If you reading this, I hope you and your loved ones are well! From what I read, we have another few tough weeks ahead of us in the U.S. before (maybe) we turn the corner a little. Keep up the good work by staying at home and/or maintaining your distance from others. Now is NOT the time to let up.
If you missed last week’s show notes or episode 73 of the UNSECURITY Podcast, we had a great time taking with our special guest, Oscar Minks. Oscar leads FRSecure’s Technical Services Team, and he shared some great insight into their current incident response activities.
Episode 74 Topics
Topics for this episode of the UNSECURITY Podcast include:
- Opening
- Special Guest – Jim Nash
- Assistant Minority Leader, Minnesota House of Representatives
- Information Security Evangelist at FRSecure
- Catching Up
- Another week at home.
- What’s new?
- COVID-19 Talk With Jim Nash
- What’s going on in MN state government
- What’s he hearing from other states
- How he’s helping our community and tips for listeners
- Opinion about impact on information security
- Web Conferencing Craziness (mostly Zoom)
- The Rise
- The Bug
- Zoombombing
- Other Stuff
- Overreaction
- Benefactors
- Logic and Reason
- Work From Home – S2Me
- NASCIO – COVID-19 Response Resources for State IT
- Safety and Cybersecurity at Home 101 Webinar Series
- Version Two
- Other News
- The Daily inSANITY Check-in
- FRSecure CISSP Mentor Program
- Wrapping Up – Shout outs
You can find the full show notes later in this post.
Thoughts
It’s good to get things off your chest from time to time, and it doesn’t matter if anyone else reads what you write. If you are reading this, I hope you get some value from it.
Good News
It’s been hard the last few weeks to find good news. Seems like everywhere I look, there’s bad news. Most of the time is related to Covid-19, but now always. The bad news can come from another breach, vulnerabilities in some application (this week it was Zoom), or any number of things.
If you want to find good news, you have to be intentional about it.
Here’s some good news sources/stories:
- The Good News Network – https://www.goodnewsnetwork.org/. This website has been bookmarked in my browser ever since the start of the Covid-19 pandemic.
- New Jersey Teens Take Matters into Their Own Hands to Help First Responders and Small Businesses Amidst COVID-19 Crisis – https://www.goodnewsnetwork.org/new-jersey-teens-help-first-responders-and-small-businesses-amid-covid-19-crisis/
- Irish Researchers Have Developed Hospital Robot That Uses UV Light to Kill Viruses, Bacteria, and Germs – https://www.goodnewsnetwork.org/hospital-robot-uses-uv-light-to-kill-viruses-and-germs/
- Online Conference April 14-16 Using Covid-19 Crisis to Fix the World – https://www.goodnewsnetwork.org/online-conference-april-14-16-using-covid-19-crisis-to-fix-the-world/
- Fed’s Bullard says there is ‘good news’ for those worried about the economy’s future: that universal COVID-19 testing will help restore economic health – https://www.marketwatch.com/story/feds-bullard-says-there-is-good-news-for-those-worried-about-the-economys-future-that-universal-covid-19-testing-will-help-restore-economic-health-2020-04-05
- Some GOOD NEWS in our community, and we want to see more ( bookmark-worthy page) – https://www.rep-am.com/local/localnews/2020/04/05/some-good-news-in-our-community-and-we-want-to-see-more/
- Some glimmers of good news amid the misery – https://www.sentinelandenterprise.com/2020/04/05/sunday-notebook-29/
- The Office’s John Krasinski launched a YouTube channel dedicated to good news – https://www.theverge.com/2020/3/30/21200161/john-krasinski-youtube-some-good-news-office-steve-carell-michael-scott-coronavirus
See? There are lots of good things happening around the world. Look for them and be encouraged.
Struggling
In the middle of all that’s going on, there are many people struggling. I may be OK and you might be OK too, but the number of people who aren’t OK has grown fast and continues to increase every day. People are losing their businesses, losing their jobs, and losing their minds.
For people who have lost their business, it may feel like you’ve lost your dream. You haven’t! The dream is still alive, it’s just deferred. It’s paused. You may have to start over, or maybe not. The point is to NOT give up. Starting over gives you a chance to do it better this time, using all that you’ve learned from the last time.
For people who have lost their jobs, you might be worried about bills or even where your next meal comes from. When you’re in the middle of the crap, it’s hard to see the other side. Missing payments can be stressful, but it’s not the end of the world. Do what you can to survive this (and you WILL survive this) and try to focus on what you will do or be on the other side. Plan now for what’s to come.
Personal Story
When we started FRSecure in 2008, the U.S. was in the middle of a recession. I thought we could power through it, and succeed despite the odds. I was wrong. We couldn’t find customers, and within a year, it became evident that we wouldn’t be able to pay our bills, including our house payment. I could have given up on the dream of my business and entered the job market again, or I could believe that things would get better. 11-12 years later and FRSecure is a very healthy company, employing more than 70 people and serving more than 1,000 customers. Foreclosure with a wife and five kids was very hard, but we didn’t give up.
Mental Health
For people who have or feel like they’ve lost their minds, please get help. Maintaining mental health during times of crisis can be extremely difficult. It’s OK to not be OK, but it’s not OK to let it rule you. There are many people who care about you and want you to let them help. This is the truth! The most common lie (I think) is believing that you’re not worthy and nobody cares. That’s the lie. Believe and follow the truth, here are some people who care (100%):
- National Suicide Prevention Lifeline (1-800-273-8255)
- Crisis Text Line – Text “HELLO” to 741741
- Veterans Crisis Line – Call 1-800-273-TALK (8255) and press 1 or text to 838255
- Support on Social Media – https://suicidepreventionlifeline.org/help-someone-else/safety-and-support-on-social-media/
- National Institute of Mental Health (NIMH) – https://www.nimh.nih.gov/index.shtml
- MentalHealth.gov – https://www.mentalhealth.gov/
- Mental Health Hackers – https://www.mentalhealthhackers.org/ and on Twitter (https://twitter.com/HackersHealth)
Remember, there is hope and there is help! This is the truth, and you have to believe it.
Social Media Stuff
It dawned on me that we have a lot going on, and we share a lot of it on social media. Here’s the list of social media accounts for us:
- FRSecure:
- SecurityStudio
- Daily inSANITY Checkin
- Registration (NOTE: You only register once to access all future checkins)
- Me (Evan Francen)
- Brad Nigh
Those are some thoughts right now. Let’s get to the show notes!
SHOW NOTES – Episode 74
Date: Monday, April 6th, 2020
Show Topics:
- Opening
- Special Guest – Jim Nash
- Assistant Minority Leader, Minnesota House of Representatives
- Information Security Evangelist at FRSecure
- Catching Up
- Another week at home.
- What’s new?
- COVID-19 Talk With Jim Nash
- What’s going on in MN state government
- What’s he hearing from other states
- How he’s helping our community and tips for listeners
- Opinion about impact on information security
- Web Conferencing Craziness (mostly Zoom)
- The Rise
- The Bug
- Zoombombing
- Other Stuff
- Overreaction
- Benefactors
- Logic and Reason
- Work From Home – S2Me
- NASCIO – COVID-19 Response Resources for State IT
- Safety and Cybersecurity at Home 101 Webinar Series
- Version Two
- Other News
- The Daily inSANITY Check-in
- FRSecure CISSP Mentor Program
- Wrapping Up – Shout outs
Opening
[Evan] Good morning everyone! This is the 74th episode of the UNSECURITY Podcast. The date is April 6th, 2020 and I’m Evan Francen. Joining me is my co-host Brad Nigh along with our special guest Jim Nash.
Good morning Brad.
[Brad] He’ll say what he wants.
[Evan] Welcome to the show again Jim and good morning!
[Jim] He’ll also say what he wants.
[Evan] Jim, do you remember the last time you were on the show? How long ago was that?
[Jim] Still saying what he wants.
[Evan] It’s customary now that we start the show by catching up a bit with each other.
Catching Up
Discussion between Evan, Brad, and Jim.
[Evan] Alright! We invited Jim to be on the show again for a couple reasons. #1 – We like him and #2 – We want to get his perspectives on COVID-19. He’s certainly got some unique things to share.
COVID-19 Talk With Jim Nash
- What’s going on in MN state government?
- What’s he hearing from other states?
- How he’s helping our community and tips for listeners?
- Supporting the community and small business.
- Where can we find his videos, pictures, and updates?
- Opinion about impact on information security
[Evan] For those who don’t know, Jim is my state representative. He represents the district in which I live and I couldn’t be prouder of the way he represents me!
OK, last week, news about Zoom was all the rage it seemed. There’s plenty of fear, misinformation and confusion about the web conferencing solution. I think our listeners could benefit from some straight talk about the issues.
I put together a series of stories and organized them into subtopics. It’ll be cool to get you guys’ perspective.
Web Conferencing Craziness (mostly Zoom) DIscussion
- The Rise
- Zoom’s massive ‘overnight success’ actually took nine years – https://www.cnn.com/2020/03/27/tech/zoom-app-coronavirus/index.html
- How Zoom became so popular during social distancing – https://www.cnbc.com/2020/04/03/how-zoom-rose-to-the-top-during-the-coronavirus-pandemic.html
- The Bug
- Ex-NSA hacker drops new zero-day doom for Zoom – https://www.cnn.com/2020/03/27/tech/zoom-app-coronavirus/index.html
- Zoom quickly fixes ‘malware-like’ macOS installer with new update – https://www.theverge.com/2020/4/2/21204648/zoom-macos-installer-update-privacy-security-concerns
- Zoombombing
- Senate committee Zoom hearing derailed by porn hacker – https://vtdigger.org/2020/04/02/senate-committee-zoom-hearing-derailed-by-porn-hacker/
- Bored teens Zoom-bomb the Windsor Town Council – https://www.pressdemocrat.com/news/10871288-181/chris-smith-bored-teens-zoom-bomb
- Zoom call with Utah elementary students hacked with pornography – https://kutv.com/news/local/zoom-call-with-utah-elementary-students-hacked-with-pornography
- FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic – https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
- Other
- Zoom Admits Some Calls Were ‘Mistakenly’ Routed Through China – https://finance.yahoo.com/news/zoom-admits-calls-were-mistakenly-123356776.html
- Zoom’s Big Security Problems, Summarized – https://www.forbes.com/sites/marleycoyne/2020/04/03/zooms-big-security-problems-summarized/#619f2bd46410
- Overreaction
- Maybe we shouldn’t use Zoom after all – https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/
- New York City schools won’t be using Zoom anymore because of security concerns – https://www.cnn.com/2020/04/04/us/nyc-schools-zoom-online-security/index.html
- Zoom ‘unsuitable’ for government secrets, researchers say – https://www.bbc.com/news/technology-52152025
- Senator Asks FTC To Investigate Zoom’s ‘Deceptive’ Security Claims – https://www.npr.org/2020/04/03/826968159/senator-zoom-deceived-users-over-its-security-claims
- Benefactors
- Facebook Wants to Take a Bite Out of Zoom Video’s Growth – https://www.fool.com/investing/2020/04/03/facebook-wants-to-take-a-bite-out-of-zoom-videos-g.aspx
- Zoom Is Getting New Competition, as RingCentral Jumps Into Video Chat – https://www.barrons.com/articles/zoom-gets-a-new-rival-in-video-chat-as-ringcentral-announces-new-offering-51585833027
- Is Cisco a Safer “Remote Work” Play than Zoom Video for the Coronavirus Crisis? – https://www.fool.com/investing/2020/04/03/is-cisco-safer-remote-work-play-zoom-video.aspx
- Forget Zoom: Skype unveils free ‘Meet Now’ video calls – https://www.tomsguide.com/news/forget-zoom-free-skype-meet-now-works-without-signups-or-installs
- Logic and Reason
-
- Zoom isn’t Malware. – https://medium.com/@0xamit/zoom-isnt-malware-ae01618e2046
- Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities – https://blog.rapid7.com/2020/04/02/dispelling-zoom-bugbears-what-you-need-to-know-about-the-latest-zoom-vulnerabilities/
- How to Keep Your Zoom Chats Private and Secure – https://www.wired.com/story/keep-zoom-chats-private-secure/
[Evan] Crazy. The plot is thick surrounding Zoom, isn’t it. The noise is loud and it’s hard to find the truth in all of it.
Let’s switch gears now and talk about something else that’s related. There is no shortage of articles and guidance for working from home. We built a simple assessment in the beginning of 2019, before all hype surrounding the pandemic. The simple assessment is known as S2Me, and it’s importance is higher than it’s ever been.
Work From Home – S2Me
Discussion about S2Me, including:
- Why we built it.
- NASCIO – COVID-19 Response Resources for State IT – https://www.nascio.org/covid19resources/
- Safety and Cybersecurity at Home 101 Webinar Series – https://securitystudio.zoom.us/webinar/register/WN_EOcDUDAIQHSthpZdLOCn0Q
- Version Two
[Evan] There you go. S2Me is free and always will be free. Either of you guys feel comfortable sharing your personal S2Score?
Other News
[Evan] We had so many things to talk about this week. We’re going to skip other news stories again. Two quick things to tell you about though, before we go.
- The Daily inSANITY Check-in
- Still going strong.
- Everyone is invited all the time!
- FRSecure CISSP Mentor Program
- Latest registration count is 1,100+, right?!
- Registration is still open – https://frsecure.com/cissp-mentor-program/
Wrapping Up – Shout outs
[Evan] Well, that’s it for this week. Plenty going on and lots to do. Either of you guys have any shout outs?
Thank you for listening. We’re a couple of guys who really care about you. We’re hoping you all stay healthy and sane! We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @evanfrancen, and this other guy is @BradNigh. Jim, you’re all over the place. Want to share some places where people can interact with you online?
Jim, thank you for coming on and sharing with us today!
That’s it. Talk to you all again next week!