Security Explained
54 episodes - English - Latest episode: about 1 year ago - ★★★★★ - 18 ratingsWelcome to Security Explained, where we strive to make the complex realm of cyber security better understood by everyone. Join our three hackers / hosts Christopher Grayson, Drew Porter, and Logan Lamb for approachable conversation and a few laughs on the world of hackers, how to think about privacy and security in today's rapidly changing world, and how to keep yourself and your loved ones safe.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Are Hack Back Attacks Whack??
January 23, 2023 12:00 - 48 minutes - 33.4 MBIn today's episode listen to Chris, Drew, and Logan struggle with the potential ramifications of companies retaliating against hackers by hacking them back! How do you handle attribution? What about collateral damage? Who in the world would actually notify the FBI prior to doing this?? Let's (potentially) find out in today's episode!
Social Engineering Gotchas
December 22, 2022 12:00 - 49 minutes - 34 MBJoin us as we walk through new and exciting developments in social engineering! FTX/SBF deepfake link below - don't go to ftxcompensation.com https://twitter.com/jason_koebler/status/1594720003923722240 Bonus content: Twilio is put on blast and we lament our AI laden future Happy Holidays everybody!
Best Hacks of 2022
December 08, 2022 12:00 - 54 minutes - 37.2 MBAs 2022 comes to an end, lets look at the best hacks, breaches, and just weirdness in the world of security.
The Twitter Conundrum
November 24, 2022 12:00 - 47 minutes - 32.8 MBTwitter, its been in the news lately, but what does it have to do with Security? In this episode we discuss the most notable items that have been happening along this new Twitter journey and how it is affecting your privacy and security on the platform and if it is going to get better.
Bots Suck
November 04, 2022 11:00 - 48 minutes - 33.6 MBTelling the difference between a user that's a program and a user that's a real human is a hard problem. It's also a problem that is growing in importance as more and more of our lives are subject to what happens online. We've seen incredibly successful PSYOPS campaigns, service outages, anti-competitive litigation, and myriad other harmful events occur as a direct result of automated abuse. So what is a bot and how can you successfully deal with them? We share some of our best secrets for ...
Uber FUNK & CISO Troubles
October 20, 2022 11:00 - 46 minutes - 31.8 MBUber's ex-CISO has been charged with obstruction of justice and is facing up to 8 years in prison. The LinkedIn and Twitter security worlds are going crazy with the question of "What does this mean for CISOs today?" Well if you're not engaged in obstructing federal investigations it probably won't change your risk profile at all. If you are a CISO that's obstructing federal investigations well... maybe CISO isn't the best role for you?? Join us as we dig into the "implications" (or lack the...
Twitter, the Whistle Blows for Thee
September 29, 2022 11:00 - 52 minutes - 36.3 MBIn recent days we've heard whistleblower testimony from Peiter Zatko (aka Mudge) alleging some pretty serious security problems at Twitter. This comes at a fairly opportune time given Elon Musk's interest in buying the company and subsequent cold feet due to Twitter's "bot problem." For the uninitiated, Mudge is a long-time hacker (an "OG" you could say) that has a reputation of being someone that can "speak truth to power." While we're skeptical of the timing too, the material content of M...
Sie Uber Hack
September 27, 2022 11:00 - 47 minutes - 32.8 MBWelcome back for our FIFTH season :) So it turns out that Uber got hacked... and it looks to be bad. Hats off to their PR team for the job they've done keeping things quiet since. We go over the ins and outs of what we know so far and touch on the status of our DEF CON recordings too! Here's to our best season yet! - https://twitter.com/BillDemirkapi/status/1570602097640607744 - https://twitter.com/MalwareTechBlog/status/1570600059909345280 - https://techcrunch.com/2022/09/26/london-polic...
When Confluence and Windows Go Bad
June 08, 2022 11:00 - 50 minutes - 34.9 MBIt's the last episode of our fourth season! The security gods were kind to us and gave us a softball with some exploits that are in the news recently; code execution in Confluence and a new ms-msdt code execution exploit in Windows. Lastly, we talk about preparations for DEF CON (we hope to see you there)! We've loved his journey so far and are so thankful to have you all as listeners. Come say hi at DEF CON and grab a beer with us. - Windows ms-msdt PoC - https://gist.github.com/tothi/662...
Anatomy of a Hack!
May 25, 2022 11:00 - 50 minutes - 34.9 MBWe directly address the question of how hacking actually works by going through some of the underlying issues that contribute to a hack, tell hacking stories, then wrap up with a very brief explanation of the differences with state sponsored hacking! https://xkcd.com/327/ - Little Bobby Tables https://www.saleae.com/ - Example Logic Analyzer
Security In The News May 2022
May 11, 2022 11:00 - 41 minutes - 28.5 MBWe cover 3 security related news events as well as 1 space related news event in this weeks episode. From ransomware to NASA sending nudes into space, get your download of news that sparked our interest in this episode.
Radio Security & Ukraine
May 04, 2022 11:00 - 1 hour - 43.4 MBJoin us as we discuss the black magic of radio communications! What is a radio? Why do phones have so many of them? After covering the basics of radio we delve into radio security (confidentiality/availability/integrity) and its implications with the war in Ukraine.
Privacy Rights and Legislation (CCPA & GDPR)
April 13, 2022 15:00 - 52 minutes - 36.2 MBHow inclined are you to use tobacco? What were your salaries at your previous jobs? Your family and friends may not know, but data brokers sure do! Join us as we discuss CCPA and GDPR, two foundational privacy laws which lay the groundwork for taking back our privacy. We discuss actions citizens of California and EU can take to exercise the rights afforded to them under their respective laws. Later in the conversation we discuss privacy as a human right, the impact of surveillance capitali...
Oofta - The Okta Breach
March 30, 2022 14:00 - 57 minutes - 39.5 MBIt's been a bit over a week since some troublesome photos were posted to Twitter that appeared to show a breach of Okta's administrative portal. In the days since there have been a number of statements from Okta that leave us... disappointed to say the least. When you're such a critical part of modern digital infrastructure (and a security product to boot) one would hope that a breach and the remediation process would be handled with diligence and care. That doesn't seem to be the case here....
Electronic Warfare
March 17, 2022 19:00 - 59 minutes - 41.2 MBIt's been a few weeks since the start of the Russian invasion of Ukraine. Throughout the war we have seen repeated examples of what it means to be engaged in a 21st century war. In this episode we dive in to some of the electronic warfare that we've observed so far coming from both sides of the conflict. It's no exaggeration to say that there have been a number of surprises in a short amount of time. Links from the show: - Generations of Warfare - https://en.wikipedia.org/wiki/Generations_...
Crypto Market Hacks w/ Royal Rivera
March 03, 2022 12:00 - 1 hour - 43.1 MBToday we have the pleasure of speaking with Royal Rivera, CCO of HaasOnline. We discuss some of the major hacks and current cases in the Crypto space. HAAS Online https://www.haasonline.com/ 4.5 Billion of Stolen Crypto https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency Open Seas Social Engineering Hack https://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/ Bitfinex Exchange Hack in Hong Kong https://fortune...
Crypto Market Hacks with Royal Rivera
March 03, 2022 12:00 - 1 hour - 43.1 MBToday we have the pleasure of speaking with Royal Rivera, CCO of HaasOnline. We discuss some of the major hacks and current cases in the Crypto space. HAAS Online https://www.haasonline.com/ 4.5 Billion of Stolen Crypto https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency Open Seas Social Engineering Hack https://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/ Bitfinex Exchange Hack in Hong Kong https://fortune...
Crypto Market Hacks w/ Royal Rivera
March 03, 2022 12:00 - 1 hour - 43.1 MBToday we have the pleasure of speaking with Royal Rivera, CCO of HaasOnline. We discuss some of the major hacks and current cases in the Crypto space. HAAS Online https://www.haasonline.com/ 4.5 Billion of Stolen Crypto https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency Open Seas Social Engineering Hack https://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/ Bitfinex Exchange Hack in Hong Kong https://fortune...
Lockpicking, Covert Entry, & TOOOL with Deviant Ollam
February 17, 2022 12:00 - 45 minutes - 31.6 MBToday we have Covert Entry expert Deviant Ollam to talk about physical security, how he got into the industry, his stories from in the field as a Red Teamer, and how he is looking to change a phrase that many have adopted in the industry. https://deviating.net/ YouTube: https://www.youtube.com/user/DeviantOllam Twitter: https://twitter.com/deviantollam Instagram: https://instagram.com/deviantollam GitHub: https://github.com/deviantollam Trainings: https://www.redt...
Lockpicking, Covert Entry, & TOOOL w/ Deviant Ollam
February 17, 2022 12:00 - 45 minutes - 31.6 MBToday we have Covert Entry expert Deviant Ollam to talk about physical security, how he got into the industry, his stories from in the field as a Red Teamer, and how he is looking to change a phrase that many have adopted in the industry. https://deviating.net/ YouTube: https://www.youtube.com/user/DeviantOllam Twitter: https://twitter.com/deviantollam Instagram: https://instagram.com/deviantollam GitHub: https://github.com/deviantollam Trainings: https://www.redt...
A Journey in Infosec w/ Samy Kamkar
February 02, 2022 12:00 - 56 minutes - 38.9 MBHello and welcome back! It's been a bit of a hiatus for us here at Security Explained, but we're BACK in action and kicking things off with a casual conversation with our good friend Samy Kamkar. Samy has been a staple in the infosec community for years and even has a worm named after him (the Samy Worm!). He's got a list of wild projects longer than most resumes and has recently been part of an acquisition in his role at OpenPath. Join us for a fun conversation with one of the sharpest h...
Log4j Holiday Special!
December 22, 2021 12:00 - 50 minutes - 35 MBWe're currently on an extended break between seasons 3 and 4 but LO AND BEHOLD the Internet has given us an early Christmas (non)gift . Log4j has been all over the news recently as one of the most impactful vulnerabilities disclosed in recent memory. From AWS to GCP, Cloudflare to DigitalOcean, the Log4shell vulnerability is forcing all manners of security teams to stay up late patching their systems. Join us in this impromptu dive into what is arguably the most impactful vulnerability of ...
Security Research v I - IPv666, Ubuntu Phones, and OpenBTS OH MY!
November 10, 2021 12:00 - 59 minutes - 40.6 MBIn this final episode of our third season we take the time to chat about a topic near and dear to our hearts - security research! We each picked one of our favorite projects to discuss, ranging from enumerating IPv6 addresses on the Internet to hacking the fledgling Ubuntu mobile phone to Drew's mischievous habits spinning up his own cellular base stations. We've mentioned security research time and again on the show, but this is the first time that we're diving into specific research that h...
Worms and Antivirus
October 27, 2021 11:00 - 58 minutes - 40.4 MBWith the spectacular new Dune movie just having been released, it's only appropriate to talk about one of the most devious of Internet malware denizens - worms!! While certainly technologically interesting, worms are some of the most destructive instances of malware to ever be created. What's more is that these days, worming technology is so ubiquitous that it's not something that even distinguishes malware from the pack! Join us in this conversation about the trickiest of Internet beasts a...
Twitch Hack, Facebook Outage, Epik Hack Part Deux, and Pandora Papers!
October 13, 2021 11:00 - 54 minutes - 37.2 MBWe weren't planning on it, but too much happened since our last episode to not do another security in the news episode! We'll be covering the Twitch hack, Facebook global outage, another Epik hack release from Anonymous, and the Pandora Papers.
Apple 0-days and EpikFail - Security in the News
September 29, 2021 11:00 - 56 minutes - 38.8 MBThe news has been ripe with some pretty wild security stories recently, and in this episode we dive into the nitty gritty on the two that we found most interesting. Specifically, we're talking about the multiple Apple zero days which have been released and the controversy around them as well as the Epik hack named Epik Fail. Join us!
The FUTURE of Security (FutureSec)
September 15, 2021 11:00 - 53 minutes - 36.7 MBIn this episode we dive into the details of recent (ie: the last 5 years) security trends, where things stand currently, and where those trends are likely to continue. From application security, to corporate security, to infrastructure security, to physical security, the last half a decade has seen some serious changes with respect to how secure modern enterprises are and the problems they face on a regular basis. The future of security looks bright in many ways, dark in some, but interestin...
Surveillance and Pegasus w/ Kim Zetter
September 01, 2021 11:00 - 54 minutes - 37.6 MBIf you've been keeping up on security news recently you've likely heard of the Pegasus spyware and its authors, the Israeli firm NSO Group. While Pegasus is an impressive piece of software, the capabilities it brings to the table are nothing new (nor are the ethical and moral implications of government surveillance programs). Join us as we sit down with renowned security journalist Kim Zetter and hear what she has to say about these recent events and surveillance programs more generally. M...
Social Engineering w/ Kevin Mitnick
August 18, 2021 11:00 - 1 hour - 43 MBToday we have special guest Kevin Mitnick. The most wanted hacker in the world now helps secure businesses worldwide. We cover the topic of social engineering as Kevin talks about his real-world exploits, he performed on some of the largest companies in the world. Join us on our lighthearted conversations on social engineering with one of the greats in the field. Kevin Mitnick Site: https://www.mitnicksecurity.com/ Where to find Kevin Mitnick's books: https://www.mitnicksecurity.com/bests...
Hacker Culture v. II - Security Conferences
August 04, 2021 11:00 - 56 minutes - 39 MBWith DEFCON about to start, we wanted to give folks a peek inside of what one should expect during a hacking conference as well as list some of our favorite conferences. From everyday tips and tricks for surviving the con to how to make the most of it, join us as we talk about hacker summer camp and more.
Hacker Culture v.2 - Security Conferences
August 04, 2021 11:00 - 56 minutes - 39 MBWith DEFCON about to start, we wanted to give folks a peek inside of what one should expect during a hacking conference as well as list some of our favorite conferences. From everyday tips and tricks for surviving the con to how to make the most of it, join us as we talk about hacker summer camp and more.
Government Spying On You
July 21, 2021 11:00 - 43 minutes - 30.2 MBJust because you’re paranoid doesn’t mean they aren’t after you. Government spying on citizens is so common place that folks are not even surprised by it any more. While US citizens are often not surprised, they are unaware of the particular details. So, sit back and relax while we walk you through some of the history of government spying on its citizens and how it impacts you. Links: https://www.eff.org/ https://www.aclu.org/ https://www.pbs.org/video/frontline-room-641a/ https://www.pbs....
Ransomware
July 07, 2021 11:00 - 58 minutes - 40.2 MBFrom the Colonial Pipeline to the NYC MTA, from the city of Atlanta to CD Projekt, ransomware is doing its dirty deeds across numerous sectors and industries and causing real harm to individuals and businesses. Initially more of a novelty that some creative criminals came up with, ransomware has grown into a massive criminal enterprise with significant economic upside. In the first episode of our third season we dig into the nitty gritty of what ransomware is, how it works, how it can be pre...
Vulnerability Research
June 09, 2021 11:00 - 1 hour - 41.3 MBIt’s one of the more controversial topics within the information security realm - vulnerability research. It’s the practice of pulling software and services apart and finding how they were put together incorrectly. What you do with that research, whether it be submitting to a bug bounty, responsibly disclosing, or selling the information on an exploit broker, can seriously impact individuals and corporations. It’s an interesting topic with compelling arguments on most sides, and we’re going ...
Security Consulting
May 26, 2021 11:00 - 52 minutes - 35.9 MBWhether you're on the enterprise side looking to hire some short-term expertise, or on the consulting side looking to cut your teeth and learn some security chops, security consulting is an industry that receives a bit of well-deserved attention. That doesn't come without its drawbacks, though, and in this episode we discuss at length the pros and cons of security consulting and how it might benefit you. If you've ever thought about going down the road of being a security consultant, this ep...
Practical Personal Security v. I
May 12, 2021 11:00 - 58 minutes - 40.2 MBIt's a question we get all the time - "what can I do to be more secure?" It's also a question that there's not a great concise answer to. That being said, we did our best to boil down the hottest tips that we have for keeping your personal things and data secure. From password managers to multi-factor authentication, from browser plugins to downloading your data from companies whose services you use, we have a few recommendations that we think can meaningfully improve your security well-be...
Securing Your Small Business
April 28, 2021 11:00 - 52 minutes - 36.2 MBSecuring your small business may seem like an impossible task or something you do not have to worry about right now. Unfortunately, it is something every small business has to worry about in todays world. In this episode we talk about how non-technical small business owners can improve their security around their business without breaking the bank, with most items able to be done for free.
Botnets w/ Yacin Nadji
April 14, 2021 11:00 - 58 minutes - 40.4 MBIs your refrigerator running? If so, perhaps it's participating in a DDOS attack. This is the reality of the world we live in. There's a computer in just about everything, and in many cases those computers are compromised are part of a botnet. In this episode we sit down with our friend and industry expert Yacin Nadji and hear from him on what botnets are, the role they play in the modern technological world, and ways that we can protect ourselves from them and, maybe, even take them down. ...
Hacker Culture v. I
March 31, 2021 11:00 - 57 minutes - 39.7 MBHacker culture is one of those terms that means different things to just about every member of the security community, and in this episode we do what we can to describe what it means to us. From our experience in industry, to our participation in conferences and security research, to our open source projects and the ridiculous depictions of “hackers” in popular media, we cover a bit of the good, the bad, and the ugly of hacker culture as we see it. Join us in part one of this conversation ar...
Internet of Things (IoT)
March 17, 2021 11:00 - 57 minutes - 39.6 MBIt's the year 2021 and just about every common household good can be purchased with a computer in it. From your refrigerator to your toaster to your television to your water bottle, it seems that there is no end in sight for just how many "helpful" things computers can do for your home and life. We're here to challenge that assumption and hopefully convince you that not everything benefits from having a computer in it. Even moreso, this prevalence of insecure and cheap devices all across yo...
Righteous Hacks
March 03, 2021 09:00 - 53 minutes - 36.8 MBIn today's episode we have our first installment of Righteous Hacks, a discussion of some of the coolest, most impactful, or funny hacks seen in the world. From State sponsored to lone researcher, we break down a few of the most righteous hacks.
Righteous Hacks v. I
March 03, 2021 09:00 - 53 minutes - 36.8 MBIn today's episode we have our first installment of Righteous Hacks, a discussion of some of the coolest, most impactful, or funny hacks seen in the world. From State sponsored to lone researcher, we break down a few of the most righteous hacks.
Cryptocurrencies
February 17, 2021 12:00 - 58 minutes - 40.2 MBIn this week’s episode we’ll be discussing a burgeoning new asset class, cryptocurrencies. "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks." This is the message which is embedded in the genesis block of Bitcoin, the most valuable cryptocurrency in the world. In just under twelve years, Bitcoin has gone from nothing to a $345 billion market cap asset with SEC regulation. What are cryptocurrencies? What are they good for, how do they work, and why is bitcoin so valuable...
Car Hacking w/ Craig Smith
February 03, 2021 12:00 - 56 minutes - 38.6 MBIn this episode of Security Explained we cover one of our favorite hacking targets, cars! We cover the myths and realities of car hacking with special guest Craig Smith, a leader in the car hacking community and the man who literally wrote the book on car hacking. Some of the topics we cover include the DEFCON car hacking village, right to repair laws, and that one scene from the Fast and the Furious 8. https://www.carhackingvillage.com/ https://nostarch.com/carhacking http://opengarage...
Getting Started in Security
January 06, 2021 12:00 - 57 minutes - 39.6 MBThroughout our careers in the security industry it’s not uncommon that we’re asked “how can I get started in security?” It’s also one of the questions we like to answer most, as we love for others to be able to learn from our mistakes (of which we have made plenty). In this episode we talk about reasons to consider or avoid the industry, our personal journeys into our current positions, what sort of skills you’ll need and how best to hone them, what free resources are at your disposal to le...
Core Security Concepts v. I
December 23, 2020 12:00 - 45 minutes - 31.4 MBWhen we're considering the security properties of something, whether it's a building, an app, an API, a network, or really anything else, there is a core set of concepts that we lean on to inform our evaluation. These core concepts provide a foundation to reason about whether the security provided by the entity in question is sufficient and, in the case that it's not, how you can mitigate the risks posed by its flaws. In this first episode on core security concepts we discuss authentication ...
Misinformation and Disinformation
December 09, 2020 12:00 - 55 minutes - 38 MBIt's the year 2020 and if you're anything like us, you may feel that there's no such thing as objective truth anymore. The tirade of untrue statements, propaganda, and conspiracy theories is enough to make even the most resilient people wary of their own minds and experiences. We are all collectively being gaslit through both misinformation and targeted disinformation campaigns, and they're working to devastating effect. So what is misinformation? How about disinformation? Is there a differ...
Home Security
November 25, 2020 12:00 - 51 minutes - 35.6 MBHave you ever seen one of those ADT stickers on the window of someone's home and wondered if they actually have a home security system? Does having a sticker alone offer much security for your home? What is the best way to keep your home and its contents safe from intruders? Join us in this week's episode as we cover home security systems, how they work, how they're flawed, and how you can better protect your home with one.
Government Mandated Backdoors
November 11, 2020 12:00 - 57 minutes - 39.2 MBThe Department of Justice has recently released a new memo entitled "International Statement: End-To-End Encryption and Public Safety," and while it says a lot about helping trafficked kids and combating other crime, the memo outlines proposals that will do nothing of the sort. In this episode we discuss the content of this memo and the eerily similar-sounding EARN IT act, pick apart which parts of both are valid and which aren't, and talk about the real motivations behind these documents. W...
Phishing
October 28, 2020 11:00 - 59 minutes - 40.9 MBDid you know that there's a Nigerian prince that just so happens to know you and needs you to help them transfer some money into your country? How about you download and share this FREE Starbucks gift card that your company's benefits program has enrolled in? Do you need to update Adobe Flash? If you've ever seen an email informing you of anything above, chances are you were on the receiving end of a phishing attack. In this episode we cover what phishing means, what forms of phishing attac...