Security Chipmunks
Security Chipmunks
Episode 11 - Hello Episode, I'm Dad.
Welcome to the Security Chipmunks podcast where we talk about the development of cybersecurity skills. To stay up to date in today's world you need to be resilient, that’s why as Advanced Persistent Chipmunks we keep chipping away at it.
Cybersecurity Awareness Month
https://www.cisa.gov/cybersecurity-awareness-month
Twitch Suffers Data Breach Divulging How Much revenue Its Biggest Streamers Make
Epik Breach
https://techcrunch.com/2021/09/17/epik-website-bug-hacked/
https://en.wikipedia.org/wiki/2021_Epik_data_breach
https://www.dailydot.com/debug/anonymous-new-epik-leak/
Deep dive Facebook Outage
https://blog.cloudflare.com/october-2021-facebook-outage/
Goodbye Https Everywhere
https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
uBlock Origin
https://github.com/gorhill/uBlock
Library Extension
https://www.libraryextension.com/
Azure Network Security Dashboard
https://techcommunity.microsoft.com/t5/azure-network-security/introducing-the-network-security-dashboard-for-azure-security/ba-p/2779842
Socials
- Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
- Follow us on Twitter: https://twitter.com/SecChipmunk
- You can find us online at: https://securitychipmunks.com
Thank you.
Edna Jonsson:Welcome to Security Chipmunks Podcast. My name is Meg Sedna-Johnson, and I'm here with my co-hosts, Neil Smalley and Patrick Lowther. Say hello, Neil.
Neil Smalley:Hello, Neil.
Edna Jonsson:And hello, Patrick.
Patrick Lowther:Hey, guys. How's it going?
Edna Jonsson:Very good. How are you?
Patrick Lowther:Doing good. I love the dad jokes. I love them.
Edna Jonsson:You haven't said one yet. Well,
Patrick Lowther:I think that's what we'll do now. Neil and I will just kind of alternate them. Sounds good to me.
Edna Jonsson:You're going to share the dad jokes?
Patrick Lowther:Yeah, just spread them around. Spread the wealth. There you
Edna Jonsson:go. So, I don't know if you noticed or knew this, but it is Cybersecurity Awareness Month. And I heard somebody say that it is now a cybersecurity advent calendar. Facebook went down. Yeah, Facebook.
Patrick Lowther:So far, it's been a very interesting week, hasn't it? Seven days in, and this ain't looking so hot.
Edna Jonsson:Yep, and then Twitch went down. Well, It didn't go down. Sorry. It got hacked. It's still up. but somebody else has all of the data that was a big big hack too
Patrick Lowther:yeah yeah it's kind of interesting like I started kind of going through a little bit of the breach like on some of the sites that I posted on and there's a lot of stuff in there I'm like whoa so who knows if it's all accurate or up to date or what but
Edna Jonsson:yeah well one thing that I found interesting They had how much they were paying people for streaming on that platform. And the top 80 streamers on Twitch all make a million dollars or more a year just for streaming. I was blown away by that.
Neil Smalley:Cybersecurity chipmunk streams when?
Patrick Lowther:Exactly. Yeah. Our goal, we'll shoot for top 150, and we'll split half a million a month somehow, guys. We'll do that.
Edna Jonsson:We'll figure it out.
Neil Smalley:Sounds good.
Edna Jonsson:Yeah, so also was linked to their entire code base. So they involuntarily became open sourced. And also all of their red team toolings and the tools that allows them to pick up things in hacks to grab their code and stuff. So their tools for grabbing code that gets leaked was a lot. also leaked.
Neil Smalley:Yeah, like the stuff that scans for secrets and stuff that shouldn't be out in public and whatnot. I think we talked about that a little bit last episode with the GitHub secrets stuff.
Patrick Lowther:Yeah, we did. Do you think their tooling fired off when this latest stuff was posted?
Edna Jonsson:That's a good question. It
Neil Smalley:depends on if they are monitoring the places that things like this could post like well this particular in particular was posted on 4chan so I guess it depends on if they're monitoring 4chan or not but
Patrick Lowther:do you think well I mean I haven't had a chance to break down into the tools yet but I know a lot of people they have custom tooling to monitor like their github and like their git repositories for things like that so I'm wondering if that's kind of like what the tooling's meant for
Neil Smalley:I think it's meant more towards that. I know there are supposedly some threat feeds that claim to monitor things like 4chan or certain dark web forums and not, but that's a whole other ball of wax.
Edna Jonsson:It's a good stuff.
Neil Smalley:Well, aside from Twitch employees having to deal with it.
Edna Jonsson:Yeah, it's high alert days there for sure.
Neil Smalley:Speaking of hack Are
Edna Jonsson:we talking about the Russian hackers and the Iowa Brain Cooperative?
Neil Smalley:I'm talking about the Epic Breach.
Edna Jonsson:Oh, yes, the Epic Breach. There's too many hacks, Neil.
Neil Smalley:There's just too many. There's been a bunch.
Edna Jonsson:Yes. You can't just say the hack and expect me to know which one you're talking about.
Neil Smalley:There was a book that I was starting to read. I think it's like Cyber Crisis or something by Eric Cole. He was talking about like I guess he regularly talks to like news people or reporters or whatnot and they don't care unless it's like over so many hundred thousand people affected these days because there's like so many of these days that people pay attention news cycle wise unless it's like a huge number. And even then it's like only last like a day or so. The overwhelm is real.
Patrick Lowther:That reminds me of dealing with HIPAA guidelines for reporting some security breach involving HIPAA data. You could get away with so many records per breach without having to report to the OCR or anybody like that. I'm like, that seems kind of shady. Just
Neil Smalley:a little bit.
Patrick Lowther:We've only lost five less than the number we're required to report, so we're good.
Neil Smalley:Yeah, you kind of wonder if people smudge that number just just a tad like oh we lost one of our things we don't know if it got stolen
Patrick Lowther:or not well so it's funny like in the HIPAA world even with a lost like a lost laptop you have to still declare that to like your state reporting body and then say yes we had these safeguards in place so things like you know full disk encryption and all that good stuff so
Neil Smalley:that uh confidentiality of the cia triad
Patrick Lowther:exactly
Neil Smalley:yeah it was interesting i had somebody ask me like uh so encryption what's the most important thing i need to know i'm like well the quickest thing that will be useful to you for school purposes is going to be like cia triad like if you know what you're trying to do then that'll help you know what you want to be using and so i think the cia triad really kind of covers covers that.
Patrick Lowther:It's kind of interesting. As I was going through learning about that for studying for the SecPlus and the various CompTIA certs, you kind of think, when am I ever going to really use this? But where that really comes down to helping you out is when you have to take that and relate it to either employees that aren't technical or, uh, C levels, you know, or like even like in your job, as you go about like supporting people, you know, you can kind of explain why you're making things happen for them. Um, so it's, it's kind of interesting that we came up on this subject because, um, I was actually just talking about the CIA triad, uh, triangle and stuff like that with, uh, a co-worker. Neil's leveraging the Facebook down to use the listening to listen on me there. I guess so. Good intelligence. Ad data.
Neil Smalley:It's all interconnected now. Do you have Amazon's new drone and robot in your house now, Patrick? No, I do not. Okay. Yeah. Cause that would make life a lot easier for me.
Edna Jonsson:Do you want to hack him? No,
Neil Smalley:I'm just saying instead of like doing the, the IntelliSense ad stuff, you could do the, the, uh, the ring connected, uh, drone that Amazon's coming out with. And then it also has like basically a Amazon show on wheels. So it just a greater, an even greater, uh, surveillance network that's now available to Amazon. I was going to hack it so he can trip me down the stairs with it. Somehow, I don't think I would need a robot to do
Patrick Lowther:that. Between my dogs and the robot, I'm down for it. Pretty much.
Edna Jonsson:I'm going to pivot back to the Epic Reach. For those that are not familiar, Epic was a web hosting company and also domain registrar. And it was very heavily used by the far right, neo-Nazis and extremists in that regard. So some of their customers have been Gab, Parlers, 8chan, and the Oath Keepers. And so this data breach was... they didn't have very good cybersecurity policies in place because their data was just in plain text, completely available to everybody to see once they got it. And when the hack was happening, the CEO of Epic, Rob Monster, he was going on, going into prayer. He was saying that like, If you read the data, then you're going to be cursed. So all of the data that is hacked will be cursed. The drives will burst into flames, so all kinds of stuff like that. The group behind this hack is interesting. They were called hackers on Estradiol. And so if you know about Estradiol, you kind of know what that group might So it's... I don't know. I thought it was interesting.
Patrick Lowther:You know, it's kind of funny that we're talking about this. Did you know that Rob Monster is the cousin of Rob Zombie?
Edna Jonsson:No.
Patrick Lowther:I'm just messing, but... There's my dad joke. Oh, no.
Neil Smalley:Oh, no.
Edna Jonsson:It's like, what?
Neil Smalley:Good egg delivery, too. Just on par with my dad jokes everywhere.
Edna Jonsson:so it's really good to be able to know what's happening in cyber security stay up to date so you can talk with your customers about it and explain to them why certain procedures are important so you can share like oh this happened to Facebook this happened to Twitch or this happened to another company I don't know these stories are good to know about so you can educate your customers about it.
Neil Smalley:Yeah, that's why I like things like case studies on companies' websites. It makes it easy for me to go and then give an example to people who are like, what can I actually do with this? Or what might this actually help me with?
Edna Jonsson:Yes.
Patrick Lowther:So on the same theme of keeping up to date on the events so you can relate it to everybody, do you guys... follow like any of the post data mess ups like say Cloudflare had a pretty good BGP write up on what happened with Facebook and where they theorized happened and then Facebook came out with like a fluff piece we'll say about what happened with their data and how they dropped the routes and everything like that do you guys keep up on those like the deep dive analysis or anything
Neil Smalley:a little bit I glanced at the Cloudflare one I was probably most interested in just watching the uh visualizations of their BGP routes disappearing off the interwebs?
Edna Jonsson:I will admit that I have that open as a tab on my Chrome browser. I intend to read it. I have not gotten to it yet. But I do sometimes jump into reading the deep dives into incidents.
Patrick Lowther:I always love the deep dive stuff because I'm an engineering... person by nature. I love knowing nitty-gritty details on how something works and what cascading failure happened because of this, this, and this and what steps they're going to take to re-engineer the process to resolve it. I'm always a big fan of that happening.
Neil Smalley:I actually have a few more books for my reading list now thanks to that I've got the one with the mountain goat, I think. The Riley one with the mountain goat. I think it's just plain old BGP. And then I've got another... Another one on Q as well. That's just like DNS in general and really digs into that stuff. So I'm planning to dig a little bit deeper on my understanding on that stuff. It's definitely good stuff to learn about.
Edna Jonsson:For sure.
Neil Smalley:Of course, the BGP book, a lot of the BGP books that are available seem a bit dated, but I'm not sure how much actually has changed since the 2000s. Yeah,
Patrick Lowther:BGP's been around for a long time, but I mean, it's one of those things kind of like, if it ain't broke, don't fix it. But obviously in this case, it's kind of maybe broken.
Neil Smalley:I guess it's probably not technically a code It's probably like a gazelle or something on the cover. I don't know. I know a little bit about a bunch of animals, but I'm not familiar with all the different covers, but it looks like some sort of long-horned safari animal. Anyway, it came out in 2002, so there's probably some stuff that could be better served by reading some of the more current Cisco. There's quite a few different Cisco ones to read, but for a good an overview. The O'Reilly stuff is pretty good.
Patrick Lowther:Yeah, I actually really like O'Reilly books. So when I was coming up as a technical person, I usually picked up a nice hard copy of whatever I was trying to learn at the time. So I still have my PHP O'Reilly book, my Asterix, which has the starfish on the cover.
Neil Smalley:There you
Patrick Lowther:go. Yeah. Network Warrior is probably by far the most used O'Reilly book I've ever used.
Neil Smalley:It's on my reading list. It's also on my shelf. But I'm studying more of the stuff I need directly for the test at the moment. But it's definitely on my to-do list.
Patrick Lowther:There's actually, as we talk about it, Humble Bundle has a pretty good ops bundle, like cybersecurity and ops, um, humble bundle from O'Reilly. So it has things like Jenkins, Prometheus, uh, Kubernetes, uh, database reliability stuff in there. So whole bunch of like good, uh, resources to get you up to date on that.
Edna Jonsson:So for sure. All right. So I just want to remind our listeners that, uh, go change your passwords for Twitch and other platforms that you may have been hacked and turn on multi-factor authentication. And these companies are going to make you aware of Cybersecurity Month with the advent calendar.
Patrick Lowther:You know what? Has anybody been giving away swag for Cybersecurity Month? Because one of the best things about conventions and cons and like CTFs and everything like that in person at least would be like some prizes and like a lot of the vendors will give away like socks and you know what I'm running low on socks so I'm trying to I got resources I need some socks
Neil Smalley:gotcha yeah I'm not sure on that
Edna Jonsson:one MongoDB on TikTok will give you socks if you DM them
Neil Smalley:do I have to have a TikTok account though
Edna Jonsson:yes you have to send them a message through the
Neil Smalley:platform. So I don't know what everyone else uses in terms of browser extensions, but one I've been using for well over a decade is called HTTPS Everywhere. So that's made by the... Freedom Foundation? Yeah, that thing. EFF. I always say EFF, so it's like most acronyms, if I only say the acronym, I forget the original meaning.
Edna Jonsson:It's the Electronic Frontier Foundation, not the Freedom.
Neil Smalley:There we go. You'd think they would rename it to Freedom, but Frontier Foundation. Yeah, so anyway, they've been making this extension for over a decade now and so what it does is anytime you request a website and you didn't request it like with HTTPS it automatically redirects you to that if the site has that somehow because for a while there a lot of sites and things didn't really have HTTPS or if they did you had to like specifically type it in and just like redirect you automatically so you end up like doing a lot of stuff insecurely and so like you know, a decade ago before you had things like HTTPS everywhere. You could just sit in a coffee shop and see my password going over the wire. So that was kind of a big deal. Anyway, so basically they're phasing it out because they're like, okay, you know, we have things like Let's Encrypt and like most of the web is pretty much on HTTPS now. So they're phasing it out. And like other browsers have used HTTPS redirects for years at this point and there's ways to turn it on natively in Firefox Chrome Engine Safari now and so they give you instructions on how to do that and so I will have to do that because they're going to be doing away with my favorite extension basically so sad to see it go but it's also good in terms of security that we're now seeing such widespread usage. Yeah. Yeah.
Patrick Lowther:Do you guys leverage uBlock Origin or anything like that within your browser? I
Neil Smalley:do.
Patrick Lowther:Nice. That's another good one that I like to use for cutting ads and also blocking cookies and things
Neil Smalley:like that. I think it's at this point the way the web is currently It's simply just not safe or convenient to experience the web without an ad blocker these days. If you try to go to any run-of-the-mill site, typically these days you have all these different pop-ups and stuff that make it completely unusable without an actual ad blocker. It's quite startling. If you've been on an ad blocker for a while, then going and trying the web without it, it's quite alarming.
Patrick Lowther:Yeah. Yeah, I really really agree with that and one of the best things I like about you black origin is the ability to add the custom list and also the Lists that are pre-loaded for you seem to really cut down on the amount of garbage ads that you see Also, it works on YouTube. So
Neil Smalley:Gotcha. Yep another one. I I just simply have to shout out is library extension it lets me set my local library and then if I'm on Amazon or anywhere else it'll show me if there are any copies available at my local library rather than having to buy it the book so if you're trying to save money and study up it's a really cool extension
Patrick Lowther:so you're saying it will tell you if a e-book is available from to borrow from your library local library?
Neil Smalley:Yes.
Patrick Lowther:That's awesome, man. I like that. Very cool.
Neil Smalley:Physical ebook, you know, pretty much just about any format. Audiobook, etc.
Edna Jonsson:Very cool.
Neil Smalley:I know we talk about Azure a lot. I'm curious if you actually had a chance to use this feature. It only really was announced back on the 23rd. So there's now a network security dashboard for the Azure Security Center. And so basically it looks like it's under Security Center, Workbooks, and then there's now a Network Security Dashboard option.
Patrick Lowther:Yeah, so a little secret about the world of Azure is they don't release anything just blindly to the public. So that's a feature that's been in private preview and then a limited expansion to a public preview. And to get in on that, there's actually a link you can go to on Microsoft to request to have your tenant added to the private security features so you can get more real-time feedback on these things. So with that said, my private tenant that I have, I run within that group, and so I've actually been playing around with some of the newer stuff that's coming out. And a lot of it's pretty interesting. So like what that actually does is it helps you visualize the data better that you're seeing within your environment since it is a dashboard. So you're going to have lots of pretty graphs. What you'll be able to see with it is like an overview of your total network security and like any of the resources for your subscriptions that you have in there. Right. And so things like, you have exposed ports. So if you have exposed ports on those IPs that you have, you'll be able to see that. So it kind of gives you a heads up to say, oh, wait, hey, that's not in compliance with how I want this set up. So you can actually go back and use that to tweak your security posture over Azure there. What else? There's a ton of stuff in this thing.
Neil Smalley:Anything that makes my life easier.
Patrick Lowther:Exactly. Then, boy, let me tell you about ARM templates.
Neil Smalley:ARM templates?
Patrick Lowther:Yes. Azure resource templates. Basically what it is, it's a JSON file that you can define. Oh,
Neil Smalley:so like CloudFormation or something like that for AWS?
Patrick Lowther:Yeah. So Azure and AWS, you can actually just do both Terraform on. Okay, that makes sense. So yeah, and so you can actually use terraform or ash arm templates to like basically establish a baseline in code of how you want your things set up so it's actually pretty slick and what that dashboard you know can do is let you know that oh hey wait i have something messed up in my code so i can actually go back and tweak it to bring within you know compliance so yeah like once once you get started with uh like the automation of things within the cloud. It's a deep rabbit hole you can go into and it's super fun. At least I think it's fun. Then again, I'm also kind of like a nerd who likes doing that stuff.
Neil Smalley:Yeah, for sure. Good stuff.
Edna Jonsson:Yeah, very cool.
Neil Smalley:Of course, Azure has its own training for the network stuff, for example. I was looking at their network security ninja training earlier.
Patrick Lowther:Yes, yes. It's very good. Speaking of that, They've just rolled out a new certificate for you networking folks out there. Cool. Yeah, it's the Azure Network Engineer certification, I think. Yes, Azure Network Engineer Associate. That is the new certificate that they've just rolled out. Like I'm talking, I think they just rolled it out middle of September. So it's really brand new. And if anybody's interested in it, it's the AZ-700. is what it is. Very cool.
Edna Jonsson:All right. So yeah, that's pretty cool. Thank you. I
Neil Smalley:think that's about all we have for the show today.
Edna Jonsson:All right. Thank you. Thank you all.
Neil Smalley:Yep.
Edna Jonsson:Glad to have you. All
Neil Smalley:right. All right.
Edna Jonsson:Keep listening. See
Neil Smalley:you next time.
Edna Jonsson:And make sure you join our Discord.
Patrick Lowther:Keep listening. Tell your friends. Spread the word. So
Speaker 03:thanks for listening to the Security Chipmunks. And remember, if it seems overwhelming, just just keep chipping away at it.