Episodes
Tuesday Jan 09, 2018
#5 Part 1 - P@$$w0rd5! (Passwords suck)
Tuesday Jan 09, 2018
Tuesday Jan 09, 2018
Passwords are a pain in the a$$. In fact, in an interview with The Wall Street Journal, Fernando Corbató, now 91 years old and the inventor of the password back in the 60s said that passwords have become “kind of a nightmare”.
The current state of the internet wasn’t quite a consideration when passwords first started. Nowadays the average internet user can have upwards of 100-150 different accounts across multiple services. You might be thinking… not me! When was the last time you actually tallied up all your online identities. You might be surprised. Each service is now putting sufficient password restrictions specifically force you away from the password top 10 list, but ensuring that you’ll probably forget what your password is… unless… you have a system. A clever system!
Learn more about what makes a good password, a BAD password, why it matters, how they word behind the scenes and what is a good practice. We'll also talk about single sign on mechnisms like Facebook, Google and Twitter to sign into other online services like Spotify. Is that dangerous. Part 1 dives on in.
In two weeks Part 2 will dive into Password Managers and 2 Factor Authentication mechanisms to ensure you are doing your best to keep your online life tight as a drum.
Read the whole blog at https://codifyre.com/appsec/passwords-suck/
Tuesday Dec 12, 2017
#4 - Life's a Breach - Is My Data Safe?
Tuesday Dec 12, 2017
Tuesday Dec 12, 2017
No! Thanks for reading (listening).
It could be worth defining what a data breach actually is.
Cyber security people often refer to three essential pillars upon which anyone responsible for data must adhere. They are called the CIA, oddly. Not to be confused with the American super-spy organisation or the FBI, NSA, USPI (US Postal Inspectors of course) or NCIS (whatever the hell that actually is… is it even real?)
The CIA of cybersecurity stands for Confidentiality (can you keep my secret), Integrity (can you make sure my secret cannot be accessed or changed by anyone else), Availability (can anyone else deny me access to it). If somebody screwed up any of these it’s a problem. A data breach is when a company royally screws up the first one, Confidentiality, and allows data about us, that we trusted them to keep on the down low, available to others.
Two of the most high profile examples which occured in 2017 were of course Equifax and Uber. I could easily spend this whole time ripping into the Equifax breach alone but thankfully, John Oliver and Last Week Tonight have already done a stellar job of that. I highly recommend checking that out.
The Uber breach was also super fun and also had in common with Equifax an attempt to cover it up, or, at least pretend it wasn’t happening for a while. The Uber/Equifax policy on disclosure is somewhat akin to Homer Simpson, aptly putting it…”I’ll hide under some coats and hope that somehow everything will work out!”
The Uber breach was extra special in that they actually paid the hackers to shut-up and destroy the data they stole so no worries there right? Because hackers have a really rock solid code of ethics. Uber even said they had evidence to suggest data was destroyed. What evidence exactly was that? A screen shot of an empty directory called “Stuff we Stole from Uber” or perhaps they just send them a empty USB stick in the mail with a post-it note saying “See! Gone! We cool?” I’m not totally convinced. Have a quick surf through Dream Market (other Dark Web Marketplaces are available) and see what’s there.
But how do these things happen in the first place?
Read more in the official show notes
https://codifyre.com/technology/data-breach-is-my-data-safe/
Tuesday Nov 28, 2017
#3 - The Mysteries and Insecurities of IoT (a.k.a The Internet Of Things 2017)
Tuesday Nov 28, 2017
Tuesday Nov 28, 2017
The Internet of Things! Oh! That! The Internet… got it… Of… no problem… Things… nope you lost me.
When I first heard the term IoT I had no f*cking idea what it was and what it meant. Obviously it was made completely clear when I was told what it stood for…
How long did it take, and who came up with that catch phrase? And why on earth did it stick? Internet of Stuff would have been IOS and we can’t have Apple breathing down our necks. Internet of Devices? What stopped us there? The Institute of Directors perhaps? Those biz savvy suits play hardball about being top dog on the google search so we couldn’t usurp that acronym. So here we are with IoT.
Regardless of how we got here… IoT is a buzzword/acronym/TLA (three letter acronym)/phrase which only through the atrition of use is starting to become somewhat understood.
Defering to wikipedia (give that guy some money) it’s defined as: “The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to connect and exchange data.”
It’s that last bit… the “network connectivity” that is the critical new element that creates IoT. We’ve had the “physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators”…and of course the machine that goes “ping!” for a while now in the form of TVs, toasters, baby monitors, lawn mowers, ovens, heart monitors and teddy bears. Yes Teddy Bears. I’m thinking of that old scary Teddy Ruxpin thing from the 80s. It haunts me in my nightmares.
Read more on our blog/shownotes page.
https://codifyre.com/culture/iot-internet-things-2017-probably-internet-stuff-acronym-already-taken/
Tuesday Nov 14, 2017
#2 - The Ransomware Show (2017)
Tuesday Nov 14, 2017
Tuesday Nov 14, 2017
This is one of those subjects that has struck everyone from the techno security guru to the average person who might simply be trying to do their job. Ransomware brands such as Goldeneye, Petya (and its counterpart NotPetya), Cryptolocker, CryptoWall, Locky, WannaCry and very recently, Bad Rabbit (to name only a few) have been making headlines across the globe.
I’ll start by taking a quick step back and just define Ransomware before I discuss how it tricks us into letting it in the door. I'll then take you through the stages of it's existence and finally what we can do to be better in the face of quickly advancing and mutating Ransomware attacks.
2017 was the year of the Ransomware... or is it? 2018 is just around the corner so only time will tell.
Check out the full blog article based on this podcast on the Codifyre website.
https://codifyre.com/tech-skills/what-is-ransomware/
Follow on twitter http://www.twitter.com/codifyre
Like on Facebook http://www.facebook.com/codifyre