Latest Scottshinn Podcast Episodes
What are Red Teams and Why They Exist - Linux Security Podcast Ep 13
Linux Security Podcast - July 06, 2018 12:16 - 14 minutes ★★★★★ - 1 ratingRed Teams have become a common tool for testing enterprise security. They attempt to penetrate security defenses as if they were hackers with nefarious intent. Atomicorp's Mike Shinn comments that bad security is almost always the result of limited imagination. Red teams are motivated to be crea...
Why Hackers Hack. It's Not Why You Think - Linux Security Podcast Ep 12
Linux Security Podcast - June 28, 2018 11:00 - 14 minutes ★★★★★ - 1 ratingWhy do hackers hack into your networks and devices? Many people think it's for credit card data, other PII or to steal intellectual property. This is sometimes true, but there are many other reasons as well. What you value about your enterprise assets is often different from what hackers value. ...
What is Virtual Patching and How Can it Enhance Security - Linux Security Podcast Ep 11
Linux Security Podcast - June 25, 2018 02:13 - 13 minutes ★★★★★ - 1 ratingVirtual patching is a way of implementing a security policy to eliminate or mitigate a security vulnerability. It is not actually patching, thus the name virtual. It is a way to do something very quick and external to the application and it is not used nearly enough in cybersecurity defense. Why...
SQL Injection Attacks, How They Work and the Problem with Defending Against Them - Linux Security Podcast Ep 10
Linux Security Podcast - June 14, 2018 11:00 - 10 minutes ★★★★★ - 1 ratingSQL Injection Attacks are a method for taking advantage of flaws in the way an application is written. In particular, they exploit vulnerabilities that offer direct access to databases. Mike Shinn, CEO of Atomicorp, has employed SQL injections in Red Team exercises and built countermeasures that...
CVEs Explained. What They Are and How They're Used - Linux Security Podcast Ep 9
Linux Security Podcast - June 07, 2018 11:00 - 11 minutes ★★★★★ - 1 ratingThe Common Vulnerabilities and Exposures (CVE) system is a critical tool for the cybersecurity industry. CVEs provide consistency in naming and clarity on the nature and impact of various vulnerabilities. In this week's Linux Security Podcast, Atomicorp CEO Mike Shinn discusses the origin and ma...
Efail Vulnerability and its Impact on Encrypted Email - Linux Security Podcast Ep 8
Linux Security Podcast - May 31, 2018 21:31 - 12 minutes ★★★★★ - 1 ratingThe Efail vulnerability has been in the news lately and has many people rushing to remove encryption from their email clients. The vulnerability does impact S/MIME and PGP users, but only a subset of them. That means a lot of people are removing encryption from their email unnecessarily and putt...
What is OSSEC and Why People Use It - Linux Security Podcast Ep 7
Linux Security Podcast - May 24, 2018 05:26 - 21 minutes ★★★★★ - 1 ratingOSSEC was founded in 2004 and received its most recent update to 3.0 in April 2018. It is an open source project for cybersecurity and delivers the most robust endpoint detection and response capabilities available to enterprises today. OSSEC PM Scott Shinn discusses the history of of the projec...
What the Equifax Hack Tells Us About Cybersecurity Today - Linux Security Podcast Ep. 6
Linux Security Podcast - May 17, 2018 11:00 - 24 minutes ★★★★★ - 1 ratingEquifax was the victim of one of the highest profile hacks in history. More than 147 million people's financial data was exposed. Surprisingly, the Equifax CEO blamed the entire incident on a single engineer failing to patch a known vulnerability in Apache Struts. Anyone versed in security knows...
What is a WAF and How Are They Different from Traditional Firewalls - Linux Security Podcast Ep. 5
Linux Security Podcast - May 10, 2018 11:00 - 10 minutes ★★★★★ - 1 ratingWeb application firewalls (WAF) are a specialized form of firewall designed to protect applications from internet-based attacks. Firewalls must be lightweight to ensure people can quickly get onto the internet and data can be returned, but WAFs are much more sophisticated. They need to interact ...
OSSEC, SIEM and Logging - Linux Security Podcast Ep. 4
Linux Security Podcast - May 04, 2018 18:57 - 13 minutes ★★★★★ - 1 ratingLogging is important for at least two reasons. Engineers need to know what is going on so they can figure out if something bad is happening and fix it. Bigger companies also have the need to capture logs to comply with a variety of regulations and business compliance requirements. SIEM has becom...
Meltdown and Spectre Vulnerabilities, the issue and countermeasures - Linux Security Podcast Ep. 3
Linux Security Podcast - April 26, 2018 02:42 - 21 minutes ★★★★★ - 1 ratingThe Meltdown and Spectre vulnerabilities took the security industry and the chip market by surprise. Many people are characterizing these vulnerabilities as flaws in microprocessor design, but the choice was intentional to increase data processing speed. It just wasn't contemplated as an attack ...
File Integrity Monitoring history, features, limitations and recent advances - Linux Security Podcast Ep. 2
Linux Security Podcast - April 26, 2018 02:30 - 15 minutes ★★★★★ - 1 ratingFile Integrity Monitoring is designed to notify you when files have changed on a system. It was one of the very first security detection capabilities in existence and is almost as old as passwords. FIM has also been incorporated into many regulatory and security protocols. Mike Shinn breaks down...
What is a Brute Force Attack? Linux Security Podcast Ep. 1
Linux Security Podcast - April 25, 2018 20:09 - 9 minutes ★★★★★ - 1 ratingA Brute Force Attack is one of the oldest cyber attacks. It was even featured in the 1980's thriller, War Games. In this episode, Mike Shinn walks through how a Brute Force Attack works, reviews some different flavors of attacks and how to defend against them.
Related Scottshinn Topics