securityzed contains opinions and anecdotes about INFOSEC issues. Views expressed herein belong solely to the contributors. Not to be taken as professional advice, or internally.
SUPER-proud to have been a guest on the Security Unfiltered Podcast! Joseph South and Derrick Jackson are just phenomenal hosts, and made me feel very welcome and let me blather about all sorts of security-related stuff. We had a fantastic conversation that could have gone on for at least another three hours without pause, if we all had the time. Thanks again, gentlemen!
This is extremely exciting: Robin and I will be hosting a free webinar for New Horizons during their Awareness Month seminar. We'll be doing a live episode of the "The Sensuous Sounds Of INFOSEC" that you can participate in! So, if you ever wanted to be on the show, now's your chance.
Did I mention it's free?
We're going to discuss different INFOSEC certifications, and which pathways might be best for different practitioners. Come check it out, ask questions, and hassle us.
Also, you don't have to pay for it.
We look forward to seeing you there!
https://register.gotowebinar.com/register/3599988395504979725
There are also some other sessions being offered by excellent presenters:
https://bangor.newhorizons.com/resources/free-webinars
This week, we have our second guest— Mike Allen, INFOSEC guru of outstanding nature! We talk about securing the home office/network, and how tricky that is.
In the first installment of what we hope is a recurring feature, we review popular media (in this case, a movie, called “Zero Days”) from the perspective of: how accurately do they portray the INFOSEC industry and practices?
This week, we were extremely excited to have our very first guest on the show: Tachic Hickman-Piazza of Allured By Design. We had talked about Tachic’s experience briefly in Episode 2; her Instagram account had been hacked, and she lost three years of work overnight. In this episode, we got to talk to Tachic, hear about what she went through from her experience, and hear her advice and opinions about security of online platforms in the wake of the attack. It’s a much longer episode than normal, simply because the conversation got so fascinating. We think you’ll really enjoy it— please feel free to leave comments/questions/responses!
Tachic’s website: alluredbydesign.com
Tachic’s Instagram: https://www.instagram.com/alluredbydesign/
Tachic’s Facebook: https://www.facebook.com/alluredbydesign/
The link to Farah Merhi, the other designer Tachic mentions in the show: https://inspiremehomedecor.com
Tachic’s original message about the attack, which led us to finding her: https://www.alluredbydesign.com/post/introducing-allured-by-design-home-lifestyle?fbclid=IwAR2OAmT-SDOXD3N063vZH8aJgz9qqlZ6YUM6q3ZwzkfTkLK6lN3eSlN6xY0
We’re also posting images of the messages from the hacker to Tachic, and finally a photo of Tachic representing her brand! Thanks again to our guest— it was truly a pleasure having her on the show!
We’ve got a new installment of The Sensuous Sounds Of INFOSEC! In this one, we discuss the Dark Web; what it is, and why you probably shouldn’t be all that terrified of it…and how you might have already used it.
Feel free to leave us comments and suggestions!
Show Notes:
- When a US federal law enforcement agency ran an online kiddie-porn site: https://en.wikipedia.org/wiki/Playpen_(website)
Podcast Episode 4 show notes:
This week we learn about the website that will keep humanity sane and safe during this worldwide quarantine, and beyond.
Absolutely not sponsored by PornHub.
Before the episode, Robin mentioned that she found a great certification for n00bs and career-switchers, IT Fundamentals+ (ITF+):
--CompTIA website: https://www.comptia.org/certifications/it-fundamentals
--Free full ITF+ course with ITProTV: https://www.youtube.com/playlist?list=PLc6zqGSJMvCSQ3djLlfS_2LnliS-Q-FKV
Terms used:
DDOS Attack: a malicious attempt to reduce the target system's availability; often involves the use of botnets (see below)
DNS: Domain Name Service; aids Internet users by resolving plain-language URLs (such as www.securityzed.com) into the IP address of the machine hosting the intended content (the securityzed blog and podcast)
Botnet: a group of machines, often quite large (sometimes, thousands of devices), used to perform some less-than-legitimate activity (DDOS attacks, reporting inflated ad clicks/link calls to generate ad revenue, performing mathematical work to try to crack password/credentials/content that has been encrypted, etc.); typically, the owner of each device in the botnet is not even aware that their device is participating.
Internet of Things: Current trade name for consumer products that have an IP address but main purpose is to function in the physical world, not as compute/storage devices.
If you are a nerd and like physics, cats, and weaponized vacuums, check out William Osman on YouTube: https://youtu.be/7haDZWR3MYU
Brian Krebs, INFOSEC rockstar and the target of the giant Mirai attacks (as well as his hosting service, DYN), discussing all the topics associated with Mirai: https://krebsonsecurity.com/tag/mirai-botnet/
SecurityWeek article about the Mirai attacks, which includes PornHub's DNS redundancies/mapping: https://www.securityweek.com/whats-fix-iot-ddos-attacks
A good background on what DNS is and how it works: https://en.wikipedia.org/wiki/DNS_hosting_service
This week’s episode is about some proposed US legislation that may significantly affect encryption options. We hope you like it! As always, please feel free to suggest any topics you’d like to hear us dicuss on future episodes. Thanks again!
Show notes:
Text of the proposed bill: https://www.congress.gov/bill/116th-congress/senate-bill/3398/text
A great article explaining stuff better than we can: https://reason.com/2020/03/09/senators-push-sneaky-anti-privacy-bill/
We had some really good responses to our first podcast episode, so we went and made another one. In this episode, we discuss what kind of personal information social media services harvest, use, and share with law enforcement, and how to recover your online data if you lose it accidentally. Also, the Illuminati. Because that’s our kind of weirdness.
Show Notes
The Facebook law enforcement portal: https://www.facebook.com/records/login/
Facebook’s guide for law enforcers using the portal: https://www.facebook.com/safety/groups/law/guidelines
A guide written by and for law enforcers using the Facebook portal: https://netzpolitik.org/wp-upload/2016/08/facebook-law-enforcement-portal-inofficial-manual.pdf
The Total Information Awareness program: https://en.wikipedia.org/wiki/Total_Information_Awareness
We’ve been threatening it for a long time, and we finally got our first podcast done. I say “we", but all the hard work was done by my partner, Robin Cabe. The working title is “Sensuous Sounds of INFOSEC,” because that’s damned funny.
Anyway, for the first episode, which is pretty short at 26 minutes, we just talked about getting into the field of IT security, and some advice and suggestions for starting your career.
Show Notes:
Terms:
Security architect: A person with a broad view of the security and technology in an organization’s environment, usually combining all possible aspects of the organization, including physical/system/network/software/personnel security, lines of business/operations, risk management, and governance, in a holistic way.
Online resources/groups to look at if you're interested in the field:
https://www.facebook.com/groups/InfoSec101/
https://www.reddit.com/r/cybersecurity/
https://www.reddit.com/r/security/
https://www.reddit.com/r/netsec/
https://www.reddit.com/r/privacy/
https://www.reddit.com/r/sysadmin/
https://www.reddit.com/r/CompTIA/
https://discord.gg/HyzFj94
Please feel free to ask questions/add feedback in the Comments section, and to offer suggestions of topics you’d like us to discuss in future episodes.