Posts

The UNSECURITY Podcast – Episode 62 Show Notes – Iran and Stuff

Still in Cancun for another week (Evan). I know, poor me.

One thing is certain. It doesn’t matter what I’m doing or what you’re doing, the world doesn’t pause and wait for you. Attackers still attack and defenders still defend. Some of us are thriving and others of us are just struggling to survive.

So, the big worldwide news this past week was the U.S. spat with Iran. It was immediately politicized, as we would expect, but what does it mean to you, me, and the world of information security? Let’s talk about this.

A few of you took me up on my offer last week for a free copy of UNSECURITY. Your books are being sent soon.

If you haven’t read my first book, I invite you to. You can either purchase it, or if you’re with us on our mission to fix the brokenness in our industry, contact me (Twitter, LinkedIn, email, etc.) and tell me so. I’ll send you a free signed copy! P.S. I’m not publicizing this everywhere, so let’s see if your paying attention.

I’m supposed to be leading the show this week, but I’m still out of the office. Brad and Ryan should be in studio for this episode, and I’ll call in again.

These are my notes (Evan).


SHOW NOTES – Episode 62

Date: Monday, January 13th, 2020

Show Topics:

Our topics this week:

  • Opening – Catching up
  • U.S. and Iran
    • What does it mean for information security?
    • What does it mean for you and me?
    • Avoiding collateral damage
  •  News
    • Is Microsoft sharing Skype and Cortana audio with the Chinese?
    • Security tips for college students
    • Amazon Ring employees caught snooping
  • Contact Us – featuring people looking for jobs in information security
Opening

[Brad] Hey UNSECURITY Podcast listeners! This is episode 62 and the date is January 13th, 2020. I’m Brad Nigh, your host for today’s show. Joining me in studio is Ryan Cloutier and by phone is Evan Francen. Hi guys.

[Ryan & Evan] We’re welcoming fellas, so we’ll say “hi” or something here.

[Brad] Let’s catch up quick. How was your week and what’s going?

Catching Up Discussion

Who’s doing what?

  • Ryan’s first week at SecurityStudio.
    • What was it like?
    • Anything newsworthy or exciting?
  • Brad’s crazy week.
    • Most weeks are crazy. What was craziest?
    • What are you excited about?
  • Evan in Cancun.
    • Chillin’ or workin’?
    • How’s the book coming along?

[Brad] Cool. Good things last week and coming up this week.

Switching gears a bit. I want to discuss a topic that’s on many people’s minds; the conflict between the United States and Iran, and what effect it has on our daily information security/cybersecurity lives.

U.S., Iran, and Information Security Discussion

Very significant events have taken place over the past few weeks. Events that impact our world as we know it; politically, economically, and from an information security (or cybersecurity) perspective. Let’s stay out of the politics as much as we can and leave the economic discussion to the economics experts.

What I’d like to discuss is how these current events affect us with respect to information security. We should all be concerned about how these things affect our ability to protect ourselves, our families, our schools, our workplaces, and our local governments.

First a little background on the current events:

  • December 27th, 2019 – The K-1 Air Base in Iraq was attacked killing an American civilian contractor, injuring four U.S. service members and injuring two Iraqi security forces personnel. The U.S. blamed Iranian-backed militia for the attack.
  • December 29th, 2019 – The United States attacked five Hezbollah positions in Iraq and Syria resulting is an at least 25 killed militia members and another 55 wounded.
  • December 31st, 2019 – January 1st, 2020 – Hezbollah militiamen, their supporters and sympathizers attacked the U.S. embassy in the Green Zone of Baghdad. The United States blamed Iran and its non-state allies for orchestrating the attack. No deaths or serious injuries occurred during the attack and protesters never breached the main compound.
  • January 3rd, 2020 – A targeted U.S. drone strike killed the commander of the Islamic Revolutionary Guard Corps (IRGC) Quds Force, Qasem Soleimani. Soleimani was considered to be the second most powerful person in Iran.
  • January 8th, 2020 – The Iranian military launched numerous ballistic missiles at two airbases in Iraq. there were neither American nor Iraqi casualties. Hours after the initial Iranian missile attacks, a Boeing 737-800 (Ukrainian International Airlines Flight 752) crashed shortly after takeoff from Tehran Imam Khomeini International Airport, killing all 176 passengers on board. Iran initially claimed the cause of the crash was mechanical failure.
  • January 11th, 2020 – A video showing the moment Flight 752  was hit by an Iranian missile was published by The New York Times. The Iranian government was forced to admit that it “inadvertently” shot the plane out of the sky. A wave of anti-government protests have now emerged across Iran.

Phew! These are only the latest events in decades of conflict between the two nations.

So, back to the point of our discussion. I’d like us to share our opinions, and hear the opinions of our listeners this week. You know what they say about opinions, right?

  • What does it mean for information security?
  • What does it mean for you and me?
  • How can we avoid collateral damage?

Some sources of information to guide our discussion:

[Brad] Great discussion and plenty of healthy opinion. I think the same things hold true for us that have always held true:

  1. Focus on what you can do to protect your area of influence (your habits, at home, at work, etc.)
  2. Master the fundamentals. We can’t control what Iran or the United States does, but we can make it a little less likely that we’ll be a victim in all this.
News

Now for some (other) news. Here are three newsy things that caught our attention last week.

Closing

[Brad] OK, that’ll just about do it. Be careful out there.

One last thing before we close this show out. Are you or someone you know looking for a job in information security? If so, we’d love to hear from you and help out where we can. Email us at unsecurity@protonmail.com and we’ll chat.

If you’re the social type, socialize with us on Twitter, I’m @BradNigh, Ryan can be found at @CLOUTIERSEC, and Evan’s in his usual spot, @evanfrancen.

That’s it! Talk to you all again next week!