Leave a review for our podcast & we'll send you a pack of infosec cards.
Since October was Cyber Security Awareness month, we decided to look at what’s holding back our efforts to make security—to coin a phrase—“great again”.
In this episode of the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Mike Buckbee – shared their thoughts on insider threats as discussed on a recent Charlie Rose show, the brilliant but evil use of steganography (the practice of concealing a file, message, image, or video within another file, message, image, or video), and the dark market for malware hidden in underground forums.
For a taste of the podcast, here are a few data security ideas and quotes from our panelists.
- Insider Threat
- According to Keyser, an insider attack might not necessarily be the fault of employees. It could be that a hacker obtained their credentials—by guessing or pass-the-hash– and the attack was executed under their name. So don’t make an employee the ‘fall guy’ for what was really an outsider. Blame IT instead. Kidding!
- On hackers hiding credit card information on images, Keyser says, “It’s reminiscent of the skimmer attack, you might find on an ATM or a card reader at shop you go to, but it’s applying that same concept to data, the nonphysical world.”
Like the rest of us, Englert was fascinated by the use of steganography. Englert says, “It’s always been kind of an interesting concept that I played with just for fun, but to see this used as an exfilitration method, it’s terrifying and it’s also brilliant. Having the website serve up the information you’re stealing, publicly, hidden in image files, it’s such a great way to get data out.”
What will hackers think up next?
- Underground Forums
- Englert thinks these underground sites are fulfilling a market need. He says, “Why not be enterprising? Makes sense from a business perspective. It’s not moral, but a way to make money.” Hackers are certainly displaying an entrepreneurial spirit.
Thinking Like a Hacker
With DDos attacks on the rise – up 125% in 2016– Buckbee shares what he learned from Marek Majkowski’s presentation, “Are DDoS attacks a threat to the decentralized internet?” A united Internet makes us strong, and with a divided one we may fall.
A Tool for Sysadmins
Mosh (mobile shell) is a remote terminal application that supports intermittent connectivity, allows roaming, and speculatively and safely echoes user keystrokes for better interactive response over high-latency paths.