UNSECURITY Episode 124 Show Notes
Spring has sprung!
The first day of Spring was Saturday, March 20th. If you’re from Minnesota like Brad and I are, you’re happy about this. Speaking of Brad, he’s back this week!
Let’s get right to it, show notes for episode 124 of the UNSECURITY Podcast…
SHOW NOTES – Episode 124 – Tuesday March 23rd, 2021
[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 124, and the date is March 23rd, 2021. Back from taking a couple weeks off from the show is my good friend and co-host Brad Nigh. Welcome back Brad!
We’ve got a good show planned for you today. Let’s talk passwords! Yay, right?!
Let’s try to tackle as many common questions about passwords as we can in one show!
- Why do we need passwords?
- The basics of identity and authentication.
- A password is proof.
- What happens when a password is compromised?
- How are passwords compromised?
- Caused by you.
- Caused by them (someone you shared it with).
- Caused by you.
- What’s the risk is a password is compromised?
- How do we protect against password disclosure?
- How do we protect against weak passwords?
- How do we protect against someone else disclosing a password?
- @SecurityStudio, we just finished a new password strength/score algorithm.
- Eighteen rules with weights applied according to risk.
- Length, numbers(only), lowercase(only), uppercase(only), letters(only), letters & numbers(only), known compromise(s), dictionary, dictionary w/simple obfuscation, 80%+ dictionary, 80%+ dictionary w/simple obfuscation, 60%+ dictionary, 60%+ dictionary w/simple obfuscation, doubleword, common numeric sequences, words & numbers appended, and personally common/known things.
- The average person has how many passwords?
- How many passwords do you have?
- How many passwords to Brad and I have?
- Are passwords secure?
- Are we stuck with passwords forever?
- What do we do to protect our passwords?
- Does anyone like passwords?
- The latest registration count for the FRSecure CISSP Mentor Program was 4,701 as of yesterday (3/22) morning!
- The 2021 program kicks off in 20 days.
- Will we top 5,000 registrations?!
- What do we like best about the program?
- New features for S2
- Nested entities within S2Org.
- S2Me Instant Score (coming soon).
- S2PCI (coming next month).
- What else?
Three interesting news articles this week:
- Computer giant Acer hit by $50 million ransomware attack – https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/
(PSST… Want a good list of APT groups and their operations?! – https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#)
- Critical Security Bugs Fixed in Virtual Learning Software – https://threatpost.com/security-bugs-virtual-learning-software/164953/
- Three billion spoofed emails sent each day – https://betanews.com/2021/03/22/three-billion-spoofed-emails-daily/
Wrapping Up – Shout Outs
Good talk. Thank you Brad, and thank you listeners!
- Who’s getting shout outs this week?
- Closing – Thank you to all our listeners! Send things to us by email at firstname.lastname@example.org. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!
…and we’re done.