The Sensuous Sounds Of INFOSEC - Episode 13 - Ryan Skelton

in

This week we talk with INFOSEC professional Ryan Skelton about information security training and awareness programs, tools used in live environments, and how Robin sounds like an NPR interviewer.

The tool mentioned by Ryan during the episode: https://www.knowbe4.com/

The Saturday Night Live sketch Ryan references (and yes, Robin does sound like that!): https://www.youtube.com/watch?v=RoysmfRxPLc

Podcast Episode 6: A Real Attack

in

This week, we were extremely excited to have our very first guest on the show: Tachic Hickman-Piazza of Allured By Design. We had talked about Tachic’s experience briefly in Episode 2; her Instagram account had been hacked, and she lost three years of work overnight. In this episode, we got to talk to Tachic, hear about what she went through from her experience, and hear her advice and opinions about security of online platforms in the wake of the attack. It’s a much longer episode than normal, simply because the conversation got so fascinating. We think you’ll really enjoy it— please feel free to leave comments/questions/responses!

Tachic’s website: alluredbydesign.com

Tachic’s Instagram: https://www.instagram.com/alluredbydesign/

Tachic’s Facebook: https://www.facebook.com/alluredbydesign/

The link to Farah Merhi, the other designer Tachic mentions in the show: https://inspiremehomedecor.com

Tachic’s original message about the attack, which led us to finding her: https://www.alluredbydesign.com/post/introducing-allured-by-design-home-lifestyle?fbclid=IwAR2OAmT-SDOXD3N063vZH8aJgz9qqlZ6YUM6q3ZwzkfTkLK6lN3eSlN6xY0

We’re also posting images of the messages from the hacker to Tachic, and finally a photo of Tachic representing her brand! Thanks again to our guest— it was truly a pleasure having her on the show!

Tachic Hack msg 1.jpg
Tachic Hack msg 2.jpg
Tachic Hack msg 3.jpg
Tachic Hack msg 4.jpg
Tachic Hack msg 5.jpg
Tachic Hack msg 6.jpg
image001.jpg

Podcast Episode 5: The Darkest of Webs

in

We’ve got a new installment of The Sensuous Sounds Of INFOSEC! In this one, we discuss the Dark Web; what it is, and why you probably shouldn’t be all that terrified of it…and how you might have already used it.

Feel free to leave us comments and suggestions!

Show Notes:

- When a US federal law enforcement agency ran an online kiddie-porn site: https://en.wikipedia.org/wiki/Playpen_(website)

Podcast Episode 4: Roombas, Guns, and Money - Pornhub, in Splendid Isolation

in

Podcast Episode 4 show notes:

 

This week we learn about the website that will keep humanity sane and safe during this worldwide quarantine, and beyond.

 

Absolutely not sponsored by PornHub.

 

Before the episode, Robin mentioned that she found a great certification for n00bs and career-switchers, IT Fundamentals+ (ITF+):

 

--CompTIA website: https://www.comptia.org/certifications/it-fundamentals 

--Free full ITF+ course with ITProTV: https://www.youtube.com/playlist?list=PLc6zqGSJMvCSQ3djLlfS_2LnliS-Q-FKV

 

Terms used:

 

DDOS Attack: a malicious attempt to reduce the target system's availability; often involves the use of botnets (see below)

 

DNS: Domain Name Service; aids Internet users by resolving plain-language URLs (such as www.securityzed.com) into the IP address of the machine hosting the intended content (the securityzed blog and podcast)

 

Botnet: a group of machines, often quite large (sometimes, thousands of devices), used to perform some less-than-legitimate activity (DDOS attacks, reporting inflated ad clicks/link calls to generate ad revenue, performing mathematical work to try to crack password/credentials/content that has been encrypted, etc.); typically, the owner of each device in the botnet is not even aware that their device is participating.

 

Internet of Things: Current trade name for consumer products that have an IP address but main purpose is to function in the physical world, not as compute/storage devices.

 

If you are a nerd and like physics, cats, and weaponized vacuums, check out William Osman on YouTube: https://youtu.be/7haDZWR3MYU

 

Brian Krebs, INFOSEC rockstar and the target of the giant Mirai attacks (as well as his hosting service, DYN), discussing all the topics associated with Mirai: https://krebsonsecurity.com/tag/mirai-botnet/

 

SecurityWeek article about the Mirai attacks, which includes PornHub's DNS redundancies/mapping: https://www.securityweek.com/whats-fix-iot-ddos-attacks

 

A good background on what DNS is and how it works: https://en.wikipedia.org/wiki/DNS_hosting_service

 

 

Podcast Episode 3: Earn It!

in

This week’s episode is about some proposed US legislation that may significantly affect encryption options. We hope you like it! As always, please feel free to suggest any topics you’d like to hear us dicuss on future episodes. Thanks again!

Show notes:

Text of the proposed bill: https://www.congress.gov/bill/116th-congress/senate-bill/3398/text

A great article explaining stuff better than we can: https://reason.com/2020/03/09/senators-push-sneaky-anti-privacy-bill/

Podcast Episode 2: Social Media, Targeted Ads, and the Illuminati

in

We had some really good responses to our first podcast episode, so we went and made another one. In this episode, we discuss what kind of personal information social media services harvest, use, and share with law enforcement, and how to recover your online data if you lose it accidentally. Also, the Illuminati. Because that’s our kind of weirdness.

Show Notes

The Facebook law enforcement portal: https://www.facebook.com/records/login/

Facebook’s guide for law enforcers using the portal: https://www.facebook.com/safety/groups/law/guidelines

A guide written by and for law enforcers using the Facebook portal: https://netzpolitik.org/wp-upload/2016/08/facebook-law-enforcement-portal-inofficial-manual.pdf

The Total Information Awareness program: https://en.wikipedia.org/wiki/Total_Information_Awareness

Podcast Trial - Episode 1

in

We’ve been threatening it for a long time, and we finally got our first podcast done. I say “we", but all the hard work was done by my partner, Robin Cabe. The working title is “Sensuous Sounds of INFOSEC,” because that’s damned funny.

Anyway, for the first episode, which is pretty short at 26 minutes, we just talked about getting into the field of IT security, and some advice and suggestions for starting your career.

Show Notes:

Terms:

Security architect: A person with a broad view of the security and technology in an organization’s environment, usually combining all possible aspects of the organization, including physical/system/network/software/personnel security, lines of business/operations, risk management, and governance, in a holistic way.

Online resources/groups to look at if you're interested in the field:

https://www.facebook.com/groups/InfoSec101/

https://www.reddit.com/r/cybersecurity/

https://www.reddit.com/r/security/

https://www.reddit.com/r/netsec/

https://www.reddit.com/r/privacy/

https://www.reddit.com/r/sysadmin/

https://www.reddit.com/r/CompTIA/

https://discord.gg/HyzFj94

Please feel free to ask questions/add feedback in the Comments section, and to offer suggestions of topics you’d like us to discuss in future episodes.

Recent CISSP Feedback

in

Got a note from a former student who tells us:

“ I sat for the exam this morning and I provisionally passed!!

This test was one of the hardest, most interesting exams I have ever taken.  It really does test your conceptual knowledge, as well as how you handle different situations at different levels.  There were some items on the exam that I was able to remember using your "Foot stomps" which really helped drill those concepts into my brain.

The best advice I can give is to just be confident that you know the material, and read the question, read the answers, then read the question again, and if you feel like you still cannot eliminate an answer or two....read the question again!  The questions are really not there to "trick" you.”

Really well said, and extremely useful. Thanks to Daniel Hill for sharing, and a big congratulations!

Fascination

in

I don’t know why, but I find scammers absolutely fascinating; the styles and methods of manipulation intrigue me, and I have to wonder how it works (or if it does— but some of it HAS to, otherwise scams wouldn’t exist).

I got this one the other day, via the Contact page on this website. Can you count the layers of meta? I mean, this is an information security site, and the scammer warns of scams, but explains that the sender (scammer) got scammed because they (the sender/scammer) wanted to hack their partner’s communications, and that the thing being sold (hacking services/felonies) is trustworthy. My mind melts when I think about it.

(I took out the scammer contact info, of course.)

“Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; ([scammer email address]) who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.”

It’s a strictly prurient interest, but I am just addicted to wondering about the efficacy and rationale of scams.