Skip to main content

Posts

Episode #37 - It's Time...

You got free time? Time?! That resource we want more of, or less of, the one we want to slow down, speed up, thank, curse, monitor, measure, ignore and obey. All often within the span of the same day.  The very resource we so often run our lives by, yet waste at every turn. It too, like our digital world is a more abstract concept than the tactile analog world we live in. It too can be captured and tamed for fleeting moments in devices, yet like it’s digital cousin we think we control it, but we are nothing more than custodians of the memories it leaves behind. We are not good with time; we’ve had 6,000 years or so to get used to the idea of its passing and the consequences.  We used to track it by the moon, nowadays we are ruled by atoms that are accurate to a millisecond every decade. So, why should we care? We waste so much of it. We allow others to dictate our use of it Our very existence is tyrannized by it We have watched the convergence of our digital world and that of time, and
Recent posts

Episode #36 Timmy is in the well... Nope that's Sodium Hydroxide

This week we saw an attack against a city water system, in an attempt to poison the drinking water. Many of us have been warning about this for years. How did this happen?  It must have been the work of sophisticated nation state attackers, it has to be hard to hack a water treatment plant because you know, people could die if that happened.  The people in charge must take extra precautions, and have really good security practices in place to keep our drinking water safe. They must have been unable to prevent or avoid this attack. These are all things that we hope would be true, unfortunately the reality of what actually happened is far more disturbing.    (Channeling my inner security Yoda) Sophisticated this attack was not, difficult to pull off was it not,  prevented could have been, security basics lacking they were, practice good they did not. What happened was a multitude of failures in requiring and implementing the most basic and foundational of security controls.  We have reac

Episode #35 - The root of all information security industry problems

Here's a question for you: What is at the root of all information security industry problems? Oh shit! Talk about an ambiguous question. Yes, but who said ambiguous questions are bad? Alright, let's break this down then. First, the question assumes there are "problems". Are there? We think so, but... ~942,000 people in the U.S. are gainfully employed in this industry, and most of us are getting paid pretty well. Good paying jobs doesn't seem like a problem to me. Worldwide, the cybersecurity market is valued at $173B. Seems the people selling shit are doing alright, no problem here. Global "cybercrime" losses for 2020 were estimated to be $945B. The crooks DEFINITELY aren't experiencing any problems either! So, where are the problems then? Simple, look for the people who suffer, the victims.  They're the ones who get the short end of the stick. They feel the brunt (or symptoms) of the problems. They lose money, they lose businesses, they lose inc

Episode #34 - From the Sublime to the Ridiculous

Chris' turn to pick our topic... There’s been a lot of hand wringing these last few weeks as ALL sorts of folks have woken up to, realized, or started to question their online presence. Their digital world has crumbled around them as they’ve realized not only don’t they own anything they commit to the keyboard, but whatever they do is, controlled by someone else. Congratulations you are no longer the master (or mistress) of your own destiny, welcome to the digital world, please get in a queue like a good subservient population and tow the line or else. No? Then please leave. Leave the digital world behind, after all WE still have all that you were while you WERE here… But, you can’t can you? Someone somewhere HAS a digital record of you, it’s out of your control, welcome back peasant. What IF you could be YOU on a digital medium? How DO you secure AND use it, yet ensure that nobody keeps nicking it? (Stealing for the colonials here) THIS is the topic of this evenings Security Shit

Episode #33 Can I end cyber risk? or it is all just a pipe dream?

Recently a well known cybersecurity company made a very bold claim that they can end cyber risk! This begs the question can you end cyber risk? what would it take to end all cyber risk? Is it even possible to end cyber risk? what if you put the phone in the chipper shredder, throw the laptop into a cruciable and melt it to bits, will that help? How deep does the digtal rabbit hole go? is there any escape from cyber risk?   Can you go off grid or will the grid follow you? if you do go off grid does that impact how much you care about your digtial life? does being off grid affect your cyber risk exposure? Or is it all just a pipe dream? are vendors selling pipe dreams and not soulutions? or are they just smoking some funny stuff that makes them think this behaviour is ok. Tonight on the Security Shit Show we will be discussing this and much more, trying to figure out what we can do about cyber risk, because we know as long as computers exsist so will cyber risk. Catch this episode of the

Episode #32 - Where's the plunger?!

We're back after three weeks off! Seems the world didn't right itself while we were away. SUNUVA...! (or BUGGER for Chris) 2020's gone. YAY !  2021's here. YAY! ...maybe? The calendar flipped, but the script didn't. 2020 was a f*cked up year for sure. Like seriously f*cked up! There was no shortage of breaches, sh*tty security stuff, panic, fear, loathing, division, etc., etc., etc. The new year brings hope, right? Hope for a fresh start. When the calendar flipped to 2021, there was a collective sigh of relief.  Yes, 2020 is behind us! There's hope! We can see light at the end of the tunnel! Hope is GOOD! Then reality hits (again). The sh*t from 2020 didn't go away. It's like 2020s sh*t is still in the toilet bowl and the f*cking toilet is clogged. Will 2021 be a year we find the plunger or a year we eat a sh*tload of bad Mexican food while we ignore the clog? We don't want 2021s sh*t to pile on top of 2020s sh*t, do we?! We've stumbled out of th

Episode #30 - What do you do when the security provider gets hacked?

Another day, another breach in the news, what's new? well..., this time the victim is one of the worlds leading information/cybersecurity providers.   The company has come forward to say that their offensive red team tools have been stolen, and most likely by a foreign nation. What do we do when the very companies we trust to help protect our nation, become the target of military grade warfare? According to the company, this was not a run of the mill cyber attack, this was a highly sophisticated and targeted attack by a nation state. This is not the first time a security company has been the target of a goverment sponsered attack, nor will it be the last. As an industry if the tools we produce to protect, can also harm what are the obligations to protect them? and how liable are we if they get stolen and used for naferious purposes?  Knowing that our industry will continue to be a target of highly shopoistcated goverment attacks, what obligation if any, does the goverment have to h