Another week in the books (almost). Speaking of books, I’m working on one with two more in the works. So much writing to do, and not enough time! I’m sure that lack of time is not a problem that’s unique to me. Time is precious, and nobody’s got enough of it.
In case you missed it, this week was “Hacker Summer Camp” in Las Vegas. Thousands of information security people descended upon Sin City this week for Black Hat, BSides Las Vegas, and DEF CON. These are three of the best known and well-attended conferences in our industry. David (aka “System Overlord”) writes a good summary, you can read it here.
Instead of going to Hacker Summer Camp, I took this week to get away. A few people were surprised that I wasn’t going, but to be honest, it’s not really my jam. It’s too much noise, too much BS, too much drinking, and too flashy for me. Maybe it’s just a different stage of life for me now. Some people thrive on being where the action is; I’m just not one of them. To each his/her own.
We sent 10 people from FRSecure, people with more self-control.
While Black Hat was kicking off, I took off to Duluth, MN and the North Shore for a few days. Did some catch-up work and some writing. It was good soul time.
Alright back to the grind. In the office this morning, putting together episode 40’s show notes, and getting face time with some of my favorite people. Hopefully, you enjoyed last week’s show, with the return of “Ben”. As I write this, Ben is neck deep with FRSecure’s Team Ambush competing (and winning?) in their DEF CON CTF.
This week, Brad’s back!
On to the show notes…
SHOW NOTES – Episode 40
Date: Monday, August 12th, 2019
Today’s Topics:
Our topics this week:
- Catching up; Brad’s Back
- More Incident Response(s)
- Hacks & Hops
- warl0ck gam3z
- Industry News
[Brad] – Welcome to episode 40 of the UNSECURITY Podcast! My name is Brad Nigh, and I’m your host this week. I’ve had a couple of weeks off from the podcast, but it’s good to be back! Joining me as co-host this week is Evan Francen. Hi Evan.
[Evan] Hi Brad. Welcome back!
Catching up (a little)
[Brad] So, jumping right back into things this week. We received a couple of interesting incident response calls. I’d like to talk about them, how we handle them, and then we’ll segue into Hacks & Hops and a great tip/question we received from one of our listeners this week.
[Evan] Sounds good. Let’s do it.
Incident response discussion
Discuss real security incidents that we’re working on/investigating.
[Brad] Incident response is the theme for our next Hacks & Hops event coming up next month at US Bank Stadium.
[Evan] Yep. We’ve got an amazing event planned with an all-star panel.
[Brad] Who’s on the panel? Tell me about them.
[Evan] We have three panelists joining us, and I’ll be moderating. All three panelists are people that I have deep respect for; Jadee Hanson, Mark Lanterman, and Chris Roberts.
- Jadee is the CISO at Code42, and she’s done an amazing job building a world-class security team. She’ll bring the perspective of an expert security leader. Jadee’s bio is here.
- Mark is the CTO at Computer Forensic Services. He’s one of the best incident investigators I know, and he’s got some amazing stories to share. He’ll bring the perspective of an expert security investigator. Mark’s bio is here.
- Chris is Chris. Two things I like most about Chris is his truth and his style. He scares most people by telling them the truth, he’s got some incredible stories, and he’s blunt. Chris will bring the perspective of a hacker. Chris’ bio is here.
All in all, this is an incredible panel. I’m pumped!
Hacks & Hops discussion
[Brad] Since we’re on the topic of incident response, let’s address a question that came in from one of our listeners this week. This is from Jeff. Jeff asks:
Incident Response – what is minutia and what is a real incident? It seems contradictory to say that some companies may not use their IR plan in a year – and to also say that every suspected attack, malware, scan, etc. is an incident.
Let’s tackle this quick.
[Brad] Alright, moving on. Last week was “Hacker Summer Camp” in Vegas. Neither you nor I went this year, mainly because of workloads and other priorities. We did send ten (10) people from FRSecure though, and eight of them belong to a group that calls themselves “Team Ambush”. These guys competed in the warl0ck gam3z CTF at DEF CON. Two years ago, they took 3rd place. Last year, they took 2nd place. This year they claimed that they were all in!
How’d they do.
Discuss warl0ck gam3z and Team Ambush
[Brad] OK. I’ve only got one news item to discuss this week. I think one is enough because of it’s significance. Let’s talk about the security incident(s) at AT&T that were announced recently.
Sources:
- AT&T workers took $1 million in bribes to unlock 2 million phones, DOJ says
- Man Accused Of Bribing AT&T Employees In Conspiracy To Unlock Millions Of Phones
- AT&T Insiders Bribed With Over $1 Million To Unlock 2 Million Phones And Hack Their Employer, DOJ Claims
Closing
[Brad] – There you go, that’s how it is. It’s great to be back. Thank you Evan, and a special thank you to our listeners. We’re sort of blown away by the number of people who listen to our podcast each week, and we love getting your feedback. Please keep it coming. You can reach the us on the show by email at unsecurity@protonmail.com.
If you’d like to be a guest on the show or if you want to nominate someone to be a guest, send us that information too.
As always, you can find me and Evan on Twitter. I’m @BradNigh and Evan’s at @evanfrancen. Talk to you all again next week!
