Podcast Summary: Talkin’ About Infosec News – March 1, 2022
Podcast: Talkin' Bout [Infosec] News
Host: Black Hills Information Security (BHIS) Team
Date: March 1, 2022
Episode Theme:
The hosts dive into a range of current infosec news stories, with a particular emphasis on the impact of the Russia-Ukraine conflict on cybersecurity, U.S. infrastructure readiness, Microsoft security updates, amusing tech mishaps, and notable industry mergers.
Episode Overview
This episode runs the gamut of cybersecurity happenings, spotlighting the geopolitical cyber tensions driven by Russia’s invasion of Ukraine, and the wider implications for global information security. The crew explores how these events tie into ongoing debates over cyberwarfare, governmental and corporate readiness, and shares a mix of humor and wisdom around both cutting-edge and everyday security issues.
Key Discussion Points & Insights
1. Cyberwarfare Amid the Russia-Ukraine Conflict
-
Russia’s Cyber Tactics:
- The panel discusses ongoing cyber attacks impacting Ukraine’s military and banking sectors, highlighting DDoS incidents and the historical playbook of Russian state actors.
- “It seems like the FSB, you know, tactic here, Russia just shuts down…” — Ralph May (02:54)
- Ongoing uncertainty about attribution—are these false flags or directly linked entities?
- “There’s gotta at least be a false flag, right? North Korea or someone.” — Corey (02:56)
- The panel discusses ongoing cyber attacks impacting Ukraine’s military and banking sectors, highlighting DDoS incidents and the historical playbook of Russian state actors.
-
Evolving Definitions of War:
- How the persistent nature of cyberattacks blurs the boundaries of war itself.
- “You can almost argue that we’re just in an ongoing war forever now. Just it’s all cyber…” — Alex (11:07)
- “The precedent is basically that there has never been an active... war that was attributed to a cyber attack…” — Corey (11:21)
- Sanctions are the primary government tool for responding to these incidents, rather than direct military action.
- “They address it through like sanctions and things like that... the repercussions are addressed through diplomatic, like sanctions.” — Corey (12:55)
- How the persistent nature of cyberattacks blurs the boundaries of war itself.
-
Psychological Warfare and Infrastructure Destabilization:
- Examples include cyberattacks targeting morale, weekend disruptions, and holiday-timed incidents.
- “It’s an intelligence tactic to a raid and degrade and erode faith in leadership and communications.” — Wade (14:13)
- Examples include cyberattacks targeting morale, weekend disruptions, and holiday-timed incidents.
Notable Quote
- “So I guess what we learned is we’re all at war all the time. And that’s just how we live now.” — Corey (15:35)
2. U.S. and Western Response Readiness
- The FBI’s Cautionary Stances:
- Coverage of Newsweek’s summary of American agencies bracing for Russian cyberattacks:
- “It says it’s engaging in efforts to support the US response and to secure the homeland from any Russian actions.” — Corey (08:26)
- Coverage of Newsweek’s summary of American agencies bracing for Russian cyberattacks:
- Security of Government Contractors:
- Discussion about risks to unclassified but sensitive information accessible via compromised contractor networks.
- “There’s a lot of unclassified data that is, you know, valuable. Relevant to technology that’s in use.” — Ralph May (08:40)
- Discussion about risks to unclassified but sensitive information accessible via compromised contractor networks.
-
Practical Advice for Organizations:
- Strongly warning against common exposures, e.g., Remote Desktop to the Internet, old/outdated protocols, and the importance of segmented privilege.
- “Please stop exposing SMB version 1. I don’t care what vendors say.” — Corey (10:13)
- Strongly warning against common exposures, e.g., Remote Desktop to the Internet, old/outdated protocols, and the importance of segmented privilege.
-
Insurance Implications:
- The panel notes that cyberattacks possibly classified as “acts of war” may not be covered by standard insurance policies, putting companies at major risk.
- “If you lost all your data and it was deemed an act of war, you could be like dropped or your insurance wouldn’t cover it.” — Corey (16:23)
- The panel notes that cyberattacks possibly classified as “acts of war” may not be covered by standard insurance policies, putting companies at major risk.
3. Microsoft Security Enhancements
-
Default Enhancements in Defender:
- Microsoft turns on LSASS protection by default, blocking credential dumping even from admin accounts.
- “Microsoft Defender is now going to start blocking access to LSASS by default... enabling this by default now with ASR.” — Ralph May (18:08)
- This is lauded as a win for defenders, but will make life harder for red teamers.
- “For a long time, you know, get on a system, get admin access, dump LSASS and spread. So, you know, this should be the first thing you should be locking down.” — Ralph May (20:51)
- Microsoft turns on LSASS protection by default, blocking credential dumping even from admin accounts.
-
Practical Ramifications:
- Using third-party antivirus disables the built-in protection.
-
Crypto Humor:
- Spirited jokes about telemetry and Defender potentially mining crypto in the future.
- “I can’t wait till Defender gets crypto miners.” — Corey (21:27)
- Spirited jokes about telemetry and Defender potentially mining crypto in the future.
4. Infosec Oddities: Dad Deploys Radio Jammer (France)
- Story Recap:
- A French dad tries blocking his teens’ internet with a signal jammer, only to accidentally knock out connectivity for the entire town.
- “A dad set up pretty much a radio jammer in order to block his teens from going on the Internet. But also took out the entire town’s Internet as well.” — Alex (22:40)
- A French dad tries blocking his teens’ internet with a signal jammer, only to accidentally knock out connectivity for the entire town.
- Explored Risks and Regulations:
- Lessons on radio propagation, legal ramifications, and how such interference is quickly traceable by authorities (FCC or local equivalents).
- “If you do this, they will eventually figure it out... the cell phone carriers, they... pull up a spectrum analyzer and see someone just bleeding out your carrier.” — Ralph May (25:08)
- “Hell hath no fury like bored ham radio operators. They will find you.” — Tim (26:14)
- Lessons on radio propagation, legal ramifications, and how such interference is quickly traceable by authorities (FCC or local equivalents).
5. Major Industry Acquisitions and Mergers
-
Akamai Acquires Linode:
- For $900 million: a big move for a CDN player taking on a VPS provider.
- “I didn’t realize Linode was that, like, big. I always kind of viewed them as an underdog…” — Corey (29:04)
- For $900 million: a big move for a CDN player taking on a VPS provider.
-
Industry Consolidation:
- Banter about Microsoft considering acquiring Mandiant, Cisco eyeing Splunk, and overall consolidation in the infosec industry.
- “Historically, Cisco’s bought all the products, like their router switch and firewalls. Were all companies that were purchased by Cisco.” — Ralph May (31:30)
- Banter about Microsoft considering acquiring Mandiant, Cisco eyeing Splunk, and overall consolidation in the infosec industry.
-
Market Impact and Humor:
- “With Python 2 and iOS combined, we can all conquer the world.” — Corey (30:55)
- Discussion of software/hardware firms expanding into services, and the peculiarities of support models (“One hack a year included!”).
6. The Never-Ending Security “To-Do” List
- Cloud Security Mythbusting:
- Article debated: “If the cloud is more secure, then why is everything still broken?”
- “We’re shifting where stuff’s at, but the security problems don’t stop, don’t change, right?” — Ralph May (41:03)
- The team argues that cloud introduces new risks rather than fixing old ones.
- “At the end of the day, if you know you’re baselining your security... MFA... it shouldn’t matter where it’s at.” — Blake (41:16)
- Article debated: “If the cloud is more secure, then why is everything still broken?”
- Privilege/Identity Weaknesses:
- Noting that nearly half of organizations leave privileged cloud accounts unprotected by MFA.
7. Redaction Fails: Never Pixelate Sensitive Data
-
New Tool: DPIX
- Highlight of Bishop Fox’s open-source tool for recovering “redacted” pixelated info.
- “There is a tool and it’s open source that will supposedly redact any and all pixelation. So let’s try it.” — Ralph May (45:04)
- Highlight of Bishop Fox’s open-source tool for recovering “redacted” pixelated info.
-
Why Pixelation is Weak:
- The team explains the logic behind why pixelation is a poor choice, and recommends solid black/white boxes instead of blur or pixel effects.
- “There is like a push to not use pixelization, to just black it out... the attack surface is, you know, expanding.” — Corey (48:19)
- The team explains the logic behind why pixelation is a poor choice, and recommends solid black/white boxes instead of blur or pixel effects.
8. Notable Quotes & Memorable Banter
- “The more you mine, the more you get... threat intelligence network powered by blockchain.” — Ralph May (21:43)
- “That was Einstein. My bad.” — Ralph May (15:51)
- “Don’t scan the QR code. Don’t scan it.” — Wade (06:45)
- “Hell hath no fury like bored ham radio operators. They will find you.” — Tim (26:14)
- “Security through pixelization?” — Alex (49:37)
- “Always get high on your own supply.” — Corey (53:24)
- “Only one hack per year is included with your subscription.” — Corey (37:41)
- “It’s like buying an apartment building. It’s already rented out, right?” — Ralph May (29:43)
- “Python 2 and iOS combined, we can all conquer the world.” — Corey (30:55)
Timestamps for Important Segments
- Cyberwarfare and Ukraine (02:26–16:33)
- US and FBI Response (07:42–17:01)
- Microsoft’s Defender Changes (18:08–21:58)
- French Dad’s Internet Jammer (22:40–28:05)
- Akamai Buys Linode & Industry Mergers (29:03–33:36)
- Cloud Security Debate (40:08–43:41)
- Pixelation Redaction Failures (44:38–53:11)
Conclusion
Tone: The episode is lively, irreverent, and insightful—mixing technical depth with tongue-in-cheek takes on current events.
Takeaways:
- Cyber conflict is now a permanent backdrop to global events.
- Organizational readiness (segmenting privilege, basic hygiene) is still crucial, especially amid geopolitical crises.
- Vendors like Microsoft are elevating baselines for security, but no magic bullets exist—problems simply move around.
- Don’t pixelate sensitive text!
- The industry is always shifting, both via technology and major mergers.
For listeners:
You’ll walk away laughing (and possibly a little uneasy about the constant state of cyber “war”), with a clearer picture of how infosec professionals dissect, prioritize, and poke fun at the biggest stories in their world.
![Talkin’ About Infosec News – 3/1/2022 - Talkin' Bout [Infosec] News cover](/_next/image?url=https%3A%2F%2Fimg.transistor.fm%2FF8InkpiMkMYzpNaBwEqfYJJhDx1LRfyddIv0YqalzQ8%2Frs%3Afill%3A0%3A0%3A1%2Fw%3A1400%2Fh%3A1400%2Fq%3A60%2Fmb%3A500000%2FaHR0cHM6Ly9pbWct%2FdXBsb2FkLXByb2R1%2FY3Rpb24udHJhbnNp%2Fc3Rvci5mbS82NTJj%2FNTZkZWZmZjliZGJi%2FYWI4OGRkY2QwNTI4%2FMmExMC5qcGc.jpg&w=1200&q=75)