No Shit InfoSec

Breaches ever reaching

Tue, 13 Sep 2022 00:52:43 GMT

A short episode about the reaching effects of breaches and accounts you may have forgotten about.

New Marriot Breach:

https://techcrunch.com/2022/07/06/marriott-breach-again/

Privacy Fix: How to Find Old Online Accounts from Consumer Reports:

https://www.consumerreports.org/digital-security/how-to-find-old-online-accounts-a1266305698/

Has you email or phone number been in a breach?

https://haveibeenpwned.com/

Cool Shit:

Realtime Global Cyber Attack Map

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

The Future of Technology

Mon, 05 Sep 2022 05:00:15 GMT

SHOW NOTES:

Brady and I discuss people and technology; where it was, where we are, and where we are going. Put on your philosophy hats!

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Podcast Stuff:

Robert actually had an Atari 1200 XL:

http://oldcomputers.net/atari-1200xl.html

Ray Ban Smart Glasses:

https://www.ray-ban.com/usa/electronics/RW4002%20UNISEX%20ray-ban%20stories%20%7C%20wayfarer-shiny%20black/8056597489478?fbclid=IwAR08oSxzKyvMfsPYKa1PtvVkda6rJtAlAyJ24pDFSCo03tIqaIxDnVC9IWw&cid=PM-SBI_080622-1.US-RayBanStories-EN-B-Related-Exact_RayBan_Related_ray+ban+camera+glasses&gclid=c6b5a6ec15e015a94bb7c5f91c52a69c&gclsrc=3p.ds&msclkid=c6b5a6ec15e015a94bb7c5f91c52a69c&utm_source=bing&utm_medium=cpc&utm_campaign=1.US-RayBanStories-EN-B-Related-Exact&utm_term=ray%20ban%20camera%20glasses&utm_content=RayBan_Related

Google Glass is Back:

https://www.google.com/glass/start/

Microsoft Research:

https://www.microsoft.com/en-us/research/about-microsoft-research/

Microsoft Open Source Blog:

https://cloudblogs.microsoft.com/opensource/

Microsoft Open Source Hardware:

https://azure.microsoft.com/en-us/global-infrastructure/hardware-innovation/

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Picks of the Week:

Brady's Picks

Defeating the Hacker: A non-technical guide to computer security by Robert Schifreen

https://www.amazon.com/Defeating-Hacker-non-technical-computer-security/dp/0470025557

Robert's Pick:

The Satanic Veres by Salman Rushdie

https://en.wikipedia.org/wiki/The_Satanic_Verses

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Cool Shit:

Realtime Global Cyber Attack Map

https://threatmap.checkpoint.com/

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

END OF SHOW NOTES

Hosted on Acast. See acast.com/privacy for more information.

Mis-information, Dis-information, and Fake News. You are a product and target for all of it.

Mon, 29 Aug 2022 05:00:22 GMT

Season 1, Episode 13

Mis-information, Dis-information, and Fake News. You are a product and target for all of it.

Brady and I discuss Mis-information, Dis-information, and Fake News. We discuss what it is, how it is used, and we are all a product and target for all of it. We discuss ways to avoid deception which leads to a philosophical discussion about truth, morals, and ethics. Brady takes a moment on the couch discussing how understanding the matrix for what it is can affect you on a personal level.

Links and Resources:

Definitely NOT real NEWS, but FUN to read:

The Onion

https://www.theonion.com/

The Weekly World News

https://weeklyworldnews.com/

Mad Magazine

https://www.madmagazine.com/

Fight Disinformation with Fact Checking Sites:

Snopes

(almost everything including politics, history, science, and technology)

https://www.snopes.com/

Politifact

(all about fact-checking political claims)

https://www.politifact.com/

FactCheck.org

(political claims, rhetorics, deception, and lies)

https://www.factcheck.org/fake-news/

ProPublica

(deep dive for hidden truth)

https://www.propublica.org/

OpenSecrets

(politics)

https://www.opensecrets.org/

Washington Post Fact Checker

(critical analysis to what politicians have said this week)

https://www.washingtonpost.com/news/fact-checker/

Full Fact

(Fact-checking website focused on the UK and Europe)

https://fullfact.org/

and for most recent

https://fullfact.org/latest/

Alt News

(fake claims and political misinformation in India)

https://www.altnews.in/

BOOM FactCheck

(fact-checking website in India)

https://www.boomlive.in/

SM Hoax Slayer

(fake information on social media platforms)

https://smhoaxslayer.com/

Reuters Fact Check

(international news fact checking)

https://www.reuters.com/fact-check

Picks of the Week:

Brady's Picks

Tobii Pro: Optimizing User Experience and Advertising Research with Eye Tracking

https://youtu.be/ConsSlIf6n4

Hotjar: Website Heatmaps & Behavior Analytics Tools

https://www.hotjar.com/

Robert's Pick:

House of the Dragon: The Game of Thrones prequel

https://www.hbo.com/house-of-the-dragon

Cool Shit:

Realtime Global Cyber Attack Map

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

Education, Certifications, and sipping on the Socials

Mon, 22 Aug 2022 22:09:55 GMT

I have had a lot of questions over the years about how to proceed with a career, education, and certifications. So, I give my take on these and what they mean relative to my life experiences. Individual mileage may vary. I also discuss the need to have a public facing social media presence that is active and consistent. Hide the private Socials and search to see what actually shows up when searching for yourself. Your future employers will. Just sayin'.

Links:

Realtime Global Cyber Attack Map

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

Social Engineering with My Son

Mon, 15 Aug 2022 12:47:40 GMT

In this episode, I discuss basic social engineering with my son and how he can learn to detect it.

Hosted on Acast. See acast.com/privacy for more information.

"Stupid Users" ... no, not those users, the other "stupid users"

Mon, 08 Aug 2022 05:00:27 GMT

In this week's episode, I chat with R. Brady Frost about the little plumber vs the gigantic rock. Then we move in to a discussion about the fallacy of stupid users with some great stories of stupid things done by those of us who really should know better. The moral of the story, is that we are all human and nothing will ever change that. Instead, we need to be prepared for when humans are human.

Hosted on Acast. See acast.com/privacy for more information.

One Weird Trick

Mon, 01 Aug 2022 06:37:57 GMT

In this episode, I talk about getting in to the field of cybersecurity or moving up in the field. I also talk about how keyboards could keep malware from going Boom on your system.

Links:

Try This One Weird Trick Russian Hackers Hate

https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/

Fake VM Sandbox artifacts - not talked about in this episode

https://github.com/NavyTitanium/Fake-Sandbox-Artifacts

Has your password been involved in a breach?

https://haveibeenpwned.com/

Realtime Global Cyber Attack Map

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

Internet Security: Child Edition

Mon, 25 Jul 2022 05:00:28 GMT

In this episode, Brady and I have a discussion with our sons, Isaac and Devin, about Internet Security. This is after a security podcast for the average human, and who better fits that bill than our kids? Stayed tuned for outtakes at the end!

Pics of the week:

Elden Ring (Video Game)

https://en.bandainamcoent.eu/elden-ring/elden-ring

The Boys (Amazon Prime Series)

https://www.primevideo.com/detail/The-Boys/0KRGHGZCHKS920ZQGY5LBRF7MA

R. Brady Frost

https://www.rbradyfrost.com/

https://www.rbradyfrost.com/blog/category/a-battle-mage-reborn/

Links:

Has your password been involved in a breach?

https://haveibeenpwned.com/

Realtime Global Cyber Attack Map

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

The Importance of Data Reduction

Mon, 18 Jul 2022 05:00:21 GMT

In this episode, I have a discussion about data reduction with special guest and author, R. Brady Frost. The discussion revolves around the security risk of keeping too much data available, and things that can be done to mitigate those risks.

Pics of the week:

Hackers (The Movie)

https://www.imdb.com/title/tt0113243/?ref_=fn_al_tt_1

Our Flag Means Death

https://www.imdb.com/title/tt11000902/

R. Brady Frost

https://www.rbradyfrost.com/

https://www.rbradyfrost.com/blog/category/a-battle-mage-reborn/

Links:

Has your password been involved in a breach?

https://haveibeenpwned.com/

Realtime Global Cyber Attack Map

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

Use a Password Manager

Mon, 11 Jul 2022 05:00:35 GMT

Picking up from the last episode, we are now delving in to the security measures we can implement to make ourselves a less attractive for Evil Steve. After implementing 2FA, we should now be setting up and using a password manager. Then we look for and changed passwords involved in known breaches (haveibeenpwned - link in show notes). The show is approximately 19 minutes long.

Links:

Has your password been involved in a breach?

https://haveibeenpwned.com/

Password Manager Reviews:

https://www.tomsguide.com/us/best-password-managers,review-3785.html

https://www.pcmag.com/picks/the-best-password-managers

https://www.nytimes.com/wirecutter/reviews/best-password-managers/

Stand-Alone Password Managers

KeePass

https://keepass.info/

KeePassXC

https://keepassxc.org/

Recent Authenticator App Reviews

https://www.pcmag.com/picks/the-best-authenticator-apps

https://www.nytimes.com/wirecutter/reviews/best-two-factor-authentication-app/

Google password manager articles

https://privacycrypts.com/password-managers/guides/is-chrome-password-manager-safe/

https://www.experian.com/blogs/ask-experian/is-google-passwordmanager-secure/

Apple iCloud Keychain

https://www.imore.com/icloud-keychain

https://www.intego.com/mac-security-blog/mac-and-ios-keychain-tutorial-how-apples-icloud-keychain-works/

https://www.podfeet.com/blog/2021/06/icloud-keychain-vs-1password/

iCloud Keychain 2FA - how to

https://www.guidingtech.com/use-icloud-keychain-two-factor-authentication/

Apple iCloud Keychain security issues

https://www.wired.com/story/keysteal-apple-keychain-attack-shenanigans/

Microsoft Authenticator vs Google Authenticator

https://www.365tech.ca/which-one-is-better-microsoft-authenticator-or-google-authenticator/

Google Authenticator

https://www.techdim.com/what-is-google-authenticator/

Google Authenticator security issue

https://privacypros.io/u2f/stop-using-google-auth/

Microsoft Authenticator

https://www.androidauthority.com/microsoft-authenticator-987754/

Microsoft Authenticator security issue

https://www.transmitsecurity.com/blog/microsoft-authenticator-a-false-sense-of-security

Permanent link because it's very cool.

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

To Do List - 2FA

Mon, 04 Jul 2022 05:00:51 GMT

Picking up from the last episode, we are now delving in to the security measures we can implement to make ourselves a less attractive for Evil Steve. Two Facor Authentication (2FA) is ata the top of the list.

Links:

https://www.pcmag.com/picks/the-best-authenticator-apps?

https://www.ledger.com/es/academy/why-two-factor-authentication-2fa-matters-now-more-than-ever

Permanent link because it's very cool.

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

Who the F&ck is Evil Steve? Part 2

Mon, 27 Jun 2022 05:00:49 GMT

Picking up from Episode 3: Picking up from the last episode, we delve a bit more into the types of threat actors (people) that are attacking us. We explore the run of the mill data theft hacker to the more professional Advanced Persistent Threats (APTs). The show is about 16 minutes long.

Links to information about Threat Actors listed below:

https://www.cisa.gov/

https://www.cisa.gov/cybersecurity

https://www.cisa.gov/cert

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

Who the F&ck is Evil Steve? Part 1

Mon, 20 Jun 2022 05:00:55 GMT

Episode 3: Who the Fuck is Evil Steve

Picking up from Episode 2: Good Idea Fairy Hunting we continue exploring the concept of security as a people problem.

This week we stop to take a moment to focus on the Who rather than the What is attacking us. In CyberSecurity, we tend to get caught up in things that happen to us, that we forget that it is actually a person attacking us. Learning more about who wants the information we have will tell us the ways they go about stealing it. This gives us information to better protect our assets and begin active threat hunting. The show is about 15 minutes long.

Links to information about Threat Actors listed below:

https://www.cisa.gov/

https://www.cisa.gov/cybersecurity

https://www.cisa.gov/cert

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.

Good Idea Fairy Hunting

Mon, 13 Jun 2022 22:46:31 GMT

This is the beginning of a series where I am going to discuss how to handle and tackle security as a people problem. We often lose sight of the trees for the forest and vice versa. Let's get out from behind our desks and go meet the people that need our help, even if they don't know it yet.

Hosted on Acast. See acast.com/privacy for more information.

Episode 2 Preview

Fri, 10 Jun 2022 00:39:30 GMT

Next week we will discuss Good Idea Fairy Hunting. Be sure to tune in!

Hosted on Acast. See acast.com/privacy for more information.

When was the last time you changed your password?

Fri, 03 Jun 2022 22:03:42 GMT

In this pilot episode we talk about those pesky little things that everyone loves to hate: your password(s). More importantly, we talk about the real threat and things you can do to protect yourself and your family!

Has your account information been compromised (email or phone number)?

https://haveibeenpwned.com/

A cool tool to test password strength. Please don't use your actual password, even though I trust this site. They are also a very highly recommended password manager:

https://bitwarden.com/password-strength/

Just because it's cool as shit: The Real-Time Global Cyber Attack Map:

https://threatmap.checkpoint.com/

Hosted on Acast. See acast.com/privacy for more information.