Professionally Evil Perspective (security)

Categories

security
general

Archives

2022
November
October
September
August
July
June
May
April
March
February
January

2018
March

2017
October
July

2014
December
August
July
March
February
January

2013
October
September
August
July
June
May
April
March
February

December 2022
S M T W T F S
     
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Syndication

Today on The Professionally Evil Perspective, join Kevin and Nathan for discussion and questions surrounding identity and it's validation.

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:
@sweaney
@darth_kevin
@secureideas

or find us on Mastadon:
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP02_17.m4a
Category:security -- posted at: 7:25pm EST

Today on The Professionally Evil Perspective, Kevin and Nathan discuss the risk of reputational damage and the long-term impact of a security breach.

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: Reputational_Harm_02_15.m4a
Category:security -- posted at: 8:57am EST

Today on The Professionally Evil Perspective, Kevin and Nathan talk about different paths into Infosec.

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP02_14.m4a
Category:security -- posted at: 10:56pm EST

Today on The Professionally Evil Perspective, Kevin and Nathan discuss the concept of "right to repair", or once you purchase something, should you be allowed to do whatever you want with it, and to it? And a controversy in Denver over a program that caused over 22,000 Xcel Energy customers to lose control of thier thermostats during an "energy emergency".

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP_02_14.m4a
Category:security -- posted at: 12:04am EST

This month we are joined by OpsHelm, Inc. Founding Security Engineer Lee Brotherston and Black Hills Information Security Content and Community Director Jason Blanchard to discuss current security news. From hacking John Deere combines to play Doom to Janet Jackson crashing laptops, this month was especially entertaining. Join us the last Friday of every month to discuss current events with a rotating list of security pros.


Today's Guests:

Lee Brotherston can be found on LinkedIn
Jason Blanchard can be found on Twitter @BanjoCrashland


Links:

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PELL_AUgust_2022.m4a
Category:security -- posted at: 9:21pm EST

This month we are joined by Cybersecurity Strategist Heather Linn and Information Security Pro Giovanni Cofre to discuss current security news. From police being allowed to view private Ring camera footage to the distribution of an abortion-laced business card at a hacker conference, we covered a lot in one hour. Join us the last Friday of every month to discuss current events with a rotating list of security pros.

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:


@sweaney
@darth_kevin
@secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Today's Guests:

Heather Linn can be found here on LinkedIn
Giovanni Cofre can be found on Twitter @GiovanniPatch


Links:

Direct download: PELL_JUly_2022.m4a
Category:security -- posted at: 11:20pm EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@darth_kevin     

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

dhs-announces-new-cybersecurity-requirements-critical-pipeline-owners-and-operators

Direct download: Episode_12.m4a
Category:security -- posted at: 12:01am EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@84d93r

Our June guest @HackerHurricane

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

iOS 16 and macOS Ventura will let users bypass CAPTCHAs on supported apps and websites

Cops Will Be Able to Scan Your Fingerprints With a Phone

Hot Tub Crime Machine: Jacuzzi Smart Tubs Left Personal Info Exposed

After hacking millions of devices, DoJ operation shuts down RSocks botnet

This Hacker Group Forces People to Do Good to Get Their Data Back

Canadian internet outage attributed to beaver

Leaked Audio From 80 Internal TikTok Meetings Shows Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China

Keeping PowerShell: Security Measures to Use and Embrace

https://cybersquirrel1.com/

 

 

 

 

 

 

 

 

 

Direct download: PELL_June_2022.m4a
Category:security -- posted at: 11:56pm EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@darth_kevin     

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

is-lamda-sentient-an-interview

stop-calling-everything-ai-machinelearning-pioneer-says

microsoft-shuts-down-ai-chatbot-after-it-turned-into-racist-nazi

https://replika.com/

Direct download: Season2.Ep11.m4a
Category:security -- posted at: 11:20pm EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

@sweaney      

@darth_kevin     

@secureideas
 

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Links:

Alex Martin Tweet

us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command

cyberattack-ransomware-nuclear-war

general-paul-m-nakasone

Direct download: Season_2_Episode_10.m4a
Category:security -- posted at: 2:15am EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

https://twitter.com/sweaney      

https://twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

This months guests:

Ray Davidson

Luke Crouch

Episode Links:

Clearview AI's Facial Recognition Tool Coming To Apps, Schools

2022 Data Breach Investigation Report (DBIR)

Twitter will pay a $150 million fine over accusations it improperly sold user data

DuckDuckGo Isn’t as Private as You Thought

“Tough to forge” digital driver’s license is… easy to forge

Direct download: PELL_May_2022.m4a
Category:security -- posted at: 7:00am EST

US Prosecutors Won't Charge White Hat Hackers Under New Policy

@JeffStone500

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com

Or reach out on Twitter:   

Nathan Sweaney

Kevin Johnson

Secure Ideas

Join our Professionally Evil Slack Team:

Professionally Evil Slack Team

 

Our real jobs pay for our time to do this,

so if you have opportunities around

penetration testing or risk management,

we'd love the chance to work with you!

 

Direct download: PEP_02_09.m4a
Category:security -- posted at: 11:33pm EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

https://twitter.com/sweaney      

Cory Sabol Twitter

https://twitter.com/kneppjon

Aaron Moss Twitter

https://twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Episode Links:

https://www.zdnet.com/article/bored-ape-yacht-club-instagram-takeover-sees-around-3-million-in-nfts-sail-away/

https://www.zdnet.com/article/hack-dhs-homeland-securitys-first-bug-bounty-turns-up-122-vulnerabilities/

https://infotechlead.com/security/zoom-paid-1-8-mn-under-bug-bounty-program-on-hackerones-platform-72007

https://www.forbes.com/sites/bobzukis/2022/04/18/the-sec-is-about-to-force-cisos-into-americas-boardrooms/?sh=4a318b868a90

https://www.darkreading.com/careers-and-people/-isc-launches-entry-level-cybersecurity-course

https://www.vice.com/en/article/k7w9mv/tmobile-hacked-bought-data-mandiant

https://krebsonsecurity.com/2022/04/raidforums-get-raided-alleged-admin-arrested/

https://www.techspot.com/news/94346-magnetic-media-storage-sees-record-breaking-sales-ransomware.html

Direct download: PELL_April.m4a
Category:security -- posted at: 11:07am EST

A group claims to be fighting Russia in the name of Ukraine using a botnet.  And wants you to join them.  Kevin and Nathan discuss what could possibly go wrong. 

Direct download: PEP_2_8.m4a
Category:security -- posted at: 6:00am EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/RonJonArod

twitter.com/hotdogggitty

twitter.com/secureideas

Episode Links:

FBI Warns Of Preliminary Russian Cyber Activity Against American Companies

White House Says Reports of an American Cyberwar With Russia Are Greatly Exaggerated

DIY Volunteers Are Repairing Ukraine’s Destroyed Internet Infrastructure

War Is Calling Crypto’s ‘Neutrality’ Into Question

Ransomware Payments, Demands Rose Dramatically in 2021

This is how much the average Conti hacking group member earns a month

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22

Pandemic Leaves Firms Scrambling for Cybersecurity Specialists

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PELL_March_2022.m4a
Category:security -- posted at: 6:00am EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: OKTA.m4a
Category:security -- posted at: 6:00am EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP_Season2_Ep6.m4a
Category:security -- posted at: 6:00am EST

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

Where can I find Carrie Randolph?

twitter.com/karn3ia

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

 

Episode Links:

wordle-ad-trackers-privacy-new-york-times

ukrainian-government-and-banks-hit-by-new-wave-of-cyberattacks

/ukraine-defense-ministry-ddos-russia-conflict-de-escalation

the-fog-of-information-war-looms-large-over-the-ukraine

threat-intelligence/new-york-opens-joint-security-operations-center-in-nyc

dhs-creates-cyber-safety-review-board-log4j-fbi-nsa

google-account-hacks-dropped-half-two-step-authentication

Vishing Makes Phishing Campaigns Three-Times More Successful

pentagon-says-nintendo-generation-has-weak-skeletons

Direct download: PELL_FEB_2022.25.m4a
Category:security -- posted at: 5:21pm EST

The IRS Drops Facial Recognition Verification After Uproar
https://www.wired.com/story/irs-drops-facial-recognition-verification/

https://www.bloomberg.com/news/articles/2022-01-28/treasury-weighing-id-me-alternatives-over-privacy-concerns

ODIN - Homeless Management Information System
https://www.vice.com/en/article/wxdp7x/tech-firm-facial-recognition-homeless-people-odin
(This is vice, so take that into consideration...)

Amazon Recognition moratorium to law enforcement
https://www.reuters.com/technology/exclusive-amazon-extends-moratorium-police-use-facial-recognition-software-2021-05-18/

Good outline of privacy concerns with facial recognition technology (FRT)
https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2021/december/facial-recognition-in-the-us-privacy-concerns-and-legal-developments/

Atlanta - Operation Shield – Public and Private cameras accessible to police
https://atlantapolicefoundation.org/programs/operation-shield/

Cities with the most cameras
https://www.comparitech.com/studies/surveillance-studies/the-worlds-most-surveilled-cities/

 

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP02_04.m4a
Category:security -- posted at: 6:00am EST

Links to today's topics:

Liquor stores stuck with limited stock since Christmas cyber attack against Sask. liquor authority | CBC News

microsoft-warns-disk-wiping-malware-targeting-ukraine

white-house-instructs-agencies-cybersecurity-strategy-memo-cisa

Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

mexican-cartels-recruit-drug-mules-on-grand-theft-auto-online

senate-weighs-bill-to-protect-satellites-from-getting-hacked

florida-considers-deepfake-ban

sweden-launches-psychological-defense-agency-to-counter-disinformation

apple-scrubs-support-pages-all-mentions-controversial-csam image scanning feature

Bored Ape Yacht Club Artist Says Compensation 'Definitely Not Ideal'

Where can you find Tim Medin?

twitter.com/TimMedin

linkedin.com/in/timmedin/

tim@redsiege.com

redsiege.com/discord

Where can you find Jason Wood?

twitter.com/Jason_Wood

linkedin.com/in/tadaka/

tadaka@gmail.com

Got suggestions, complaints, or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:       

twitter.com/sweaney      

twitter.com/darth_kevin     

twitter.com/secureideas

Join our Professionally Evil Slack Team at www.professionallyevil.com

 

Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PELL_Jan_22_Podcast.m4a
Category:security -- posted at: 12:46am EST

Episode notes and links:

FTC Log4j Warning

https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability

Federal Trade Commission Act

https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act

FTC Equifax Fines

https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement

Principle of Subsidiarity

https://en.wikipedia.org/wiki/Subsidiarity

Got suggestions, complaints or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:

https://twitter.com/sweaney

https://twitter.com/darth_kevin

https://twitter.com/secureideas

our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP2.3.FTCUltimatum.m4a
Category:security -- posted at: 6:00am EST

  

Open source developer corrupts widely-used libraries, affecting tons of projects
https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
NPM libraries in question:
https://github.com/Marak/colors.js https://github.com/marak/Faker.js/
Marek's post about no more free work: http://web.archive.org/web/20210704022108/https://github.com/Marak/faker.js/issues/1046
Leftpad issue from 2016 https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

Got suggestions, complaints, or feedback?
Tell us at podcast@secureideas.com or reach out on Twitter:
https://twitter.com/sweaney
https://twitter.com/darth_kevin
https://twitter.com/secureideas
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Direct download: PEP_2022_02_Podcast.m4a
Category:security -- posted at: 6:00am EST

Jump back into a discussion of current events with Kevin and Nathan after a long break.  Packed with professional perspectives and opinions.  This week we dive a little deeper into Log4j.

Direct download: PEP_2022_01_Final.m4a
Category:security -- posted at: 4:09pm EST

In this episode, we discuss ethics, TLS 1.3, autonomous cars and replacements for multifactor authentication. We also interview Amanda Berlin and her experience writing the book Defensive Security Handbook: Best Practices for Securing Infrastructure.

Direct download: PEP19.mp3
Category:security -- posted at: 10:39am EST

In this Professionally Evil Podcast PEPisode, we re-launch the podcast.  12 of us hang out and talk about what we are doing and whats coming up.

 

 

Direct download: Podcast_July_12_2017.mp4
Category:security -- posted at: 3:50pm EST

James and Kevin discuss a few of the events this year (breaches and otherwise), the release of Samuari 3.0 and some up-coming events.   

Direct download: PEP15.mp3
Category:security -- posted at: 3:19pm EST

Is the idea of penetration testing evolving or is it staying the same?   What is the goal of a penetration test?  Does it differ by client?   James and Kevin discuss penetration testing and how it is changing. 

When it comes to reporting, what data do you include, how do you represent it, and who is your audience?  These questions and more are discussed.

Direct download: PEP14.mp3
Category:security -- posted at: 4:51pm EST

We are not lawyers but want to make you aware of some of the laws that exist around data breaches.  Sometimes these laws pop up with very little media coverage and you have no idea.  

Direct download: PEP13.mp3
Category:security -- posted at: 3:52pm EST

James and Kevin talk about the new office in Jacksonville, FL.  Some rambling about setting it up and how we like it.   Not so technical.. but exciting for us.

Direct download: PEP12.mp3
Category:security -- posted at: 11:44am EST

James and Kevin discuss the idea of Exploitation and its importance in the testing methodology.  Join them for a witty conversation about one of the favorite phases of the process.

Direct download: PEP_Episode_12.mp3
Category:security -- posted at: 5:32pm EST

Kevin and James discuss not only the issues for Healthcare.gov regarding vulnerabilities, but the real issue of the lack of security being part of the process.  This podcast covers a few different ways to build security in and reduce the risk exposure of your applications. 

Direct download: PEP11.mp3
Category:security -- posted at: 5:37pm EST

James and Kevin discus the discovery aspect of the pentesting methodology as well as ramble about some other topics.   They announce the Samurai Helmet winner and talk about some upcomming events.

Direct download: PEP10.mp3
Category:security -- posted at: 1:46pm EST

In this episode, James, Jason Gillam, Thom and Kevin talk about their experience at DerbyCon 2013 and the experience received at most cons that you attend.   A few talks are discussed and thoughts about the events and cons in general.

Direct download: Pep9.mp3
Category:security -- posted at: 7:41pm EST

James and Kevin discuss all the naming issues seen with vulnerabilities, the release of SamuraiWTF 2.1 and a few other topics.

Direct download: PEP_Episode_8.mp3
Category:security -- posted at: 2:41pm EST

In this episode, James, Kevin and Thom discuss the topic of the mapping phase of penetration testing.  The tool of the episode is Dirbuster, with a mention of Yokoso!.

Direct download: Pep7.mp3
Category:security -- posted at: 10:04pm EST

Kevin Johnson and James Jardine kick off the topic of attacking the web by looking at what web penetration testing is and what both sides of the test need to think about.  They discuss the need for the client to understand why they are testing, and what they are testing.  It then moves into discussing scoping techniques and some common gotchas.  A quick discussion on testing methodology, and then a quick segment on SQLMap and how it works. 

Direct download: PEP_Episode_5.mp3
Category:security -- posted at: 9:24am EST

In this episode, James, Kevin and Nathan discuss the topic of Mobile testing.  They start of discussing the need for a lab environment and some of the hardware recommended.  They then discuss capturing network traffic with wireshark, http traffic with Burp, and the many benefits of the OWASP MobiSec project.

Direct download: PEP_Episode_4.mp3
Category:security -- posted at: 7:46pm EST

In this Episode, Kevin, James and Jason discuss implications of using default or weak credentials on systems and applications.  In addition, they discuss some other mis-configurations regarding HTTP Methods and Web Server file accessibility (web.xml).

Direct download: PEP_Episode_3.mp3
Category:security -- posted at: 3:19pm EST

In this podcast, James Jardine and Kevin Johnson discuss topics ranging from passwords to RSA to breaches.  We also release the new jingle as requested by @ChrisJohnRiley!

Direct download: PEP_Episode_2.mp3
Category:security -- posted at: 2:28pm EST

In this episode, Kevin Johnson and James Jardine talk about a number of different flaws that many penetration testers and application developers miss.  They talk about how username harvesting and password resets can cause issues.  They also discuss the exposure that APIs and web services bring to applications.

Direct download: PEP_Episode_1.mp3
Category:security -- posted at: 3:21pm EST

1