So, I (Bryan) had a bit of a work issue to discuss. It has become one of my myriad jobs at work to write up some policies. In and of itself, it's not particularly fun work, and for whatever reason, this is causing me all kinds of issues. So this week we take a quick look at why I'm having these issues, if they are because I don't get it, or because the method I must follow is flawed.
After that, we add on to last week's show on #2FA and #MFA (http://traffic.libsyn.com/brakeingsecurity/2017-013-Multi-factor_auth_gotchas_with_Matt.mp3) by discussing why scientists are trying to create a 'master fingerprint' capable of opening mobile devices. We talk about FAR and FRR (false acceptance/rejection rates), and why the scientists may actually be able to pull it off.
We discussed Ms. Berlin's trip to the AIDE conference (https://appyide.org/), a two day #DFIR conference held at Marshall University by our good friend Bill Gardner (@oncee on Twitter). She gave a great interactive talk on working through online wargames and CTFs, and we get her update on the conference.
Finally, we did discuss a bit about the #ShadowBroker dump of #NSA tools. We discussed how different people are taking this dump over the #Wikileaks #CIA dump.
Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw
Jay Beale’s Class “aikido on the command line: hardening and containment”
JULY 22-23 & JULY 24-25 AT BlackHat 2017
Join our #Slack Channel! Sign up at https://brakesec.signup.team
#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
--- show notes----
Discuss AIDE with Ms. Berlin
Log-MD.com posted their first video.
Fingerprint Masters (a case against biometrics):
Encrypted comms causing issues for employers: https://iapp.org/news/a/employers-facing-privacy-issues-with-encrypted-messaging-apps/
“Worst since Snowden”
Making policies, easier said than done
Discuss DefSec chapter on Policies
Difficulty: aligning policies with compliance standards
FedRamp, PCI, etc
Writing a good policy so that it follows the guidelines
http://shop.oreilly.com/product/0636920051671.do -- Defensive Security Handbook