Â
Â
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Defensive Security Podcast Episode 268
Stories:
https://www.scmagazine.com/feature/i...
more
Jul 17 2022 32m
Chapter 1 59 sec
All right, here we go today. Sunday, July 17th. 2022. And this is episode 268. Of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew KellettChapter 2 59 sec
point, but the pictures are actually sound absorbing panelsChapter 3 59 sec
really interesting stuff in hereChapter 4 59 sec
CISO of solar winds describes that the attack didn& actually. Change their code base. So the attack wasn& against their code repository. It was actually against one of their build systemsChapter 5 59 sec
end of each of those, there& a comparison. And if they don& They don& match, if the. They call it a deterministic build. So there are like their security team does one, a dev ops team does another and the QA team does a third. And all buildingChapter 6 59 sec
resources to do so maybe it makes senseChapter 7 59 sec
dedicated red team who& focused on the build environment. I will say the one. Reservation I have is this kind of feels maybe a little bit like they& fighting the. The last war. And so all the stuff that they& describing is very focused on. Addressing the thing that failed last timeChapter 8 59 sec
Attack outcomesChapter 9 59 sec
I& drawing a blank. I think that& one of the hotel change. don& want to say the wrong name, but I I believe that there are. There are also instances. We& readily available. Where the contrast true. Like they just keep getting hacked over and overChapter 10 59 sec
stuff. They mentioned it here. I& sure that CrowdStrike appreciated that. Their own. Tier three SOC. They& got a lot of stuff and they also talking to that now their retention rates for customers are back up in the nineties, which is pretty, pretty good. So I don& know. Yeah. Clearly this is a PR thingChapter 11 59 sec
bureaucracy and checks and balances that must add tremendously to the costChapter 12 59 sec
help the rest of The rest of the industry learned, which is, by the way, like what we& trying to do here on the show. Kudos to themChapter 13 59 sec
NTSB or what have you. But they released this report last week, which describes. What happened in, or at least their analysis of what happened. In the log4j. Incident that happened last year. And. So I have mixed. Mixed emotionsChapter 14 59 sec
In the last I checked every single month for the past 20 plus years. Microsoft releasesChapter 15 59 sec
Combined into this commercial software. And the big challenge we had as an industry. Was figuring out where they, where all that stuff was. And then even after that Trying to beat on your vendorsChapter 16 59 sec
think there& a real appreciation for how pervasively, some of these things. Are being used. They do talk about in the recommendations about creating built in a better bill of material for software, which I think is good. But it& still, that& like coming at it the wrong wayChapter 17 59 sec
surprised when some enterprising researcher. Lifts up a rug that nobody& looked under before and realizes, oh gosh, there& this piece of code that was managed byChapter 18 59 sec
package. That does its job well that I can include in my software package. I could potentially save myself a lot of bugs andChapter 19 59 sec
talking about versus, Hey, that& a solved problem. I& just pull it off the shelf and move onChapter 20 59 sec
going to be in every fricking piece of commercial and open source software out thereChapter 21 59 sec
it becomes much easier to look across your environment and say, yep, I got it there and thereChapter 22 59 sec
open source components exist in, pervasively and what would be easy ishChapter 23 59 sec
are sending letters to unwitting. Employees at different companies. And I don& know how well targeted this is. There& really not a lot of discussion about that, but. In the example they cite they have a letterChapter 24 59 sec
It, the hypothesis is that it will lead to unsurprisingly a ransomware infection because they& install a remote access Trojan on your workstation. And then, use that, use that as a beachhead to get into yourChapter 25 59 sec
perilous to think that you can train it away, because then you start to think that when it happens, It& the failure of the person. And actually think that& the wrong way to think about it. If you have, Obviously. You want to do some level of training?Chapter 26 59 sec
on ourChapter 27 59 sec
the. Attacks involving macros has fallen away. So pretty effective control Microsoft last weekChapter 28 59 sec
problem. For at least 15 years with MicrosoftChapter 29 59 sec
that is the story for tonight. Just one little bit of editorial. I spend a lot of time during the week reading. Different stories, all kinds of Google alerts set up for For different security stories and whatnot to help pick what we talk about on these podcastsChapter 30 59 sec
And I don& mean to be that harsh about it. It& justChapter 31 59 sec
to have one of and if it& not one of these three, you don& get premium pricingChapter 32 59 sec
We proudly have I think we& cleared 10 years of no No vendor sponsorship. No sponsorship of any kind, other than a donationChapter 33 46 sec
entertained. And really proud of you when I found out that your voice. Was found to be one of the best tools to disperse crowds