I spoke with Anaconda‘s SVP of Products and Marketing, Mathew Lodge, about software supply chain security. We covered such topics as how to protect the software supply chain, CCleaner, and the deliberately corrupted Python libraries in the Python Package Index (PyPI), Python’s public package repository. Mathew is very knowledgeable about the software development lifecycle, the software supply chain weak spots, and where attackers can inject malicious code into those processes and procedures.
We invite you to listen in and get involved in the conversation because these vulnerabilities affect us all and the viability of our current and future software projects. Ubiquitous software libraries, such as those that the Python project provides to thousands of open source and proprietary applications is a single, but not an isolated, example of what can happen.
Length: 21:38 minutes. Format: MP3. Rating: G for all audiences and venues.
Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.
Perry Chaffee, WWPass VP of Strategy, and I turn our attention toward online shopping because it is the holiday shopping season and security is a big concern, or should be, for anyone making online purchases. You don’t want your shopping experience to be tainted with unusual charges, identity theft, or account compromise of any kind. For these reasons, you need to be aware of your shopping experience and your security.
Here are a few guidelines that Perry and I talk about during the podcast:
Use a strong password.
Use a password manager.
Use a credit card rather than a debit card for purchases.
Enable two-factor authentication for better security.
Before entering passwords or credit card information, look for the https in your browser’s URL.
Close your browser after shopping on a site and reopen it for your next purchase.
Be sure that the site you’re on is the one you want to use.
Never give anyone your password over the phone.
Be VERY careful of links embedded in emails as they can look very similar to real sites.
Be aware of your surroundings and don’t speak your credit card information out loud in public places.
This is not a sponsored podcast but WWPass is a commercial security solution for individuals and businesses to help keep all your online transactions and shopping experiences secure.
Length: 18:02 minutes. Format: MP3. Rating: G
Please contact us for sponsorships, sponsored posts, and videocasts.
Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.
Recurring guest Richard Henderson (Global Security Strategist for Absolute) and I discuss what we think are the greatest threats to security in 2018. We ponder ransomware, standard threats, cryptocurrencies, and other advanced persistent threats. Richard and I agree that 2018 will be another significant security threat year. One thing to note is that while attackers are more persistent, there are some threats that are actually waning such as certain types of ransomware, viruses, and malware that’s easily stopped by smarter browsers, host-based firewalls, and operating system security. That said, we don’t expect attacks to decrease in 2018.
As always, our podcasts are licensed CC BY and are rated G for all audiences and venues.
Length: 29:07 minutes. Format: MP3. Rating: G.
Please contact us for sponsorships, sponsored posts, and videocasts.
Richard Henderson, The Global Security Strategist for Absolute, and I spoke about the global Ransomware threat, its prevention, and what to do if you’re victimized by an attack. Richard and I disagree a bit on what you should do if you’re a Ransomware victim. I say that you should never pay. He says that there are circumstances where it makes more sense to pay the ransom.
I write the introductory column for ADMIN magazine and in the most recent issue (Number 40), I wrote about this very topic. I titled it, “Feeding Seagulls is Wrong.” It is a light-hearted look at feeding seagulls, which I compare to ransomware writers. To me, paying ransomware writers is like feeding seagulls: You’re down a bag of Cheetos (Some amount of Bitcoin) and the seagulls (Ransomware writers) are never satisfied.
Listen to the podcast. Read my column. Make a decision. And feel free to tweet me @kenhess to start a discussion.
Length: 24:11 minutes. Format: MP3. Rating: G for all audiences.
Copyright 2017 The SecurityNOW Podcast Show. CC BY.
Greetings SSH fans. Preston and I had the pleasure of speaking with SSH Communications Security founder Tatu Ylönen about keyless access and how system administrators and system security professionals should “manage access, not keys” when using the SSH protocol.
Preston and I debate the security of a decision to use passwordless and keyless access. During the call, we asked how to implement keyless access and what the deployment looks like to a system administrator. Preston and I are both system administrators, so we are definitely interested in the ins-and-outs of deployment.
As always, Tatu is very engaging and extremely knowledgeable about the topic of security, SSH, and access management.
Length: 15:52 minutes. Format: MP3. Rating: G for all audiences.
Preston and I took a few minutes to recap the year so far in cybersecurity and to catch you up on what’s going on with breaches, security tips, and ransomware. We have a lengthy (for us) conversation that covers all things cybersecurity for the first half of 2017 and all that it had to offer. I want you to pay particular attention to my five rules concerning ransomware. Please take this advice as wisdom from not only Preston and myself but from other cybersecurity professionals as well.
Length: 33:56 minutes. Format: MP3. Rating: G for all audiences.
Preston and I had the pleasure of speaking with, Dr. Jerald “Jerry” Dawkins, the CEO and founder of True Digital Security, the premier local security company here in Tulsa, Oklahoma. For this one, I stayed behind the scenes (literally) and Preston took the solo spotlight for this rare interview with Dr. Dawkins. This podcast is actually the audio extract from the video (Coming soon) we captured during the interview. True Digital Security is headquartered in Tulsa but has offices in Tulsa and Oklahoma City and cover clients globally.
Jerry and Preston discuss passwords, compliance issues, security pain points, and how to engage True Digital Security for your corporate security needs. This is a special focus on a growing company of security experts who are ready to help you navigate HIPAA, PCI, FFIEC, NERC CIP, and your other corporate security requirements and needs.
I think you’ll agree that after listening to this interview that Dr. Dawkins and his team knows security. You’ll also agree that this discussion is far too short. We hope to have Jerry and other True Digital Security folks on the show in the future so that you can get to know the whole team.
Length: 22:12 minutes. Format: MP3. Rating: G for all audiences.