 --> 00:31:11,140
for it yet but it's something i see
happening it's almost like a name
393
00:31:11,140 --> 00:31:12,460
spacing attack
394
00:31:12,460 --> 00:31:16,000
mmm where r and I've seen this happening
two cases one
395
00:31:16,780 --> 00:31:20,889
chrome extensions like you know there's
a lot of like chrome extensions they get
396
00:31:20,890 --> 00:31:26,380
like 20 thousand users will sell out to
someone else and the and it's for taking
397
00:31:26,380 --> 00:31:30,940
screenshots of you know you're the web
page you're on or whatever and it turns
398
00:31:30,940 --> 00:31:35,110
out someone malicious buys them replaces
the chrome extension on the updater with
399
00:31:35,110 --> 00:31:42,10
new malicious code and that's it was
really hard to even detect like firefox

400
00:31:42,10 --> 00:31:45,280
doesn't stuff where they try to detect
you know every code update but there's
401
00:31:45,280 --> 00:31:51,399
so much dynamics stuff that's loaded and
it's really difficult or then for npm of
402
00:31:51,400 --> 00:31:54,910
the node package manager where there was
a whole namespace issue or someone took
403
00:31:54,910 --> 00:32:01,30
out a bunch of their packages and it
blew up a bunch of stuff but during the
404
00:32:01,30 --> 00:32:01,780
interim
405
00:32:01,780 --> 00:32:05,260
it was possible that you know someone
could maliciously upload their own
406
00:32:05,260 --> 00:32:08,110
package that had a name of something
that was removed
407
00:32:08,110 --> 00:32:13,780
mhm and could have compromised all those
different sites and things and as we
408
00:32:13,780 --> 00:32:18,639
have larger and larger ecosystems of all
these sorts of tools and I think we'll
409
00:32:18,640 --> 00:32:20,500
see that more and more as a threat
410
00:32:20,500 --> 00:32:22,70
so
411
00:32:22,70 --> 00:32:25,669
it just reminds me of what you said
earlier Michael about customer service
412
00:32:25,670 --> 00:32:27,440

to like
413
00:32:27,440 --> 00:32:31,250
hi let me help you and then
414
00:32:31,250 --> 00:32:36,320
no not really that's a trick or don't
have to work
415
00:32:36,320 --> 00:32:42,290
donate to our charity so we can decrypt
all your all your files help these
416
00:32:42,290 --> 00:32:47,810
people on that makes me think that would
be an awesome attack
417
00:32:47,810 --> 00:32:53,780
so I could I could get a chrome
extension have it request access on all
418
00:32:53,780 --> 00:32:57,470
websites because a lot of the extensions
do that like the ad blocking extensions
419
00:32:57,470 --> 00:33:02,150
and then on banking sites because I
would know the URL of the banking sites
420
00:33:02,150 --> 00:33:05,990
i could have the chrome extension pop up
like a live chat window and be like hi
421
00:33:05,990 --> 00:33:09,260
I'm Mike I'm here to help you today this
is your interactive chat for your
422
00:33:09,260 --> 00:33:14,000
banking just type in your bank number
and your password to me and i will log
423
00:33:14,000 --> 00:33:14,600
you in
424
00:33:14,600 --> 00:33:20,870
would you like to know your balance you
know you're very creative you're giving

425
00:33:20,870 --> 00:33:22,159
them ideas
426
00:33:22,160 --> 00:33:26,900
so you will get our viewership up if we
can get a lot of like malicious horrible
427
00:33:26,900 --> 00:33:34,400
people to cast any anything to get more
than one viewer
428
00:33:35,480 --> 00:33:39,650
we do have more than one viewer it's
just not not live so they can't
429
00:33:40,220 --> 00:33:45,80
after the last show we talked about you
to be less formal so I started wearing
430
00:33:45,80 --> 00:33:48,980
t-shirts instead of like the color
shirts to our podcast recording is
431
00:33:48,980 --> 00:33:53,660
either of its helping if it comes
through in the audio but Killian got a
432
00:33:53,660 --> 00:33:59,570
different memo look at him and his
button-up shirt sure
433
00:33:59,570 --> 00:34:02,899
yeah he does this he and heat
434
00:34:02,900 --> 00:34:07,940
he's so nice he came on the show when
he's not feeling so well and you're so
435
00:34:07,940 --> 00:34:13,520
good with just look like are you okay
Killian when you first signed on my out
436
00:34:13,520 --> 00:34:16,250
that compassionate and nice if you
437
00:34:16,250 --> 00:34:21,949
we might get lucky or to fight you over

on video doing YouTube stones now so

438
00:34:21,949 --> 00:34:22,759
leave
439
00:34:22,760 --> 00:34:24,470
yeah
440
00:34:24,469 --> 00:34:32,480
any last words or thoughts before we
wrap up well I guess the real question
441
00:34:32,480 --> 00:34:37,940
is would you recommend people see the
Ghostbusters movie cindy i liked it it
442
00:34:37,940 --> 00:34:44,840
was slow at certain points to be
completely honest but it was it was a
443
00:34:44,840 --> 00:34:50,300
nice moment for me to reminisce about my
own childhood and then I went off
444
00:34:50,300 --> 00:34:55,399
afterwards it was around midnight and
then there was went to Union Square and
445
00:34:55,399 --> 00:34:57,799
everyone was in front of their phones
446
00:34:57,800 --> 00:35:04,190
playing pokemon and I thought oh that's
strange like why is everyone hanging out
447
00:35:04,190 --> 00:35:08,30
there and they're just in their phones
and then you see like on the my friend
448
00:35:08,30 --> 00:35:14,30
had their pokemon apps like tons of
people lots of action there anyway go
449
00:35:14,30 --> 00:35:15,710
watch the ghostbusters
450
00:35:15,710 --> 00:35:22,940

it was fun and thanks so much Mike and

Killian all our listeners and viewers
451
00:35:22,940 --> 00:35:24,650
for joining us today
452
00:35:24,650 --> 00:35:30,260
if you want to follow us on twitter to
see what we're up to
453
00:35:30,260 --> 00:35:35,900
you can find us at varonis VAR o n is if
you want to subscribe to this podcast
454
00:35:35,900 --> 00:35:40,460
you can go to iTunes and searched for
you for the inside out security show
455
00:35:41,000 --> 00:35:45,980
there is a video version of this on
youtube that you can subscribe to on the
456
00:35:45,980 --> 00:35:49,10
grounds channel and we'll see you again
next week
457
00:35:49,520 --> 00:35:52,880
thanks Mike thanks Killian
458
00:35:52,880 --> 00:35:53,780
thanks to me