Professionally Evil Perspective

Categories

security
general

Archives

2022
September
August
July
June
May
April
March
February
January

2018
March

2017
October
July

2014
December
August
July
March
February
January

2013
October
September
August
July
June
May
April
March
February

September 2022
S M T W T F S
     
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30

Syndication

Today on The Professionally Evil Perspective, Kevin and Nathan talk about different paths into Infosec.

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP02_14.m4a
Category:security -- posted at: 10:56pm EDT

Today on The Professionally Evil Perspective, Kevin and Nathan discuss the concept of "right to repair", or once you purchase something, should you be allowed to do whatever you want with it, and to it? And a controversy in Denver over a program that caused over 22,000 Xcel Energy customers to lose control of thier thermostats during an "energy emergency".

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP_02_14.m4a
Category:security -- posted at: 12:04am EDT

This month we are joined by OpsHelm, Inc. Founding Security Engineer Lee Brotherston and Black Hills Information Security Content and Community Director Jason Blanchard to discuss current security news. From hacking John Deere combines to play Doom to Janet Jackson crashing laptops, this month was especially entertaining. Join us the last Friday of every month to discuss current events with a rotating list of security pros.


Today's Guests:

Lee Brotherston can be found on LinkedIn
Jason Blanchard can be found on Twitter @BanjoCrashland


Links:

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PELL_AUgust_2022.m4a
Category:security -- posted at: 9:21pm EDT

This month we are joined by Cybersecurity Strategist Heather Linn and Information Security Pro Giovanni Cofre to discuss current security news. From police being allowed to view private Ring camera footage to the distribution of an abortion-laced business card at a hacker conference, we covered a lot in one hour. Join us the last Friday of every month to discuss current events with a rotating list of security pros.

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Today's Guests:

Heather Linn can be found here on LinkedIn
Giovanni Cofre can be found on Twitter @GiovanniPatch


Links:

Direct download: PELL_JUly_2022.m4a
Category:security -- posted at: 11:20pm EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@darth_kevin     

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

dhs-announces-new-cybersecurity-requirements-critical-pipeline-owners-and-operators

Direct download: Episode_12.m4a
Category:security -- posted at: 12:01am EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@84d93r

Our June guest @HackerHurricane

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

iOS 16 and macOS Ventura will let users bypass CAPTCHAs on supported apps and websites

Cops Will Be Able to Scan Your Fingerprints With a Phone

Hot Tub Crime Machine: Jacuzzi Smart Tubs Left Personal Info Exposed

After hacking millions of devices, DoJ operation shuts down RSocks botnet

This Hacker Group Forces People to Do Good to Get Their Data Back

Canadian internet outage attributed to beaver

Leaked Audio From 80 Internal TikTok Meetings Shows Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China

Keeping PowerShell: Security Measures to Use and Embrace

https://cybersquirrel1.com/

 

 

 

 

 

 

 

 

 

Direct download: PELL_June_2022.m4a
Category:security -- posted at: 11:56pm EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@darth_kevin     

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

is-lamda-sentient-an-interview

stop-calling-everything-ai-machinelearning-pioneer-says

microsoft-shuts-down-ai-chatbot-after-it-turned-into-racist-nazi

https://replika.com/

Direct download: Season2.Ep11.m4a
Category:security -- posted at: 11:20pm EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@darth_kevin     

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

Alex Martin Tweet

us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command

cyberattack-ransomware-nuclear-war

general-paul-m-nakasone

Direct download: Season_2_Episode_10.m4a
Category:security -- posted at: 2:15am EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

https://twitter.com/sweaney      

https://twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

This months guests:

Ray Davidson

Luke Crouch

Episode Links:

Clearview AI's Facial Recognition Tool Coming To Apps, Schools

2022 Data Breach Investigation Report (DBIR)

Twitter will pay a $150 million fine over accusations it improperly sold user data

DuckDuckGo Isn’t as Private as You Thought

“Tough to forge” digital driver’s license is… easy to forge

Direct download: PELL_May_2022.m4a
Category:security -- posted at: 7:00am EDT

US Prosecutors Won't Charge White Hat Hackers Under New Policy

@JeffStone500

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com

Or reach out on Twitter:   

Nathan Sweaney

Kevin Johnson

Secure Ideas

Join our Professionally Evil Slack Team:

Professionally Evil Slack Team

 

Our real jobs pay for our time to do this,

so if you have opportunities around

penetration testing or risk management,

we'd love the chance to work with you!

 

Direct download: PEP_02_09.m4a
Category:security -- posted at: 11:33pm EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

https://twitter.com/sweaney      

Cory Sabol Twitter

https://twitter.com/kneppjon

Aaron Moss Twitter

https://twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Episode Links:

https://www.zdnet.com/article/bored-ape-yacht-club-instagram-takeover-sees-around-3-million-in-nfts-sail-away/

https://www.zdnet.com/article/hack-dhs-homeland-securitys-first-bug-bounty-turns-up-122-vulnerabilities/

https://infotechlead.com/security/zoom-paid-1-8-mn-under-bug-bounty-program-on-hackerones-platform-72007

https://www.forbes.com/sites/bobzukis/2022/04/18/the-sec-is-about-to-force-cisos-into-americas-boardrooms/?sh=4a318b868a90

https://www.darkreading.com/careers-and-people/-isc-launches-entry-level-cybersecurity-course

https://www.vice.com/en/article/k7w9mv/tmobile-hacked-bought-data-mandiant

https://krebsonsecurity.com/2022/04/raidforums-get-raided-alleged-admin-arrested/

https://www.techspot.com/news/94346-magnetic-media-storage-sees-record-breaking-sales-ransomware.html

Direct download: PELL_April.m4a
Category:security -- posted at: 11:07am EDT

A group claims to be fighting Russia in the name of Ukraine using a botnet.  And wants you to join them.  Kevin and Nathan discuss what could possibly go wrong. 

Direct download: PEP_2_8.m4a
Category:security -- posted at: 6:00am EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/RonJonArod

twitter.com/hotdogggitty

twitter.com/secureideas

Episode Links:

FBI Warns Of Preliminary Russian Cyber Activity Against American Companies

White House Says Reports of an American Cyberwar With Russia Are Greatly Exaggerated

DIY Volunteers Are Repairing Ukraine’s Destroyed Internet Infrastructure

War Is Calling Crypto’s ‘Neutrality’ Into Question

Ransomware Payments, Demands Rose Dramatically in 2021

This is how much the average Conti hacking group member earns a month

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22

Pandemic Leaves Firms Scrambling for Cybersecurity Specialists

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PELL_March_2022.m4a
Category:security -- posted at: 6:00am EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: OKTA.m4a
Category:security -- posted at: 6:00am EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP_Season2_Ep6.m4a
Category:security -- posted at: 6:00am EDT

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

Where can I find Carrie Randolph?

twitter.com/karn3ia

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Episode Links:

wordle-ad-trackers-privacy-new-york-times

ukrainian-government-and-banks-hit-by-new-wave-of-cyberattacks

/ukraine-defense-ministry-ddos-russia-conflict-de-escalation

the-fog-of-information-war-looms-large-over-the-ukraine

threat-intelligence/new-york-opens-joint-security-operations-center-in-nyc

dhs-creates-cyber-safety-review-board-log4j-fbi-nsa

google-account-hacks-dropped-half-two-step-authentication

Vishing Makes Phishing Campaigns Three-Times More Successful

pentagon-says-nintendo-generation-has-weak-skeletons

Direct download: PELL_FEB_2022.25.m4a
Category:security -- posted at: 5:21pm EDT

Modders are selling "Silent AirTags" on Etsy and eBay

Carjackers are using Apple AirTags to track high-end vehicles to steal them later

BBC: Apple AirTags - 'A perfect tool for stalking'

Most asked questions about AirTags

 

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

https://twitter.com/sweaney      

https://twitter.com/darth_kevin     

https://twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: Seasson2.Ep5.m4a
Category:general -- posted at: 6:00am EDT

The IRS Drops Facial Recognition Verification After Uproar
https://www.wired.com/story/irs-drops-facial-recognition-verification/

https://www.bloomberg.com/news/articles/2022-01-28/treasury-weighing-id-me-alternatives-over-privacy-concerns

ODIN - Homeless Management Information System
https://www.vice.com/en/article/wxdp7x/tech-firm-facial-recognition-homeless-people-odin
(This is vice, so take that into consideration...)

Amazon Recognition moratorium to law enforcement
https://www.reuters.com/technology/exclusive-amazon-extends-moratorium-police-use-facial-recognition-software-2021-05-18/

Good outline of privacy concerns with facial recognition technology (FRT)
https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2021/december/facial-recognition-in-the-us-privacy-concerns-and-legal-developments/

Atlanta - Operation Shield – Public and Private cameras accessible to police
https://atlantapolicefoundation.org/programs/operation-shield/

Cities with the most cameras
https://www.comparitech.com/studies/surveillance-studies/the-worlds-most-surveilled-cities/

 

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP02_04.m4a
Category:security -- posted at: 6:00am EDT

Links to today's topics:

Liquor stores stuck with limited stock since Christmas cyber attack against Sask. liquor authority | CBC News

microsoft-warns-disk-wiping-malware-targeting-ukraine

white-house-instructs-agencies-cybersecurity-strategy-memo-cisa

Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

mexican-cartels-recruit-drug-mules-on-grand-theft-auto-online

senate-weighs-bill-to-protect-satellites-from-getting-hacked

florida-considers-deepfake-ban

sweden-launches-psychological-defense-agency-to-counter-disinformation

apple-scrubs-support-pages-all-mentions-controversial-csam image scanning feature

Bored Ape Yacht Club Artist Says Compensation 'Definitely Not Ideal'

Where can you find Tim Medin?

twitter.com/TimMedin

linkedin.com/in/timmedin/

tim@redsiege.com

redsiege.com/discord

Where can you find Jason Wood?

twitter.com/Jason_Wood

linkedin.com/in/tadaka/

tadaka@gmail.com

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PELL_Jan_22_Podcast.m4a
Category:security -- posted at: 12:46am EDT

Episode notes and links:

FTC Log4j Warning

https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability

Federal Trade Commission Act

https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act

FTC Equifax Fines

https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement

Principle of Subsidiarity

https://en.wikipedia.org/wiki/Subsidiarity

Got suggestions, complaints or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:

https://twitter.com/sweaney

https://twitter.com/darth_kevin

https://twitter.com/secureideas

our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP2.3.FTCUltimatum.m4a
Category:security -- posted at: 6:00am EDT

  

Open source developer corrupts widely-used libraries, affecting tons of projects
https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
NPM libraries in question:
https://github.com/Marak/colors.js https://github.com/marak/Faker.js/
Marek's post about no more free work: http://web.archive.org/web/20210704022108/https://github.com/Marak/faker.js/issues/1046
Leftpad issue from 2016 https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

Got suggestions, complaints, or feedback?
Tell us at podcast@secureideas.com or reach out on Twitter:
https://twitter.com/sweaney
https://twitter.com/darth_kevin
https://twitter.com/secureideas
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Direct download: PEP_2022_02_Podcast.m4a
Category:security -- posted at: 6:00am EDT

Jump back into a discussion of current events with Kevin and Nathan after a long break.  Packed with professional perspectives and opinions.  This week we dive a little deeper into Log4j.

Direct download: PEP_2022_01_Final.m4a
Category:security -- posted at: 4:09pm EDT

1