Allen Hamilton, Twitter, Canada discussed on Security on The Bayou
Why it matters to you all right. Welcome back Tuesday January Twenty eight twenty twenty today okay. We have a bit of a government flair to our podcast. Let's start right at the top of the space I sack so this is kind of the need in a different. There's a lot of Lot more space related companies popping up out there more and more satellites and such so. They've started this space Izhak for those. It is information sharing and analysis center. There's quite a few of these across many industries the biggest one is the FSI sack financial services services. Essentially what it is. It's an organization so that private companies public companies governmental agencies can share information across each other each other's organization in an unclassified manner so they're generally beneficial. There's usually a lot of good information although there can be bad information. They're depending on the ice axe to some of the more mature is actually. Don't have that problem with the you know the unreliable information with the more mature ones. It's usually pretty solid information and you can use a lot of a lot of companies will pull in. IFC's from this and do correlation matching in threat hunting. That kind of stuff so this is this is a pretty big step because the space industry is Probably not niche. But you know it's quite a bit different. Most people don't necessarily associate hits cybersecurity when they talk about space but it is very much a real a real scenario here. There's so many public contractors out there that are producing adducing items for the federal government. These days got to keep them secure as well. So this is gonNA launch. It looks like in March when they're planning on launching there's already a few members Some of the larger government contractors as you'd expect WHO's Allen Hamilton. Sas Parsons Corp Lockheed Martin and Mitre. There's a Kratos DDOS. Defense is also part of that too. So you'd expect to see this start to increase over time If you're part of this industry I recommend you go look into this and figure it out. Enjoin Enjoin it's relatively cheap if you're a big enough company even if you're not they have ways for smaller startups such deep become part of it too and they're also having a cyber symposium in Denver June fourteenth and sixteenth. This is first amount. Each one of these guys have an inventor. Usually pretty good stuff. You have to be a member to get it all right. That's enough that one. Let's move on next. We've got three D. printed gun so this one this is not new to most people three D. printing guns have have been a they've been around for a while now. There's been all kinds of stuff. This this is interesting. Because there's a mix of the Second Amendment and the First Amendment in this. Yes in the freedom of speech so essentially there's a bunch of attorney generals from twenty states and the District of Columbia that are suing to try. And get get the files that you would need to go and print these guns removed from website. So that's where the second amendment part comes in freedom. I'm a speech to put this stuff online. So are the first abandon. Excuse me and then you layer in the second amendment gun rights so this has the possibility sibility to be explosive. I so I actually probably hear my three D. Printer going in the background and I've done some research on this never plan on printing one. There's a lot of legal things that go into that but the thing the thing that scares me the most is the unreliability of it in the safety of them. I just I'm sure you can do it correctly. the home hobbyists could do it in a way where they wouldn't kill themselves so it's interesting I'll keep up on it Keep track of it. Just because is it that mix of the first the Second Amendment which you know also bleeds into the privacy part of this what people are posting a line and where So there's a post the link on the blog but they've got a huge timeline here going all the way back to two thousand fifteen So this has been going on for a while defense distributed. I mean it goes way back our next. Oh ransomware of the day this one. This one's interesting so there was a Canadian military contractor that that was compromised by ransomware attack. But this is sort of on the heels of what we talked about yesterday where we're starting to see these groups not actually not only ask for money but then the threat of releasing information so these guys went release the information And it doesn't seem like there's a bunch of actual property. I mean there's some but for a construction firm you you wonder. How sensitive is that information? What's the classification of but the big part of this is that there was a bunch of employee information there so now you starting in? Pi PIPPA different relations of Canada. Obviously but the all the Pi that is involved in that in this actually brings up a good point if you haven't been following along with new regulations that are coming out this EMC And of course now I'm GonNa Forget what his stance essentially it's the federal government's regulation that they're gonNA GONNA require contractors of the Federal Government Dod. Da Tests all that to become certified at specific levels else when it comes to cyber security so it's no more just to throw in a contract of do your best rate you have to be certified and authorized to submit that that contract in the form of the MC so one more for people to jump through but in the end is probably a good thing. It's not gonna be it hasn't been released yet suppose. Come out the end of this month. Yep so the few days here but it's largely based on nist so if you've already implemented missing organization as part of your secretary strategy should be in pretty good shape and there's a process you're gonNA have to go through. It's not until the end of this year that you probably start to see the ramifications in the third quarter fourth quarter this year that you start to see it in. There's not a ton of information out there that just released board members so it's just now starting to ramp up so if you get in now as far as figuring out what your firm or company needs to you do you'll be in pretty good shape you'll be ahead of the game for most folks are right next. The Zoom Bug will call the bug this articles on dark reading. But this is most of these you can find pretty much anywhere this one. This specific the dark reading. I enjoyed dark reading. I read it all the time Kelly Sheridan so essentially this newsroom bug. So this is the second time Zuma's had an issue in the past. What is it three or four months now in it comes up and it's big news because because who is used so frequently across business these days is it cheaper alternative to your traditional video conferencing and it works pretty well for the most part part just like any of them so what these guys were able to do from folks from checkpoint good on you and I wouldn't say this is overly technical or overly overly complicated? It's sort of. We've seen this sort of deal before. Essentially what they're able to determine is that that meeting ideas nine ten or eleven digits and then they were able to take that that meeting. Id put it in the URL and they also determined that when when you hit that you are L. A. Returns one of two requests either. It's invalid it's valid meeting so at that point They're able to go through a list of numbers which ones are valid. And then if you you don't have any sort of security setup on your zoom which is possible. I think it's comes default. Actually that there's no pass code in that the meeting eating automatically open so if you have a valid meeting you can jump right in so this apparently has been fixed. I guess I I haven't check to see if my zoom is updated this morning will they're calling it zoom roulette so once again it shows you that even the good tools that are out there. There's always issues secure coding practices right. It's always tough building technical data. How do you how do you fix that before you go alive or even in process as you guys know? It's a never ending battle and of course ransomware. I'm not going to stop talking about it until we do something about about it. We've got to get better at it. All right folks. That's it for today. We'll be back tomorrow. Everybody has a wonderful day. Use Breath don't forget to subscribe at I tunes spotify Stitcher in tune in you can also visit us on twitter at second the by on Instagram instagram. At second the by if you don't facebook guess where at on the Bio you can also find us on Lincoln security on the Bayou guess what else you can find us on the Internet at SEC on the buy dot com..