DrZeroTrust

Marriott got hacked again, say what?  Does it mean anything?  What about their fines, didn't that teach them something?  Can I find vulnerable government assets that are misconfigured and make 30 grand in bug bounties in half an hour?  What about cloud resources that the DoD uses?  A billion records are stolen in China, what's up with that?  Those questions and more on this episode!

What's up with the WAF market?  Talking about how we should and shouldn't use a WAF with an expert.  Is the WAF the best way to address the problems we face?  Where is this market going?  What about the evolution of the WAF and it's place in history?  And some hard questions with data to challenge why we might need to move to a new approach.

Can I find medical offices open to the internet?  How hard would it be to hack them?  Why is phishing training a problem for enterprises and businesses?  Deepfakes and PII are being used for nefarious purposes, say what?  Those points and more on this episode.

Thoughts on RSA2022.  New research from Digital Shadows breaks down key areas of concern for us.  I find some vulnerable databases on the web (some are "security vendors"...uh oh).  We are still failing at the basics, and the password is eating our lunch, why is this still a problem?  A great new blog from the S/R team at Forrester on the economy and the security market.  Did AI just go sentient?  Those thoughts and more on this episode!

Can an organization be compliant if they are using Slack to share files, passwords, and other critical and risky data?  How does an agent-less system keep up with all of those short communications in collaboration applications?  Is there more risk if we use modern applications that allow unlimited interaction and collaboration?  What about business context, is there value to deciphering risk?

RSA is next week, I really need a beard trim.  See y'all out there!  Finding vulnerable hospital systems on the internet shouldn't be this easy, but here we go.  Don't worry though they all are HIPPA compliant lol.  How powerful is pimeyes at finding images of people on the internet and how does that affect privacy and security?  Should you be worried?  The new Microsoft Zero Day, how bad is it?  What about hacking tractors and affecting the food supply, that can't be a thing right?  DHS took seven years to hire one person, yeah.  Your tax dollars at work.  Costa Rica ignored it's own cyber defense strategy, and that worked out well right?  How much money is going into the Zero Trust market?  And the tech jerk of the year award goes to an absolute turd of a person.  Those questions and more on this one!

Can you find vulnerable stuff online from 2003?  Surely not?  Uh oh.  Do we need a cyber moonshot to get past the failures we face in cyber security?  Is there more evidence that legislation isn't dealing with reality, and that some of our leaders are missing the point?  Using your phone SIM to do MFA, good or bad?  Is DuckDuckGo really a "private" browser?  Those points and more on this episode.

What matters more, targeting the "asset" (tractors) or the infrastructure for John Deere.  Can you overthrow a government with a ransomware attack?  Why are insurers changing their approach to cyber policies and why are they raising rates?  What about the NSA guidance on best practices, is it really that different?  Those questions and more on this one!

Can we find vulnerable ICS and SCADA controls on the internet?  What about the physical doors that are in those facilities?  Have we really learned anything a year after the pipeline hack?  Microsoft has put out it's advise for ransomware defense, is it any good?  What about F5 and it's big new vulnerability, should you be worried?  Why shouldn't we talk about gangs "going down" in cyber, and does that hurt or help as we deal with those threats?  Those points and more on this episode!

Finding vulnerable passwords with Google dorks, it's super easy (don't do this).  How many VPN's can I find that are possibly misconfigured?  Why does it take a 600 million dollar hack for a company to adjust it's approach to cyber?  New banking legislation and rules on a 36 hour reporting mandate, good or bad?  Those points and more on this episode.