UNSECURITY Episode 124 Show Notes

Spring has sprung!

The first day of Spring was Saturday, March 20th. If you’re from Minnesota like Brad and I are, you’re happy about this. Speaking of Brad, he’s back this week!

Let’s get right to it, show notes for episode 124 of the UNSECURITY Podcast…

---

SHOW NOTES – Episode 124 – Tuesday March 23rd, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 124, and the date is March 23rd, 2021. Back from taking a couple weeks off from the show is my good friend and co-host Brad Nigh. Welcome back Brad!

We’ve got a good show planned for you today. Let’s talk passwords! Yay, right?!

Let’s try to tackle as many common questions about passwords as we can in one show!

Passwords

• Why do we need passwords?
  • The basics of identity and authentication.
  • A password is proof.
• What happens when a password is compromised?
• How are passwords compromised?
  • Caused by you.
    • Disclosed.
    • Weak.
  • Caused by them (someone you shared it with).
• What’s the risk is a password is compromised?
  • How do we protect against password disclosure?
  • How do we protect against weak passwords?
  • How do we protect against someone else disclosing a password?
• @SecurityStudio, we just finished a new password strength/score algorithm.
  • Eighteen rules with weights applied according to risk.
  • Length, numbers(only), lowercase(only), uppercase(only), letters(only), letters & numbers(only), known compromise(s), dictionary, dictionary w/simple obfuscation, 80%+ dictionary, 80%+ dictionary w/simple obfuscation, 60%+ dictionary, 60%+ dictionary w/simple obfuscation, doubleword, common numeric sequences, words & numbers appended, and personally common/known things.
• The average person has how many passwords?
  • How many passwords do you have?
  • How many passwords to Brad and I have?
• Are passwords secure?
• Are we stuck with passwords forever?
• What do we do to protect our passwords?
• Does anyone like passwords?

Other Things

• The latest registration count for the FRSecure CISSP Mentor Program was 4,701 as of yesterday (3/22) morning!
  • The 2021 program kicks off in 20 days.
  • Will we top 5,000 registrations?!
  • What do we like best about the program?
• New features for S2
  • Nested entities within S2Org.
  • S2Me Instant Score (coming soon).
  • S2PCI (coming next month).
• What else?

News

Three interesting news articles this week:

• Computer giant Acer hit by $50 million ransomware attack – https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

(PSST… Want a good list of APT groups and their operations?! – https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#)

• Critical Security Bugs Fixed in Virtual Learning Software – https://threatpost.com/security-bugs-virtual-learning-software/164953/
• Three billion spoofed emails sent each day – https://betanews.com/2021/03/22/three-billion-spoofed-emails-daily/

Wrapping Up – Shout Outs

Good talk. Thank you Brad, and thank you listeners!

• Who’s getting shout outs this week?
• Closing – Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!

…and we’re done.