00:00:00.000 –> 00:00:04.840
All right folks you have the download button on security assessment podcast
00:00:04.840 –> 00:00:09.800
brought to you by our company Lipani security if you’re interested go to the
00:00:09.800 –> 00:00:14.240
link in the show notes below and check out all of our services software that we
00:00:14.240 –> 00:00:19.680
offer as well as our blogs about security in all our past podcast
00:00:19.680 –> 00:00:25.360
episodes I want to thank you all for listening and let the show begin
00:00:25.360 –> 00:00:39.240
all right guys thank you very much for joining us another episode of the
00:00:39.240 –> 00:00:45.720
security assessment podcast I am your host Brandon Lopani and like I said it’s
00:00:45.720 –> 00:00:52.720
great to be with you again tons of security news as there always is but a
00:00:52.720 –> 00:00:57.480
couple good housekeeping tips first a bunch of you reached out to me on
00:00:57.480 –> 00:01:02.520
Twitter to tell me that they noticed that the art changed I did I actually
00:01:02.520 –> 00:01:08.960
got somebody to actually help us out and we actually got new show art it’s I
00:01:08.960 –> 00:01:12.480
think it looks much better rather than just our business logo they actually
00:01:12.480 –> 00:01:17.720
went ahead and actually made the logo a little bit quite a very much cooler
00:01:17.720 –> 00:01:21.640
actually and like I said made it look a little more different to our business
00:01:21.640 –> 00:01:25.520
name is on there and then the name of the podcast and then like I said she did
00:01:25.520 –> 00:01:28.760
a few things with the the art and so that so I really appreciate that looks
00:01:28.760 –> 00:01:32.600
much better I think looks much cooler I know the old saying you’re not supposed
00:01:32.600 –> 00:01:37.360
to judge a book by its cover but unfortunately the cooler your show art
00:01:37.360 –> 00:01:42.240
looked the better change you have the people you know reading your listening
00:01:42.240 –> 00:01:46.720
to your podcast just like a book if it’s got a cool cover much better chance of
00:01:46.720 –> 00:01:54.160
people reading it so I appreciate that also too we got a lot of people that
00:01:54.160 –> 00:01:57.760
wanted to communicate with us so we actually went ahead if you go to our
00:01:57.760 –> 00:02:03.720
website LaPani security.com and you go ahead and check it out there’s actually
00:02:03.720 –> 00:02:08.080
a forum area there so go ahead and join the forums and we can chat about shows
00:02:08.080 –> 00:02:14.280
security news all that stuff on there and again that is the forum so I want to
00:02:14.280 –> 00:02:19.480
I guess I give you guys some options how to communicate with us the forums are
00:02:19.480 –> 00:02:22.720
pretty cool we’ll use that for the show as well as anybody who wants to talk
00:02:22.720 –> 00:02:26.800
other news and like I said of course you can always email us on a website just
00:02:26.800 –> 00:02:31.400
hit contact us and shoot me an email you can do that as well so I do appreciate
00:02:31.400 –> 00:02:34.240
that like I said you guys have been reaching out and communicating with me I
00:02:34.240 –> 00:02:38.800
do appreciate that and I appreciate you listening to the show so thank you very
00:02:38.800 –> 00:02:44.640
much for that also – over I’ve been working on a couple of security tools I
00:02:44.640 –> 00:02:47.920
added a password strength tool runs locally on your machine you can test
00:02:47.920 –> 00:02:52.400
your password strength there’s tons of them online bit Warren and bit warden
00:02:52.400 –> 00:02:59.160
and security org and a bunch of places offer great tools like that but I was in
00:02:59.160 –> 00:03:02.340
the mood to putz around with some code and I messed around that and that’s on
00:03:02.340 –> 00:03:07.640
the site and that’s free it’s also gonna be up on the Windows Store as well so we
00:03:07.640 –> 00:03:11.920
are I’m doing that as well so a lot of like it’s a lot of little projects
00:03:11.920 –> 00:03:18.000
things going on but over the weekend is always podcast time so again I thank you
00:03:18.000 –> 00:03:25.000
all for listening the show now should be on all the services if I did miss one
00:03:25.000 –> 00:03:30.020
please reach out to me and let me know like I said my emails on my website if I
00:03:30.020 –> 00:03:34.560
missed but I think I have it on all the services now but like I said if I’m
00:03:34.560 –> 00:03:42.680
missing any please let me know so a couple things I wanted to wanted to talk
00:03:42.680 –> 00:03:46.680
about we have a lot of news to talk about but I thought this was
00:03:46.680 –> 00:03:51.120
specifically an interesting article that wanted to kind of start to show off with
00:03:51.120 –> 00:03:58.000
apparently there was a on the security now podcast there was actually somebody
00:03:58.000 –> 00:04:05.480
who had said that they were actually seeing they were monitoring their
00:04:05.480 –> 00:04:10.000
network and they actually were seeing that their wash machine was down was
00:04:10.000 –> 00:04:18.040
uploading and downloading like three gigs of data it was it was unbelievable
00:04:18.040 –> 00:04:22.200
I was reading about this and apparently somebody had hot I mean we all know IOT
00:04:22.200 –> 00:04:27.280
devices like fridges and stuff like that and stoves and stuff don’t get updated
00:04:27.280 –> 00:04:30.400
as much but apparently somebody they actually found somebody running a botnet
00:04:30.400 –> 00:04:35.560
and it was all these wash machines and they were all all this sort of things
00:04:35.560 –> 00:04:39.880
and the reason why I bring this up is somebody it’s somebody it’s in the thing
00:04:39.880 –> 00:04:47.600
that got interesting is to me was and it kind of makes sense so if you hijack an
00:04:47.600 –> 00:04:52.920
IOT device specifically like a wash machine or a refrigerator now the
00:04:52.920 –> 00:04:56.960
specific bug that they’re talking about was actually something that got loaded
00:04:56.960 –> 00:05:01.000
into RAM and I know a lot of people that are listening gonna say well that’s easy
00:05:01.000 –> 00:05:05.760
enough to fix you just restart the the device you’re absolutely 100% right but
00:05:05.760 –> 00:05:09.880
I never really thought about this but it really got me thinking how often do you
00:05:09.880 –> 00:05:15.720
actually unplug your washing machine think about it how often do you actually
00:05:15.720 –> 00:05:20.560
unplug your refrigerator or even think about something like your dishwasher
00:05:20.560 –> 00:05:25.080
that you can’t even get to the plug right kind of an interesting thought
00:05:25.080 –> 00:05:31.240
think about where if you hijack an IOT device you actually have control of this
00:05:31.240 –> 00:05:34.960
thing for quite a while unless the people have a power outage and since
00:05:34.960 –> 00:05:39.840
these devices obviously most of them don’t get regular updates or I mean
00:05:39.840 –> 00:05:44.080
obviously you’re a lot of times your refrigerator is going to last a lot
00:05:44.080 –> 00:05:48.920
longer then probably the support from you know from the manufacturer as far as
00:05:48.920 –> 00:05:52.800
like the updates for the software so they go really makes these these
00:05:52.800 –> 00:05:57.520
connected devices especially vulnerable and and even if they are being updated
00:05:57.520 –> 00:06:02.120
if you get a vulnerability you can load into the RAM like I said think of how
00:06:02.120 –> 00:06:06.680
many times you’ve ever restarted your washing machine or restarted your fridge
00:06:06.680 –> 00:06:10.280
or like I said or something like a while I guess it or a dishwasher where you
00:06:10.280 –> 00:06:16.600
can’t even get to the plug in most cases really doesn’t happen often so if you
00:06:16.600 –> 00:06:21.080
hijack those devices you could have a bot like I said until people have a
00:06:21.080 –> 00:06:24.280
power outage so and if that’s the case you just go back and reinfect them and
00:06:24.280 –> 00:06:27.800
then you’re gonna have them again until people you know until people come I mean
00:06:27.800 –> 00:06:31.760
it kind of is a scary thought if you really think about it because you know
00:06:31.760 –> 00:06:35.320
people will you know have these these connected devices that never get
00:06:35.320 –> 00:06:42.040
restarted so all you need to do is load a you know something into RAM and and
00:06:42.040 –> 00:06:44.520
it’s gonna be there until they have a power outage and think about this well
00:06:44.520 –> 00:06:47.400
the people have a generator what if you have a generator now think now you’re
00:06:47.400 –> 00:06:52.080
never gonna have a real power I mean so I mean a kind of an interesting scary
00:06:52.080 –> 00:06:57.920
thought to think about and something I heard about security now made me really
00:06:57.920 –> 00:07:01.640
you know really think about the IOT devices that I have in my house and all
00:07:01.640 –> 00:07:08.860
that and you know how how you know if somebody got a control of one you know
00:07:08.860 –> 00:07:13.040
it’s it’s it’s pretty brutal and a lot of people especially like the security
00:07:13.040 –> 00:07:16.400
like security people network people tinker or stuff that we’re gonna monitor
00:07:16.400 –> 00:07:20.920
our network traffic and stuff like that but a lot of people like think about
00:07:20.920 –> 00:07:24.840
older people and some of that really don’t really you’re not gonna monitor
00:07:24.840 –> 00:07:27.960
you know don’t don’t monitor their network traffic they just the Internet’s
00:07:27.960 –> 00:07:33.920
there and that’s it so specifically kind of a scary kind of a scary thing to
00:07:33.920 –> 00:07:36.520
think about and something to really think about if you do have IOT attached
00:07:36.520 –> 00:07:41.320
devices you how often they are getting patched so interesting interesting very
00:07:41.320 –> 00:07:46.600
interesting topic I need like I said on security now I really was interested in
00:07:46.600 –> 00:07:50.760
that one this week I don’t listen to it every week I do like Steve Gibson I do
00:07:50.760 –> 00:07:55.160
like spin right wonderful hard drive recovery tool I mean he doesn’t need our
00:07:55.160 –> 00:07:59.000
plug he’s got twit but really is a great hard drive recovery tool he does do a
00:07:59.000 –> 00:08:03.800
great podcast so security now is one I do listen to on occasion and like I said
00:08:03.800 –> 00:08:10.680
it’s really worth listening to also to this week not really security news but
00:08:10.680 –> 00:08:16.320
the the pre-orders for Apple’s vision Pro started like I said really not
00:08:16.320 –> 00:08:19.320
security news but the reason I’m bringing it up is there are already
00:08:19.320 –> 00:08:24.320
people hacking or hawking them excuse me up on eBay already for double the price
00:08:24.320 –> 00:08:28.680
it always happens when there’s a shortage on things Apple specifically
00:08:28.680 –> 00:08:32.380
doesn’t you know only has a limited amount of them to start with I know the
00:08:32.380 –> 00:08:36.600
I believe if I’m not mistaken the a lot of the reviewers and stuff I’ve seen on
00:08:36.600 –> 00:08:41.120
YouTube and all that already have them but apparently if you break the screen
00:08:41.120 –> 00:08:45.680
see almost $800 to fix the screen if you are going to get the vision Pro I
00:08:45.680 –> 00:08:51.840
recommend the Apple care one thing I will say I’ve always said this to people
00:08:51.840 –> 00:08:56.320
especially maybe not so much with the Apple stuff because Apple’s got pretty
00:08:56.320 –> 00:09:01.880
good control that stuff but I do want to say that if you do buy anything like
00:09:01.880 –> 00:09:06.000
that online like I said that’s not much Apple because apples usually got pretty
00:09:06.000 –> 00:09:09.720
good control their stuff but if you do buy any of that stuff online be very
00:09:09.720 –> 00:09:15.560
careful I’ve actually seen people not myself personally but I have actually
00:09:15.560 –> 00:09:21.680
seen online people that actually will will get old laptops you know load you
00:09:21.680 –> 00:09:26.120
know Windows or Linux on them and then load a key logger or load a virus I’m
00:09:26.120 –> 00:09:29.360
like that I’m saying keep an eye on things or use it as a botnet and then
00:09:29.360 –> 00:09:32.380
sell it online if people say oh wow look I got this cheap computer for a hundred
00:09:32.380 –> 00:09:34.440
bucks well yeah you did get a cheapie for a
00:09:34.440 –> 00:09:38.080
hundred bucks but now everything you type is being logged or you know every
00:09:38.080 –> 00:09:40.360
time there’s an attack or something like that your computer is gonna be the one
00:09:40.360 –> 00:09:45.960
used being used as the you know the botnet so you know be very careful when
00:09:45.960 –> 00:09:51.080
you buy cheap electronics online you never know what people do to them I think
00:09:51.080 –> 00:09:56.320
that they call that a supply chain attack obviously we all know we’ve seen
00:09:56.320 –> 00:10:00.320
the videos and some of that what happens with that but again be very very careful
00:10:00.320 –> 00:10:03.600
with that I always encourage people if you are going to get a used computer
00:10:03.600 –> 00:10:07.840
make sure you wipe it the other thing that’s really concerning about that too
00:10:07.840 –> 00:10:13.400
is I see especially especially online on Facebook marketplace a lot you see a lot
00:10:13.400 –> 00:10:17.440
of people that are actually okay you know I’m just I didn’t use this computer
00:10:17.440 –> 00:10:20.920
I’m just selling it online because I don’t need it anymore and then you open
00:10:20.920 –> 00:10:23.760
and I see people you know you started up and oh hey look there’s people’s crap
00:10:23.760 –> 00:10:27.480
still on this computer they never even wiped it clean that happens a lot as
00:10:27.480 –> 00:10:30.040
well especially without recycle electronics and stuff like that happens
00:10:30.040 –> 00:10:37.360
a lot so just another thing to be aware huh so speaking of that too by the way
00:10:37.360 –> 00:10:44.200
one of the other interesting things like I said I was reading very interesting to
00:10:44.200 –> 00:10:47.760
me anyway talking about the Google keyboard how the Google keyboard has
00:10:47.760 –> 00:10:53.640
really got grown in popularity I avoid I mean I’m always concerned about all the
00:10:53.640 –> 00:10:56.560
stuff to get Google collects it’s only gonna be a matter of time before somebody
00:10:56.560 –> 00:11:00.760
eventually hacks them and and we really know how much data they are collecting
00:11:00.760 –> 00:11:04.560
on us we know they’re collecting a lot of data on us but like I said this
00:11:04.560 –> 00:11:09.880
specifically I’m eventually it’s going to happen but anyway you know especially
00:11:09.880 –> 00:11:13.480
when I have a keylog if you think about using the Google keyboard I mean that
00:11:13.480 –> 00:11:17.640
thing basically is a legalized key logger I mean it’s I’m sure Google’s logging
00:11:17.640 –> 00:11:20.760
everything you’re typing specific keywords and all that kind of stuff I
00:11:20.760 –> 00:11:24.720
know I mean I know it I mean I know Google has good security I’m not saying
00:11:24.720 –> 00:11:27.600
they don’t but you think about it using the Google keyboard is basically allowing
00:11:27.600 –> 00:11:32.040
Google to be your key be a legalized key logger I kind of put that out to people
00:11:32.040 –> 00:11:36.800
kind of concerning especially some of the stuff going on with Google now with
00:11:36.800 –> 00:11:42.640
the anti ad tracking stuff you know chromium what would have said to me is
00:11:42.640 –> 00:11:45.880
you know a lot of companies have gone to the open source chromium which is
00:11:45.880 –> 00:11:50.120
maintained by Google and you can create your own browser on chromium but what’s
00:11:50.120 –> 00:11:56.960
concerning to me on that specifically is now that people are using chromium to
00:11:56.960 –> 00:12:02.080
create their own browser everybody but Firefox it’s a bit concerning to me
00:12:02.080 –> 00:12:06.640
because now you know Google is gonna make this ad tracking change to chromium
00:12:06.640 –> 00:12:10.360
and it’s gonna basically affect all the browsers everybody’s about all the
00:12:10.360 –> 00:12:16.120
browsers except for Firefox so it’s a little bit concerning to me that Google
00:12:16.120 –> 00:12:21.440
has kind of kind of because of their open source chromium because everybody
00:12:21.440 –> 00:12:27.120
jumping on board with it now has a very easy way to go ahead and pretty much
00:12:27.120 –> 00:12:30.160
sway the market however they want if you think about it I mean the only one that
00:12:30.160 –> 00:12:33.640
any ad blocker technology and stuff that’s going to work on anymore is gonna
00:12:33.640 –> 00:12:40.680
be Firefox you know because I mean edge opera brave all those guys are built I’m
00:12:40.680 –> 00:12:43.240
not sure what Braves gonna do crazy see what the Braves gonna do they’re saying
00:12:43.240 –> 00:12:47.280
they’re gonna do something I’m curious what they’re gonna do but I mean even
00:12:47.280 –> 00:12:51.540
chromium is gonna have this anti ad technology built in basically Google has
00:12:51.540 –> 00:12:57.200
a way now of kind of kind of swaying the market however they want it’s very
00:12:57.200 –> 00:13:01.640
concerning to me personally I don’t particularly care for it I think that
00:13:01.640 –> 00:13:05.680
you know open source is one thing but they’re also using open source to go
00:13:05.680 –> 00:13:08.300
ahead and push the market in the direction they want to benefit their
00:13:08.300 –> 00:13:13.560
business a little bit a little bit unethical as far as I’m concerned let
00:13:13.560 –> 00:13:16.520
me see the ones that won’t be affected obviously are going to be Firefox and of
00:13:16.520 –> 00:13:20.060
course Safari isn’t affected but those are gonna be only two of the ads
00:13:20.060 –> 00:13:24.440
blocking technology gonna keep working on I recommend to personally if you
00:13:24.440 –> 00:13:26.960
don’t like people tracking you which I don’t particularly like with Google’s
00:13:26.960 –> 00:13:32.400
doing I recommend using Firefox or specifically sound like Firefox or a
00:13:32.400 –> 00:13:37.120
Chrome but like I said I don’t I don’t like I said I’m not very big now the
00:13:37.120 –> 00:13:41.580
other thing too like I said Google has been pushing especially to get rid of
00:13:41.580 –> 00:13:44.700
you know certain cookies and have their own master cookie and everybody uses
00:13:44.700 –> 00:13:48.740
their master cookie and I’m like well yeah that’s great because they’re saying
00:13:48.740 –> 00:13:51.980
oh we’re doing this for privacy but you’re also doing it so everybody’s gonna
00:13:51.980 –> 00:13:57.140
rely on you now for the ads I mean they’re they’re slowly pushing their way
00:13:57.140 –> 00:14:04.080
into being big brother and like I said it’s from a security standpoint concerning
00:14:04.080 –> 00:14:08.300
because I mean if Google does ever get hacked the amount of data that’s gonna
00:14:08.300 –> 00:14:14.400
be released on everybody it’s gonna be a pretty pretty insane it’s gonna be way
00:14:14.400 –> 00:14:18.140
worse than anything we’ve seen I remember when the whole Ashley Madison
00:14:18.140 –> 00:14:22.380
hack happened you know we’re talking even worse with Google because they know
00:14:22.380 –> 00:14:24.660
what you’re searching where you’re searching what time you’re searching or
00:14:24.660 –> 00:14:33.220
pretty pretty concerning so you know something to be concerned about some
00:14:33.220 –> 00:14:36.180
other things too I’ve got a ton of stuff things they got tons I want to talk
00:14:36.180 –> 00:14:39.920
about oh one of the things too I wanted to talk to somebody I know a couple
00:14:39.920 –> 00:14:44.280
people we were talking about how people reached out to me talking about Plex you
00:14:44.280 –> 00:14:48.200
know hosting your own stuff and and your own music and your own videos of that I
00:14:48.200 –> 00:14:52.120
know Plex said they’re gonna be coming out with their own version of like the
00:14:52.120 –> 00:14:55.320
iTunes store and so that’s that you can buy and rent videos right on their
00:14:55.320 –> 00:14:58.760
service I think that’ll be pretty cool they’ve talked about that a few times
00:14:58.760 –> 00:15:04.460
doesn’t come to fruition yet but eventually maybe we’ll see but one of
00:15:04.460 –> 00:15:07.840
things I do want to bring up about that somebody had brought up to me that you
00:15:07.840 –> 00:15:12.780
can use Plex to you know if you tore in a video or something like that you can
00:15:12.780 –> 00:15:16.260
you know use Plex to you know share it on your local network and while that I
00:15:16.260 –> 00:15:20.380
don’t condone that but if you do download a torrent I just want to say
00:15:20.380 –> 00:15:23.920
one thing guys you gotta be very careful you download a torrent especially with
00:15:23.920 –> 00:15:27.600
the popular movies a lot of those torrent files with the popular movies
00:15:27.600 –> 00:15:31.920
have viruses and spyware and some of that built in a lot of times what people
00:15:31.920 –> 00:15:36.160
will do is they will say okay well this is a popular movie I’ll rip it but then
00:15:36.160 –> 00:15:39.200
what I’ll do is I’m gonna put a little little little piece of code in this
00:15:39.200 –> 00:15:43.040
little file here so that this way when they watch the movie and affects their
00:15:43.040 –> 00:15:48.880
system so just something to be you know if you’re going to torrent videos or they
00:15:48.880 –> 00:15:52.160
don’t like I said don’t condone I don’t recommend but if you do torrent videos
00:15:52.160 –> 00:15:55.400
be very careful make sure you scan the files and stuff like that so you don’t
00:15:55.400 –> 00:16:03.080
get a virus on your computer very very important one of the other interesting
00:16:03.080 –> 00:16:08.360
articles this week on throat calm I read his he’s a really big follows he does
00:16:08.360 –> 00:16:12.920
everything with Microsoft and I really follow his stuff because I mean I use I
00:16:12.920 –> 00:16:16.900
use both Mac and Windows I like them both actually but specifically he really
00:16:16.900 –> 00:16:20.920
gets into the guts of Windows and a lot of my customers have Windows one of the
00:16:20.920 –> 00:16:26.640
things he had talked about two specific things was subscription fatigue and the
00:16:26.640 –> 00:16:29.960
reason I’m bringing this up is I know it’s not security related but I do want
00:16:29.960 –> 00:16:33.280
to bring it up because one of the things that he was talking about is that a lot
00:16:33.280 –> 00:16:40.720
of people are starting to host their own files internally people that’s like are
00:16:40.720 –> 00:16:46.800
like okay well I can you know if I buy this NAS for $250 $300 this neck gear
00:16:46.800 –> 00:16:51.320
NAS whatever I can hold you know host like four terabytes of files and I don’t
00:16:51.320 –> 00:16:57.000
have to have any storage online I could save a subscription of $9.99 a month and
00:16:57.000 –> 00:17:00.580
by the way do I want to point out that that’s we just saw about Plex similar
00:17:00.580 –> 00:17:06.280
concept but one of the things he brought up we were people were commenting on
00:17:06.280 –> 00:17:11.800
this and it is very important you know sometimes saving saving money is good
00:17:11.800 –> 00:17:14.480
especially with the economy so that always you know try to save where you
00:17:14.480 –> 00:17:18.880
can but one of the things I do want to point out as well it’s great to host
00:17:18.880 –> 00:17:22.520
your own files and stuff like that heaven forbid you have a fire or
00:17:22.520 –> 00:17:27.120
anything like that you just lost all your data there’s no you know you should
00:17:27.120 –> 00:17:31.400
always have an off-site backup and I know people are saying themselves well
00:17:31.400 –> 00:17:34.520
you know I’ll just save one more sub locally and save a subscription and and
00:17:34.520 –> 00:17:37.440
it is I mean I agree with it too I’m sure we’re all trying to cut back
00:17:37.440 –> 00:17:42.240
especially with subscription services going up and up and up but specifically
00:17:42.240 –> 00:17:47.640
if you if you are going to be saving data locally you really should have
00:17:47.640 –> 00:17:53.280
backup I have my own local NAS here that I host and save all my files on that I’m
00:17:53.280 –> 00:17:57.920
working on some of that but I do also have it set up so that it backs up to
00:17:57.920 –> 00:18:02.080
the cloud any changes I know I think carbonite offers a service like that I
00:18:02.080 –> 00:18:08.940
know I think carbonite I think I think fast go back or a fast backup or go back
00:18:08.940 –> 00:18:14.480
fast or any of those I think junk I think it’s what jungle backup or
00:18:14.480 –> 00:18:17.840
whatever that well that’s an encrypted one but they um they offer where they’ll
00:18:17.840 –> 00:18:21.900
back your NAS up for you every night even if you’re using any if you’re using
00:18:21.900 –> 00:18:26.580
anything any of the popular NAS is like Synology or anything like that they have
00:18:26.580 –> 00:18:31.600
services built right into it but like I said if you are going to be saving your
00:18:31.600 –> 00:18:35.600
stuff locally to try to save money backing it up to an external hard drive
00:18:35.600 –> 00:18:38.280
and leaving it is not I mean a NAS little bit different because you have
00:18:38.280 –> 00:18:43.020
usually have two hard drives that are redundant but if you are going to be
00:18:43.020 –> 00:18:45.500
just backing up your data to a hard drive saying oh yeah I’m gonna back my
00:18:45.500 –> 00:18:49.200
data up this fancy money that one hard drive sitting in your you know your
00:18:49.200 –> 00:18:53.180
living room or your kitchen if there’s a fire you lost all your stuff so I don’t
00:18:53.180 –> 00:18:56.340
particularly recommend that I know we’re all trying to save money on subscription
00:18:56.340 –> 00:19:05.480
services but it’s not exactly the safest and best way to do things so like I said
00:19:05.480 –> 00:19:11.860
just be very careful sometimes you are saving money but you’re also exposing
00:19:11.860 –> 00:19:18.080
yourself possibly to you know you know losing your data so be very very careful
00:19:18.080 –> 00:19:23.820
with that one of the things one of the things somebody did show me this week
00:19:23.820 –> 00:19:30.700
that I like I said I have not I didn’t I knew I knew about it but never actually
00:19:30.700 –> 00:19:39.200
messed with it we’re all on social media these days and there’s a site online
00:19:39.200 –> 00:19:50.520
called red act dev r-e-d-a-c-t dot dev and what this service actually does and
00:19:50.520 –> 00:19:55.000
like I said I have to look because there is a paid version and there is a a free
00:19:55.000 –> 00:20:01.480
version what you can actually do is you can actually go on here and you link
00:20:01.480 –> 00:20:08.840
your social media accounts and it will actually delete all your posts it does
00:20:08.840 –> 00:20:15.280
it all for you so something to think about like I said um like I said it’s
00:20:15.280 –> 00:20:20.280
you can look at it it’s also a mobile app as well but I guess it’s something
00:20:20.280 –> 00:20:23.440
to think about I know a couple people have asked me how do I go ahead and get
00:20:23.440 –> 00:20:29.360
rid of my you know how do I go ahead and get rid of stuff that I posted that I
00:20:29.360 –> 00:20:33.560
don’t want like I said you can go in and actually clear out an entire account of
00:20:33.560 –> 00:20:38.000
data especially Twitter and some of that so just something to look at somebody
00:20:38.000 –> 00:20:41.240
that showed that to me the other day and I really liked it and I wanted to bring
00:20:41.240 –> 00:20:45.480
it up to you guys so they know some people want to kind of prune back some
00:20:45.480 –> 00:20:49.480
of their social media so getting into some of the news of the week that I
00:20:49.480 –> 00:20:53.520
actually collected tons of it we’re not gonna go through all of it because
00:20:53.520 –> 00:20:58.120
there’s so much of it I remember when a friend of mine started a security
00:20:58.120 –> 00:21:01.280
podcast back like maybe 15 years ago he had said I wonder if I’m gonna have
00:21:01.280 –> 00:21:08.400
enough to talk about it seems like now it’s just so much of it but avante has
00:21:08.400 –> 00:21:13.360
had a rough couple weeks the security vendor like I bring this up because I
00:21:13.360 –> 00:21:17.280
know I have had people with the vante and I’ve had a kind of run around
00:21:17.280 –> 00:21:23.920
pre nuts apparently avante their remote so their remote software that last people
00:21:23.920 –> 00:21:28.880
work remotely actually has a vulnerability in it and it was actually
00:21:28.880 –> 00:21:35.360
made NBC News last night apparently top US cybersecurity watchdog issue an
00:21:35.360 –> 00:21:39.740
emergency directive federal agencies about popular software saying that they
00:21:39.740 –> 00:21:44.640
need to go ahead and either patch it or remove it because I guess the government
00:21:44.640 –> 00:21:49.960
uses avante so pretty important if you remember last week I think on the show
00:21:49.960 –> 00:21:55.980
we talked about the VPN had an issue so now they’re remote software which allows
00:21:55.980 –> 00:21:59.360
for remote desktop some of that and now there was this week and then their VPN
00:21:59.360 –> 00:22:03.120
and then earlier this week they had another issue that they released so
00:22:03.120 –> 00:22:08.660
avante is really getting picked apart so something if you do have an avante
00:22:08.660 –> 00:22:13.760
system make sure you are patched and ready to go VPN the remote software
00:22:13.760 –> 00:22:18.920
remote desktop all that stuff that they provide is been having some
00:22:18.920 –> 00:22:23.840
vulnerability so please if you are somebody with avante go ahead and get
00:22:23.840 –> 00:22:30.780
that patched on another site this week you actually says export experts warn of
00:22:30.780 –> 00:22:36.940
Mac OS backdoor hidden in pirated versions of popular software now while
00:22:36.940 –> 00:22:43.600
this is a great article okay the backdoor in the dot dig but they’re
00:22:43.600 –> 00:22:49.240
saying legitimate software like navicat premium ultra edit final shell secure
00:22:49.240 –> 00:22:55.040
CRT and Microsoft remote desktop or have been found to have even though they are
00:22:55.040 –> 00:23:00.680
legit they actually have backdoors into the system so something to be very
00:23:00.680 –> 00:23:04.840
careful of you do use any of those softwares I actually do myself make sure
00:23:04.840 –> 00:23:11.240
you either uninstall them or you patch them very important kind of surprised me
00:23:11.240 –> 00:23:15.640
too because Microsoft had heck of a week this week as far as their stuff
00:23:15.640 –> 00:23:20.420
Microsoft executive said that their emails were hacked by their top guys
00:23:20.420 –> 00:23:24.480
like people they haven’t said names but a match by Sasha and people like that
00:23:24.480 –> 00:23:30.000
the CEO they’re saying that Microsoft actually their emails got hacked by a
00:23:30.000 –> 00:23:34.280
Russian intelligence group the interesting thing about this while we
00:23:34.280 –> 00:23:38.480
weren’t doing the podcast at the time obviously if you remember the solar
00:23:38.480 –> 00:23:46.640
winds attack that happened back in I believe was 2000 or 20 20 20 it’s the
00:23:46.640 –> 00:23:50.560
same they’re saying it’s the same group how they know they have not said how but
00:23:50.560 –> 00:23:57.960
that was something in the news this week that really is kind of really was
00:23:57.960 –> 00:24:01.840
concerning Microsoft obviously I’m waiting to see what’s gonna happen I can
00:24:01.840 –> 00:24:05.080
only imagine that they’re gonna be there’s gonna be a lot of cleanup
00:24:05.080 –> 00:24:08.000
because when you when you’re that high of an executive at a company like that
00:24:08.000 –> 00:24:12.600
you get emails that are not supposed to be out in the world like trade secret
00:24:12.600 –> 00:24:17.080
stuff and things about purchases and things like that that can really be
00:24:17.080 –> 00:24:21.160
dangerous they get out in the wrong hands so I’m sure Microsoft’s in cleanup
00:24:21.160 –> 00:24:25.880
mode right now for that one of the the other interesting articles I’ve
00:24:25.880 –> 00:24:31.320
followed this this pretty closely actually and I take this with a grain
00:24:31.320 –> 00:24:34.320
of salt personally because it’s Kaspersky and they’re rushing company
00:24:34.320 –> 00:24:38.480
and that’s concerning to me because I know there’s been always been
00:24:38.480 –> 00:24:42.280
speculation about Kaspersky and their ties with the government some of that so
00:24:42.280 –> 00:24:47.120
I take this at value but one of the things Kaspersky has recently launched
00:24:47.120 –> 00:24:52.800
is a tool called I shut down and it’s designed basically to detect notorious
00:24:52.800 –> 00:24:58.560
spyware that is on your iOS device I’m not really sure I know cup I’ve seen
00:24:58.560 –> 00:25:04.640
this going around the internet people talking about this I am personally a
00:25:04.640 –> 00:25:08.960
little hesitant with anything from Kaspersky right now because of
00:25:08.960 –> 00:25:12.200
everything going on in the world I know I have seen a bunch of people that used
00:25:12.200 –> 00:25:17.160
it and they said they did find stuff I’m again it’s supposed to be for that
00:25:17.160 –> 00:25:23.360
Pegasus that quad dreams rain and the other one predator so again I mean I
00:25:23.360 –> 00:25:28.400
think you know that it’s well it could be a good tool I would be hesitant to
00:25:28.400 –> 00:25:33.800
use it right now anything like that from Kaspersky that’s that’s just me
00:25:33.800 –> 00:25:38.320
Microsoft having a heck of a week – by the way I had another story here in my
00:25:38.320 –> 00:25:44.840
show notes a critical Microsoft SharePoint bug now actively exploited CIS a
00:25:44.840 –> 00:25:48.440
warns that the attackers are now exploiting a critical Microsoft
00:25:48.440 –> 00:25:52.440
SharePoint privilege escalation vulnerability that can be chained with
00:25:52.440 –> 00:25:58.360
another critical bug now one thing that I do point out that I went through the
00:25:58.360 –> 00:26:02.320
this and read through this whole thing it says the Microsoft SharePoint server
00:26:02.320 –> 00:26:09.320
exploit chain was successfully cut founded by star labs researcher they
00:26:09.320 –> 00:26:15.400
earned $100,000 reward from from what I could take from this because the they
00:26:15.400 –> 00:26:19.880
weren’t overly descriptive about this Microsoft I’m guessing it’s going to be
00:26:19.880 –> 00:26:24.440
if you have in-house SharePoint running that’s a big business for Microsoft
00:26:24.440 –> 00:26:27.360
SharePoint a lot of people don’t know they actually bought SharePoint they
00:26:27.360 –> 00:26:30.960
didn’t actually build it but one of the things like I said if you are running
00:26:30.960 –> 00:26:34.280
SharePoint make sure you go ahead and patch your service but I believe it is
00:26:34.280 –> 00:26:37.680
internal SharePoint it has to be because if it was its external SharePoint
00:26:37.680 –> 00:26:41.640
Microsoft will patch it for you so yeah like I said but they didn’t because one
00:26:41.640 –> 00:26:46.080
of the things somebody had asked was on the forums was is is this currently
00:26:46.080 –> 00:26:49.840
being exploited on 365 and if it is I mean there’s nothing we could really do
00:26:49.840 –> 00:26:52.680
about it Microsoft’s got a patch it but I would imagine they’re probably gonna
00:26:52.680 –> 00:26:57.640
patch it so if you’re running internal SharePoint go ahead and patch immediately
00:26:57.640 –> 00:27:02.400
Microsoft had a lot of big bugs over the last year or so you remember I think it
00:27:02.400 –> 00:27:06.400
was last right around Christmas time whatever they had an issue with exchange
00:27:06.400 –> 00:27:09.440
it got to the point rack space actually had a shut all their servers down
00:27:09.440 –> 00:27:13.980
because it was that vulnerable a lot of stuff going on with that but that is
00:27:13.980 –> 00:27:17.560
something by the way that is going to be coming to an end Microsoft has said that
00:27:17.560 –> 00:27:23.320
they will not be releasing exchange server anymore that I think they said
00:27:23.320 –> 00:27:26.560
they’re releasing their last version of local exchange I don’t know that’s gonna
00:27:26.560 –> 00:27:30.360
fly a lot of people really upset about that and it’s not so the reason why that
00:27:30.360 –> 00:27:35.600
is an issue is because you do have stuff people like lawyers and stuff like that
00:27:35.600 –> 00:27:40.640
that do host their own exchange servers because of the whole security and
00:27:40.640 –> 00:27:48.040
privacy of what they’re actually doing and they don’t want stuff exposed out to
00:27:48.040 –> 00:27:52.240
the cloud specifically because they don’t you know how cloud is redundant
00:27:52.240 –> 00:27:55.480
well they there’s just some kind of rules where they can’t have data being
00:27:55.480 –> 00:27:59.520
backed up in other countries if it’s certain things regarding certain it’s
00:27:59.520 –> 00:28:03.240
all law and stuff I don’t really understand that well but like I said
00:28:03.240 –> 00:28:06.560
it’s there’s something about that I know lawyers specifically upset about that
00:28:06.560 –> 00:28:10.600
some doctors are really upset about that because of the whole HIPAA thing which
00:28:10.600 –> 00:28:15.640
I mean obviously 65 in the cloud is HIPAA compliant but especially people
00:28:15.640 –> 00:28:19.200
with trade secrets or stuff like that you know are concerned and stuff like
00:28:19.200 –> 00:28:22.640
that so we’ll see I mean Microsoft I mean the end of the day Microsoft’s
00:28:22.640 –> 00:28:26.160
gonna keep releasing it if it’s making them money that’s what it comes down to
00:28:26.160 –> 00:28:31.000
you know so you know as things you know stop making Microsoft money is when
00:28:31.000 –> 00:28:34.800
they’re pushing it to the cloud so you know Microsoft’s legacy business of
00:28:34.800 –> 00:28:39.560
Windows Server and Exchange SharePoint all that sort of stuff is still making
00:28:39.560 –> 00:28:43.000
them a lot of money on-prem so until it doesn’t they’re gonna keep releasing it
00:28:43.000 –> 00:28:47.200
so like I said we’ll see what happens with that I would imagine a lot of people
00:28:47.200 –> 00:28:51.080
really complained about the SharePoint going into the cloud I’m sorry about
00:28:51.080 –> 00:28:56.040
exchange going into the cloud I actually am all for it SharePoint I don’t think
00:28:56.040 –> 00:28:59.780
should be in the cloud because SharePoint is very customizable and you
00:28:59.780 –> 00:29:04.200
can do a lot with it where exchange not so much and it’s much more secure in the
00:29:04.200 –> 00:29:07.600
cloud like I said I think I don’t think you’re gonna see I don’t think you’re
00:29:07.600 –> 00:29:11.480
gonna see SharePoint stop being released locally but I do think exchange
00:29:11.480 –> 00:29:14.440
eventually will go all in the cloud but I guess I do like SharePoint locally
00:29:14.440 –> 00:29:18.920
because it is very customizable and I have seen some companies with very
00:29:18.920 –> 00:29:24.860
elaborate SharePoint setups speaking of things that are hacked and secure lush
00:29:24.860 –> 00:29:29.080
cosmetics I know they’re pretty popular company I don’t know a lot about them
00:29:29.080 –> 00:29:34.480
but I do know that they had a they got hacked pretty bad and they have somebody
00:29:34.480 –> 00:29:38.160
coming in an IT company doing an independent security audit to check their
00:29:38.160 –> 00:29:42.920
system so really glad they’re doing that but they did get hacked they haven’t
00:29:42.920 –> 00:29:46.240
released I obviously want the report as the people to come in and do a search
00:29:46.240 –> 00:29:49.200
and spec see I don’t think they know what got hacked a lot of these places
00:29:49.200 –> 00:29:52.080
like cosmetics companies and stuff of that don’t really know the security
00:29:52.080 –> 00:29:55.140
infrastructure too well so they you know they’re gonna somebody come in do an
00:29:55.140 –> 00:29:59.120
audit see what got tampered with and then obviously make recommendations but
00:29:59.120 –> 00:30:03.160
to tighten the place up so if you are somebody that uses them you might want
00:30:03.160 –> 00:30:07.040
to keep an eye on your credit cards or whatever you use on there so our friends
00:30:07.040 –> 00:30:14.760
down under had a substantial breach labor was hit by a major government data
00:30:14.760 –> 00:30:19.880
breach millions of files stolen from key departments labor has admitted it
00:30:19.880 –> 00:30:24.420
suffered Australia’s largest ever government data breach with key
00:30:24.420 –> 00:30:29.880
intelligence defense economic department information files were stolen from
00:30:29.880 –> 00:30:36.400
Australia’s largest commercial law firm so those people in Australia I can
00:30:36.400 –> 00:30:39.680
imagine I really hope they have good cyber insurance because they are going
00:30:39.680 –> 00:30:43.480
to need it the interest the other interesting thing about this they said
00:30:43.480 –> 00:30:49.720
in April of 2023 of 2023 ransomware group stole more than 2.5 million files
00:30:49.720 –> 00:30:55.200
from the firm so this is you know something that’s this is a pretty big
00:30:55.200 –> 00:31:03.000
deal because a lot of government stuff has gone out so like I said I saw that
00:31:03.000 –> 00:31:05.800
I’m like oh interesting so it’s not just our government that gets hacked by the
00:31:05.800 –> 00:31:13.400
way it’s everybody else as well also – there are a bunch of those of you that
00:31:13.400 –> 00:31:17.360
use WordPress for your website there has been a lot of stuff coming out about
00:31:17.360 –> 00:31:23.040
this obviously WordPress always has issues with hacks and some of that so
00:31:23.040 –> 00:31:26.760
you have to make sure you keep all your stuff up to date but they said over 6700
00:31:26.760 –> 00:31:32.720
WordPress sites using outdated version of the pop-up builder plug-in have been
00:31:32.720 –> 00:31:37.600
infected and are suffering from malware so if you are somebody that uses the
00:31:37.600 –> 00:31:42.600
pop-up builder plug-in on your website I would make sure to get that hack get
00:31:42.600 –> 00:31:47.160
that fix so you don’t get hacked or if you are hacked roll back to a backup
00:31:47.160 –> 00:31:51.360
there’s another one as well this week about WordPress over 300,000 WordPress
00:31:51.360 –> 00:31:58.320
sites vulnerable to post SMTP plug-in so if you are somebody that uses SMTP on
00:31:58.320 –> 00:32:03.520
WordPress and you use the post SMTP plug-in you have to patch that as well
00:32:03.520 –> 00:32:10.040
so it’s a busy week for security stuff going on I mean always is but
00:32:10.040 –> 00:32:15.160
specifically this week there’s a lot of a lot of hacks and stuff like that
00:32:15.160 –> 00:32:21.920
opera has a bug in it which is going to let hackers run any file on your Mac or
00:32:21.920 –> 00:32:29.520
Windows PC that was in the news this week as well opera obviously pretty
00:32:29.520 –> 00:32:35.240
popular I mean it’s definitely it’s not on chrome level or Firefox level but
00:32:35.240 –> 00:32:40.680
definitely is pretty popular but like I said security researchers disclosed a now
00:32:40.680 –> 00:32:45.440
patch security floor in opera web browser that was allowing people with
00:32:45.440 –> 00:32:50.920
Microsoft Windows or Apple OS that could exploit any files or run any files on
00:32:50.920 –> 00:32:55.160
their system so the remote code execution vulnerability my flaw they’re
00:32:55.160 –> 00:33:02.120
calling it was discovered and apparently it is patched now so if you are if you’re
00:33:02.120 –> 00:33:06.280
using opera browser or opera GX make sure you go in patch that’s actually
00:33:06.280 –> 00:33:10.600
pretty concerning thing because anybody can run any files on your machine pretty
00:33:10.600 –> 00:33:17.280
scary so team viewer apparently has another big attack right now that people
00:33:17.280 –> 00:33:21.480
figure out how to remotely gain access to systems team viewers saying to patch
00:33:21.480 –> 00:33:27.000
it any of that stuff especially team viewer and any desk and a lot of these
00:33:27.000 –> 00:33:31.240
things they’re always very vulnerable to attacks is obviously you get remote
00:33:31.240 –> 00:33:35.080
control so nice a machine so I know these things are important are very
00:33:35.080 –> 00:33:37.960
well used but you got to make sure you keep up to date because these companies
00:33:37.960 –> 00:33:41.000
have quite that I would not want to be on one of these security teams for one
00:33:41.000 –> 00:33:45.880
of these companies I can only imagine what they go through the amount of just
00:33:45.880 –> 00:33:51.220
stuff that they have to deal with with attacks and all that cuz I mean
00:33:51.220 –> 00:33:54.840
basically think about it I mean somebody I mean you’re basically if you get
00:33:54.840 –> 00:33:58.160
hacked is basically give somebody remote access to a system so it’s a it’s a
00:33:58.160 –> 00:34:03.120
really tough really tough thing to you know deal with I give any of these guys
00:34:03.120 –> 00:34:07.600
that work on these teams tons and tons of credit because it definitely is a
00:34:07.600 –> 00:34:12.360
home edge is gonna be hard work so the one the last article I want to talk
00:34:12.360 –> 00:34:17.720
about is an interesting one they are actually saying that there is a lack of
00:34:17.720 –> 00:34:23.200
cybersecurity experts in the industry and the same part of the problem is that
00:34:23.200 –> 00:34:26.920
a lot of the kyber security experts don’t have the degrees required to get
00:34:26.920 –> 00:34:31.880
the job this is an interesting article it’s from the national was at the
00:34:31.880 –> 00:34:38.320
national the national cyber director he addressing the cyber talent shortage
00:34:38.320 –> 00:34:44.560
this is actually like I said this is actually on the actual news site clear
00:34:44.560 –> 00:34:49.320
news dot clearance jobs calm which is where you would look for federal jobs
00:34:49.320 –> 00:34:54.480
he’s actually saying that he working that they want to remove the degree
00:34:54.480 –> 00:34:58.480
requirement most jobs in the US government for skyber secure car for
00:34:58.480 –> 00:35:01.520
your degrees many people don’t have a four-year degree that our security
00:35:01.520 –> 00:35:06.720
experts and they want to go ahead and remove that just way they will not get a
00:35:06.720 –> 00:35:11.720
shortage as people without four-year degrees are not being considered so
00:35:11.720 –> 00:35:16.840
basically what this is the government is is lowering their standards for getting
00:35:16.840 –> 00:35:21.560
people and and honestly I don’t blame them I know a lot of good cybersecurity
00:35:21.560 –> 00:35:26.040
people myself included that don’t have four-year degrees that went maybe to
00:35:26.040 –> 00:35:29.560
college for two years have associates and they got into cybersecurity I know
00:35:29.560 –> 00:35:33.400
many people that didn’t go to college at all and when it got into cybersecurity I
00:35:33.400 –> 00:35:36.800
know a lot of programmers that are amazing bug finders that never went to
00:35:36.800 –> 00:35:41.800
college and do a great job so I actually think this is actually really good most
00:35:41.800 –> 00:35:47.040
of your good hackers didn’t go to college I hate to say that but a
00:35:47.040 –> 00:35:51.480
majority of your good hackers don’t go to college I know a lot of good good
00:35:51.480 –> 00:35:54.760
security professionals and some of that that you bug bounty and some of that
00:35:54.760 –> 00:35:57.520
none of them are meant to college they just hang out and just do bug bounty all
00:35:57.520 –> 00:36:02.960
day I know a lot of guys that actually did get in trouble and then got jobs
00:36:02.960 –> 00:36:06.000
with the government after they got out I know a lot of that kind of stuff happens
00:36:06.000 –> 00:36:12.520
so I think this is a specific case where they’re gonna have to you know sometimes
00:36:12.520 –> 00:36:15.800
the you know the government needs to understand that they’re you know they
00:36:15.800 –> 00:36:19.520
you’re not always gonna you have to look sometimes it’s not even lowering your
00:36:19.520 –> 00:36:24.480
standards if the industries have changed so much you know 20 30 years ago none of
00:36:24.480 –> 00:36:28.080
your IT people went to college because College for Computer Technology didn’t
00:36:28.080 –> 00:36:32.320
exist so I mean a really interesting thing and some of your your best minds
00:36:32.320 –> 00:36:36.300
are not college graduates so I think this is actually a good thing by the
00:36:36.300 –> 00:36:38.680
government I’m sure they’re gonna have some kind of vetting process where you
00:36:38.680 –> 00:36:42.920
have to pass it you know test or something like that I’m sure that
00:36:42.920 –> 00:36:47.200
there’ll be something there but like I said I actually think this is actually a
00:36:47.200 –> 00:36:52.600
really good idea get more able to get more people get better people sometimes
00:36:52.600 –> 00:36:55.720
people that you know there’s a big difference in one thing anybody that
00:36:55.720 –> 00:37:00.080
works in cybersecurity or it works any job field whether it’s a skill or trade
00:37:00.080 –> 00:37:04.120
will realize there’s always a big difference between knowledge and
00:37:04.120 –> 00:37:08.800
experience and that’s really important so I do want to bring that up like I
00:37:08.800 –> 00:37:12.160
said some of the best coders I’ve ever met have never went to college and they
00:37:12.160 –> 00:37:16.660
were great coders so I mean it’s it’s one of those kinds of businesses where
00:37:16.660 –> 00:37:20.160
sometimes you’re not going to always you know college isn’t for everybody some
00:37:20.160 –> 00:37:24.040
people are better at educating themselves and I think that is becoming a real
00:37:24.040 –> 00:37:27.880
thing now especially with the internet stuff a lot of people go to cyber school
00:37:27.880 –> 00:37:31.160
now a lot of people do home school now some of that because they want to move
00:37:31.160 –> 00:37:35.360
faster they want to learn more there’s actually quite a bit of that actually I
00:37:35.360 –> 00:37:38.920
know quite a few people that are that are cyber schooling or homeschooling
00:37:38.920 –> 00:37:42.760
just because they can move at a faster pace and get more done and be more
00:37:42.760 –> 00:37:47.040
prepared for college and then some people isn’t you know colleges for
00:37:47.040 –> 00:37:51.600
everybody a lot of guys that made good money doing apps on the App Store and
00:37:51.600 –> 00:37:56.240
stuff that have never went to college so you know it’s one of those kinds of
00:37:56.240 –> 00:37:58.520
things where I think the government realizes that yes we’re holding people
00:37:58.520 –> 00:38:02.360
to a ridiculously high standard some of the best people in we need to get the
00:38:02.360 –> 00:38:07.360
best so in order to get the best we have to lower the standards of what we want
00:38:07.360 –> 00:38:10.960
and you know college is not for everybody like I said there are some
00:38:10.960 –> 00:38:14.760
great people in security industry that don’t have four-year degrees so I’m
00:38:14.760 –> 00:38:18.120
really happy that they’re doing that we need to really get a handle on this kind
00:38:18.120 –> 00:38:23.100
of thing because with all this government sponsored hacking and all
00:38:23.100 –> 00:38:27.400
that kind of stuff we are going to need really good people and especially since
00:38:27.400 –> 00:38:31.960
there is a shortage of people this is a good way of doing it and I want to point
00:38:31.960 –> 00:38:35.280
this out to a lot of people talk about COVID and and I’m not getting political
00:38:35.280 –> 00:38:39.360
I’m not but a lot of people say COVID where’d all these people go why didn’t
00:38:39.360 –> 00:38:44.080
people go back to work it just shows you too that it’s it’s not just like the job
00:38:44.080 –> 00:38:49.600
it’s not just like the food industry it’s not just the you know the the
00:38:49.600 –> 00:38:53.920
blue-collar jobs with a shortage of people even in in white-collar fields
00:38:53.920 –> 00:38:58.920
there is a shortage of good people so it just shows you it doesn’t matter what
00:38:58.920 –> 00:39:03.840
industry your is there is a serious shortage of people in the workforce and
00:39:03.840 –> 00:39:07.960
like I said it doesn’t matter you know what industry you’re in there is a
00:39:07.960 –> 00:39:12.320
shortage right now so I thought that was interesting like I said I want to go
00:39:12.320 –> 00:39:15.880
ahead and just point one thing out like I said if you want to reach out to me go
00:39:15.880 –> 00:39:20.640
to the website the pain of security comm email me I do enjoy all the emails and
00:39:20.640 –> 00:39:25.760
really appreciate it and like I said I have I do we do have the forums up now
00:39:25.760 –> 00:39:29.400
and a lot of other things so please go with it we also have a lot of free tools
00:39:29.400 –> 00:39:33.360
I have I write a lot of free little tools and give them away for free if you
00:39:33.360 –> 00:39:38.280
go to the pain of security comm click on tools click on software there is tons of
00:39:38.280 –> 00:39:41.480
free software there you can use little security tools little things I write
00:39:41.480 –> 00:39:46.120
that I give away for free go ahead and like I said take you know you know
00:39:46.120 –> 00:39:49.800
download them enjoy them use them like I said all these little goodies that I
00:39:49.800 –> 00:39:52.520
write like I said I give them away for free I enjoy messing with code when I
00:39:52.520 –> 00:39:56.680
have some downtime and it’s nice just make sometimes little tools that people
00:39:56.680 –> 00:40:01.440
can use and kind of help people out just like this podcast so I want to thank
00:40:01.440 –> 00:40:08.000
everybody for listening and we will see you on the next episode thank you much
00:40:08.000 –> 00:40:08.840
(upbeat music)