Posts

Episode 110 Show Notes – All Hell Broke Loose

/in /by

Welcome! These are the show notes for episode 110 of the UNSECURITY Podcast.

We’re putting the Information Security @ Home series on hold again this week. In case you didn’t know, it seems we have a big problem on our hands. Over the course of this last week (or so), we’ve witnessed events in our industry that we’ve not seen before, in terms of magnitude and impact. It all started (publicly) with FireEye’s announcement of an intrusion and exfiltration of data. FireEye is one of the largest and most respected firms in our industry, so this was big news!

Unfortunately, this was only the tip of the iceberg.

Over the weekend, we learned of two more really significant breaches; one at the U.S. Treasury Department and the other at the U.S. Commerce Department. On Monday (12/14), all hell sort of broke loose when we learned that these breaches are all related, and the source is SolarWinds. Attackers compromised SolarWinds defenses and inserted malware into their premier product, the Orion platform. Orion is a network management system (NMS) used by thousands of organizations to manage and monitor their IT infrastructure. SolarWinds has become a single source of possible intrusions into ~18,000 other organizations. These intrusions into the other organizations aren’t run of the mill either, these are intrusions using “trusted” software (often) configured with elevated/privileged access. This and will continue to get worse before it gets better.

Seems 2020 isn’t done 2020ing yet. The end of 2020 countdown at the time of this writing:

Other things? Yes, or course!

There are always many, many things going on around here (SecurityStudio and FRSecure). One very newsworthy event included the announcement from the State of North Dakota. North Dakota has made our S2Me (personal information security risk assessment) available for all state residents and will use it to help their citizens be more secure at home! One down, and 49 left to go!

Alright, on to it. Brad’s leading the discussion this week, and these are his notes. GOOD NEWS, we’ve invited our good friend Oscar Minks to join us as we delve in to the whole SolarWinds debacle.

SHOW NOTES – Episode 110

Date: Tuesday December 15th, 2020

Episode 109 Topics

Opening

[Brad] Hey there! Thank you for tuning in to this episode the UNSECURITY Podcast. This is episode 110, the date is December 15th, 2020, and I’m your host, Brad Nigh. Joining me as usual is my good friend and co-worker, Evan Francen. Good morning Evan.

[Evan] Cue Evan.

[Brad] Also joining us this morning is another good friend and co-worker, Oscar Minks. Good morning Oscar.

[Oscar] Cue Oscar.

Quick Catchup

[Brad] As if 4th quarter wasn’t crazy enough we had the SolarWinds news break this week.  Before we dig into that let’s catch up and see how we are all doing with just over 2 weeks left in the year. What’s new?

Transition

Information Security @ Home
All Hell Broke Loose

[Brad] Well, we planned to do more security at home stuff, but as I said a couple weeks ago, 2020 won’t stop 2020’ing.

Topics

  • SolarWinds breach (only the beginning)
  • The timeline (FireEye announcement)
  • FireEye, U.S. Government, (possibly) 425 of the Fortune 500, and (probably) 18,000 organizations.
  • What happened?
  • What are the ramifications of all this?
  • What do you need to do?
  • What do we need to do?

Discussion between Brad, Evan, and Oscar

[Brad] 2020 is not going quietly into the night, is it? Alright, moving on for now.

News

[Brad] Amazingly SolarWinds wasn’t the only news in the last week. We probably won’t have time to get to all of these but they are good reads and good to stay on top of.

Wrapping Up – Shout outs

[Brad] That’s it for episode 110. Thank you Evan and Oscar! Who you got a shoutout for today?

[Evan & Oscar] We’ll see.

[Brad] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m@BradNigh and Evan can be found @evanfrancen.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

Episode 109 Show Notes – Information Security @ Home

/in /by

This is Episode 109, and we’re continuing our Information Security @ Home series.

We’re smack dab in the middle of the holiday season. Lots of people are going to receive neat, new electronic gadgets as Christmas gifts. Who doesn’t like cool new gadgets?! Your refrigerator can order milk before you’re out of milk, your dishwasher can send you messages when the dishes are done, your television can remind you it’s time to veg out on the couch for the latest episode of The Undoing, and your doorbell can show you who’s at the door while you’re away. We LOVE gadgets! (even if they end up killing us)

But wait! What about information security? What about privacy? What about safety?

Herein lies some problems. Problems that we (infosec folks) want to help you avoid.

Information security is an afterthought, if it’s ever a thought at all! We continue to connect more devices, install more apps, and stream more things. Home networks become more complex, and most people don’t even know what they’re trying to protect. This is your home network, and it’s your responsibility to use it responsibly. Nobody cares about the protection of you and your family more than you. It’s time to step up and learn some basics before this gets any more out of hand. (it’s already out of hand, but it’s not too late)

So…

In case you didn’t know, we’re less than 16 days from Christmas!

…and less than 23 days left in 2020!

I’m not sure what I’m more excited for at this point, Christmas or 2021. 2020 can suck it. Well, I guess it already has. Here’s to an awesome end to an ______ year!

I’ll (Evan) be leading the discussion this week, and these are my notes.

SHOW NOTES – Episode 109

Date: Wednesday December 9th, 2020

Episode 109 Topics

  • Opening
  • Catching Up
  • Information Security @ Home
    • Picking up where we left off in episode 108
    • Demonstration – The router/firewall
      • Finding your router.
      • Logging into your router.
      • Changing the default password.
      • Poking around a little bit.
    • What’s on your network anyway? You can’t possibly protect the things you don’t know you have.
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey oh! Welcome to episode 109 of the UNSECURITY Podcast. We’re glad you’ve joined us. The date is December 9th, 2020 and I’m your host Evan Francen. Joining me is my pal and co-worker, Brad Nigh. Good morning Brad!

[Brad] Cue Brad.

[Evan] It’s nice to come up for air this morning, and it’s nice to hang out with you man. How you doing?

Quick Catchup

It’s 4th quarter, I’m now a week and a half behind and it’s only getting busier. Hopefully Evan is in a better mood than episode 106.

We’ll discuss a thing or two…

Topics:

Transition

Information Security @ Home

[Evan] Last week, we got into some of the important things we should be doing at home. When I say “we” I mean everybody, security people and non-security people alike. We mentioned that step #1 should be to change the default password on your home router. We talked about it, gave some advice, and pointed people in the right direction. Today, I’d like for you and I to demonstrate how to change a router password and talk about it while we’re doing it. After this, we’ll poke around a little inside the router’s configuration. Once we’re done with that, we can move on to the next task; finding out what’s on your network.

Sound good?

[Brad] Cue Brad.

Begin discussion

Information Security @ Home Discussion

  • Picking up where we left off in episode 108
  • Demonstration – The router/firewall
    • Finding your router.
    • Logging into your router.
    • Changing the default password.
    • Poking around a little bit.
  • What’s on your network anyway?
    • Why is this important?
    • What you should do next…

Transition

[Evan] Alright. Good stuff. Hopefully our listeners learned a thing or two. For those who already knew this stuff, hopefully they’ll share with others.

That’s that. On to some news…

News

[Evan] Crazy stuff going on in this industry. What’s new? Well, here’s a few things that caught our eye this week:

[Evan] That’s a lot of news for one day, and that’s only the tip of the iceberg.

Wrapping Up – Shout outs

[Evan] That’s it for episode 109. Thank you to all our listeners. We dig you. Also, thank you Brad! Who you got a shoutout for today?

[Brad] We’ll see.

[Evan] Next week, we’ll continue the Information Security @ Home discussion. We’ll dig in a little more on identifying system on your home network and talk about patching. In the meantime, send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and this other guy is on Twitter at @BradNigh. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!