7MS #416: Pi-hole 5.0
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today we're talking about some of my favorite features of Pi-hole 5.0. Including: WARNING! WARNING! Upgrading from 4.x is a one-way operation! Per-client blocking (you can setup, for example, a group machines called "kids" and apply specific domain block/allow lists and domains to them) More granular detail (especially if there are issues) when blocklists get updated Better, richer debug log output I also talk about a great companion for yor Pi-hole: a command-line Internet speed test! Hat tip to Javali over at the 7MS forums who told me about this. Additionally, I briefly mention "Hashy" (the nickname of my password cracking rig), give you some stay-at-home streaming TV show recommendations, and give you a quick house rebuild update!
28 Mai 202035min
7MS #415: Cyber News
Today's episode kicks off a fun little experiment where my pal Joe Skeen and I cover some of the week's interesting security news stories, how they might affect you, and what you can do to make you and your company more secure. This week's stories: Salt stack RCE (Daily Swig / Cyber Scoop) Malware uses Corporate MDM as attack vector (Checkpoint) Critical vulns in Sharefile (Citrix) Shareholders sue Labcorp over their 'persistent' failure to secure data (Cyberscoop)
21 Mai 202031min
7MS #414: Tales of Pentest Fail #4
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today I'm excited to share more tales of pentest FAIL with you. Today's tales include: Accidentally scanning assets that belong to an agency that nobody should be messing with Delivering reports with vulnerabilities from somebody else's network Why it's important to write a report more than 15 minutes before delivery Lessons learned from firing a disgruntled employee
14 Mai 20201h 4min
7MS #413: PCI Professional Certification (PCIP) - Part 3
Hey everybody! I hope you're hanging in there during quarantine and staying healthy. Today is part 3 of our ongoing series all about becoming a PCIP. The good news is I'm finally, actually registered for the cert and have started diving into the training! So in today's episode I want to regurgitate some of what I'm learning to whet your appetite (or not) for this particular certification. Specifically, we cover: The overview and objectives for being a PCIP (TLDR: PCIP does NOT replace QSA or ISA, but gives us a good understanding of how to protect payment card data) How and why payment card data is leaked/stolen/breached - and then sold/monetized The definition of some fundamental PCI acronym soup, including PCI DSS, PA-DSS and P2PE
7 Mai 202051min
7MS #412: Tips for Working Safely and Securely From Home
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. In today's episode we share some tips for working more safely and securely from home, which for many of us is our new office for the foreseeable future! Specifically, we cover: Picking powerful passwords Locking down your wifi Defending your digital identity Protecting your PC Blocking icky stuff in your browser Composing careful conference calls Clicking links carefully I've also made this episode available in long-form blog here. Please feel free to share with anybody you think could benefit from the info!
1 Mai 202045min
7MS #411: More Fun Stay-at-Home Security Projects
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today is sort of a continuation of episode 407 where we covered four fun stay-at-home security projects including FoldingAtHome building a headless pi-hole, redoing your network with a Dream Machine, and enjoing some music via Zoom by way of Q.U.A.C.K. In this episode, we cover: Pentester Academy is awesome and currently has a steal of a deal if you're looking to score a membership on the cheap! CompTIA caught my eye because they're offering 20% off certain tests/bundles with coupon code earthday2020. Personally I'm this close to pulling the trigger on this CompTIA Cloud+ bundle, and even better, they offer online testing during this stay-at-home time! Pi-Holes are a free and awesome way to keep ads and other garbage off your network. Additionally, I give you 100 extra nerd points if you enable DNSSSEC. Just make sure your date/time settings on the box is correct, otherwise DNS will be pretty broken. I discuss a fix here on the 7MS forums.... Read more at 7ms.us!
24 Apr 202054min
7MS #410: PCI Professional Certification (PCIP) - Part 2
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. I’m gonna love you like coronavirus, I don’t know what else to say I’m gonna love you like coronavirus, I’m gonna stand 6 feet away Yes our love was meant to be, but it will have to wait until later Cuz I don’t wanna end up hooked up to a ventilator In today's episode I continue sharing my journey about becoming a PCIP. Spoiler alert: I'm still applying to even start training to be one. Here's what we'll cover: The pentesting requirement 11.3 from PCI that kind of boggles my brain, and some advice I got from a PCI guru that helped clear things up for me. This video also helped me better understand requirement 11.3. The super sucky couple of personal quarantine days I’ve had that include: Cocoa that tastes like mint-flavored old lady diarrhea Our fridge and freezer going ka-put Exploding drinks in my fridge A multi-thousand dollar repair on our new house that hasn’t even technically broken ground yet (!)
16 Apr 202057min
7MS #409: PCI Professional Certification (PCIP)
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today I'm starting a journey to become a PCI Professional (PCIP), and I'll be periodically updating the status of this journey on the 7MS forums. You don't need to be a QSA to get a PCIP, but you do need "2 years in IT or payments related background to have your application approved." The PCIP certification gives you (and I'm quoting from the PCI Web site): Principles of PCI DSS, PA-DSS, PCI PTS, and PCI P2PE Standards Understanding of PCI DSS requirements and intent Overview of basic payment industry terminology Understanding the transaction flow Implementing a risk-based prioritized approach Appropriate uses of compensating controls Working with third-parties and service providers How and when to use Self-Assessment Questionnaires (SAQs) Recognizing how new technologies affect the PCI (e.g. virtualization, tokenization, mobile, cloud) The test costs + exam for a non-participating organization (like 7MS) is $2,500. You also have to re-up every 3 years for $260 (yay, another thing to have to pay for regularly). In the miscellany department: Do you know someone who would enjoy a live 3-song acoustic concert? Check out my family's new ministry, Q.U.A.C.K. - Quarantined Unplugged Acoustic Concerts of Kindness. A Webinar on creating kick-butt cred-capturing phishing portals is happening on Tuesday, April 14! Register here!
9 Apr 202040min
