17 Burst results for "Mike Benjamin"
"mike benjamin" Discussed on The CyberWire
"Am pleased to be joined once again by mike benjamin. He's the head of black lotus labs which is part of looming technologies Mike it's always great to have you back I wanted to touch today on Something that one of the basics which is credential stuffing passwords spraying kind of. Get a review in insights from you. What we're dealing with here. What can you share with us today. So it's helpful to start with a bit of a definition and so it is most simple level credential. Stepping is taking passers from previous leaks. Use names and passwords. Whether that somebody's g mail address with a password. They used on one sake for any reason on another site could be business log ins trying to be used another places but basically credential reefs and shove it at a massive volume down some other services to see how many times the credentials were reused. That's stuffing the credentials down into that service. Passers brain is still a high volume attempt to log in. But it's typically using simple passer so password one-two-three what is it you know. Full twenty twenty whatever. Those are really common in destroying them on every account that get their hands on and that we could try and break into the accounts that way. So that's credential stuffing and that's passard sprang and so it a simple level that's about what they are now. They've evolved in recent years where now they're done through large proxies botnets and so what might sound relatively easy to stop one. Ip address sending a thousand loggins should be pretty easy to code asians that now it might be three attempts from one ip address and then they rotate to the next proxy server and so the actors have become much more advanced in their attempts in order to evade detection. They've even gone to the point where they're doing things around you locality so if you are a us based business they may only use us proxies. Or i live in colorado. They might only use colorado-based proxies so they've gotten more sophisticated in the attack methodologies in order to hide themselves inside the noise of general loggins users and is this the kind of thing that can get around You you hear people talking about things. Like rate limiting the that can help with these sorts of things with the botnets. Allow them to to circumvent that absolutely and so two types of rate limiting the most simple goes back to what i just said they'll rate limit a single. Ip address only allow to log in every few seconds. 'cause human beings we'll take that long to type it. In other cases let the entire site. I have a relatively briefly. Reasonable burst on their normal throughput. And then stop anything goes above that because it must be attack either way. The actors in many cases are not just trying to break into one service they may be targeting ten services so they're fine waiting a few seconds between these logging. Just go from service to service to service. A rate limiting is really for the more advanced folks not going to slow them down in any real way. What sort of scale we dealing with here. How bigger some of these actors. Yeah so the unassisted side. We've seen them build botnets of over one hundred thousand. Ip addresses that they can come from and so if you can imagine trying to discern in your logs a service where do i see someone attacking us going slow rotating ip addresses associating a log in to each ip address and doing it from the place where general users are logging in it so cases can be nearly impossible. Find the actor in that noise and so those are the folks that are hard to get your hands on an stop. Now on the low end of the sophistication. They'll take a pass by vps with bitcoin in attack from one place. Those ones death easy to stuff. So what's the big picture impact here. Why should folks care about this sort of thing. Well the the most simple is that we use our online identities or businesses. Use those credentials to do something whether it be shop. Sometimes store information about themselves in those those things can be value in underground markets. So the the allowed or less sophisticated actor groups. They're going in and they're pulling out information about. Just rod counts and selling them. So i got a thousand council south for five bucks in trying to make money off of it so leaking your pi getting access to something should somebody should be in on the low sophistication side. That's concerning the not something we should run around with their hair on fire about the other side though is we see nation state attackers to where they want to target a company. Guess what they'll go to every password dump they've ever found they'll go grab everything that contains the domain of the company. They're targeting and they'll go try to bring in with that. It's frightening how often they are successful. In so things like two factor authentication in place at every printer for business making sure that the security groups of consumer oriented services are paying attention to credential dumps in trying them against their own service before the actress can even get to. Those kinds of things really helpful. I sort of a funny story. One of my co workers told me the other day he said you know we're dealing with users that will surpass forever this isn't inevitability and so it's up to us to either force them into multi factor authentication mechanisms or even on the simple side. Just make sure that the pastor of an input is of a high enough sophistication and not one of those default credentials out the way. He drove it home to me. He said we all saw the stories about the seeds that were being shipped from china to people's homes interesting news story a few weeks ago i thought with the story he was going to say you know. Some people planted them so people are gonna make mistakes. No historian the news article posted nick. Some people eight number and so we're ten with people that had some random things that come into mail and so to make mistakes even if they're not with the attention it's going to happen and so it's up.
"mike benjamin" Discussed on The CyberWire
"And joining me once again as Mike Benjamin. He's the head of century links. Black Lotus labs Mike is Great to have you join us here at the conference. Thanks for having me Dave. So we are a couple days into the conferences. We record this so I feel like we really had a chance to get a sense for The tone of the conference overall. What's on people's minds? What's your sense as you walk around? What sorts of things are Are Rising to the top of your attention. I thought it was interesting this year. I I walked the floor last year and I left feeling that everybody needed to say the words I in every every booth in conversation and and there's still some token a I use here and there but I think it's calmed down. A little people are maturing and understanding how to use statistics in their work and not trying to sell as much may be snake oil with some of their their capabilities. But overall you know industry maturing I think is probably the biggest take home I would take this year. How do you think that manifest itself in terms of the majority are we seeing it strikes me that there's no shortage of startups and I would imagine with maturing comes consolidation Maybe we lose a little bit of like you say some of that breathlessness with the hype with some of the technologies. What does it mean to you? Well you know one thing I find. Is that once people get informed on a topic. They know how to ask questions. They actually can ascertain whether something's good or bad. And you know the I can prevent any malware on earth statement persisted quite a few years ago and that went away pretty fast to write as people learned. You know that's not possible. Explain to me what you're actually doing. The difference in people can ask for themselves whether they should go forward of the technology whether they should adopt a new trend and where it fits into their defense up. Strategy is a buyer. What sort of messaging are you all putting out from centurylink? Some of the things. You're sharing this year. Well there's a few things we focus on obviously were of a massive telecommunications company and so we have an opportunity to make security simple for our customers so if you'd like to block a threat we already are carrying for those customers traffic. We really have an opportunity to block things filter things in so simplicity and then the visibility that we get from our networks. That's what we're looking at. A blacklist labs when on the show we're talking about the threats were able to glean from that knowledge and so can we make it simple while still blocking with the knowledge we have from an advanced threat basis. Is there anything as you walk around? That you feel isn't getting the attention it deserves. Well it's it's sad to say but it's the simple blocking and tackling and risk understanding the basics every company here has to worry about. There's not enough booths. Really just helping them with the basics of running their program a lot of it tends to be whiz. Bang technology rather than focused on you know. Here's what it takes to run a security program. And how can we actually help you with that? We as an industry do tend to get yearly excited about those advanced actors and those advanced mowers and I I. I'm guilty too. I love those topics. The really fun to learn about But at the end of the day your your average CIS oh really needs to run a program and that's what the industry needs to help them with. What do you get out of a conference like this for for yourself attending from an educational point of view from Your own personal enrichment? What do you go home with? That's a great question. I'm going to give away my secret. Here so apologies. I do it. I walked to the smallest booth as possible and I go have conversations. They tend to be staffed by the people who actually built the technology or really ingrained in how they're helping their customers. There's some great ideas that come out of those companies. There's some great conversations to be. Had you tend to get the pulse of what new ideas are coming out out of? The fringe vendors the fringe folks and then. I really enjoy seeing all the folks that I work with person. We we as a security community. We we've definitely adopted the technology. Were all in way too many slack. Channels and key basin signal messaging. It's good shake a hand and see the people that you work with and build those relationships because at the end of the day we all have to work together to raise. The cost of how actors are being successful for. We're GONNA have a chance stop him. Yeah all right Mike Benjamin. Thanks for joining us now. A word from our sponsor last pass last pass has an award-winning security solution. That helps millions of individuals end. Over Sixty one thousand organizations navigate their online lives easily and securely businesses can maximize productivity while still maintaining effortless strong security with last pass each entry point in your organization can compromise your businesses security last pass identity can minimize risk and give your it team a breakthrough integrated single sign on password management and multi factor authentication last pass identity enables you to manage and control user access for all access points in your organization. Add an additional layer of security to every single log in through multi factor authentication securely authenticate into your work. Using biometrics such as fingerprint or face. Deliver a password list logging experience for employees while securing every password in use through enterprise password management and gain an integrated view all access authentication tasks to know which employees are accessing. What when and where you can learn more at last past dot com slash enterprise. That's last past dot com slash enterprise. And we thank last pass for sponsoring our show.
"mike benjamin" Discussed on The Black Guy Who Tips Podcast
"In today's new day new pay salona s with the recurrent thank you Justin Jiang appreciate you as well thank you so much payment loading email we appreciate loading candidate very much candace nerves in luxury Aznar's they also have a podcast Chris sale the show as indeed yes agency with the recurring donation we appreciate choose well Yvonne Am thank you very much aligned for coming through the fan Adem s thank you appreciate you and AP and I hope you off saying okay bass move from the time w Michael s thank you Mike Benjamin c Laura e they very much lower a appreciator Nicholas v no L. W. Miss Hathaway Bomani Jones of the evening take him a Livia from Chicago Hannah gives a one time noses thanks Ron and Cam for your massive contribution to cultural discourse we trying to be honest thank you baby David from Brooklyn Black Film press comics and that's everybody thank you it was when you down I hate to see you give them now so much bad.
"mike benjamin" Discussed on The CyberWire
"And joining me once again as Mike Benjamin he senior director of research at century links Black Lotus labs a mike. It's great to have you back. I wanted to touch base with you today about D._N._S.. Tunneling and hoping that <hes> you could describe to us first of all what it is and y folks are choosing to use it yeah. Thanks Dave so we all know D._N._S.. We you know every computer uses it to resolve hosts namesti peas and find mail servers and all this other stuff in our environment's whether we our house our business and so many of us don't think much about it being there. Many folks don't even restrict to what can query what through their environments however you'll find environments that allow D._N._S. through but don't allow any other services out or in in many cases their content filtering and made in the Middle Prophesying H._D._p.. Traffic but leading D._N._S. through so that's a that's a dangerous scenario because that allows someone to send arbitrary traffic and you might think it's D._N._S.. How can it'd be arbitrary but the question asked of the D._N._S.? Server is provided by the user or the host and so Dennis tunneling is a situation where the host name that they look up can contain encoded characters. You think about basic binary encoding with base sixty four base sixty four messages can be split up into hoes names run thousands of queries and if you control the server this authoritative for that question you've now successfully sent data through an environment where you should not be able to send data and so it's very common attack that we see for more a a pen tester group coming into an environment to show why DNA should be locked down but we also see it used for exfiltration of data by more sophisticated actors and <hes> it can be pretty loud inside an environment now. What is the rationale for why folks would leave D._N._S. accessible when they'd be filtering other things? They're not thinking of it as an attack vector that that's the most simple example <hes> the the other is that when they host authoritative zones inside the business you'll find many businesses have a sort of private zone for their internal data centers their internal host name resolution. They often don't think. Think about the fact that those are reclusive revolvers to the open Internet and so they may be locking down the name look up to just that handful a host those things because the very nature of D._N._S. tunneling they don't ask the same question they're not cashed ask questions and so therefore if I break my base sixty four message into ten thousand queries all ten thousand can make it through the authoritative server and I can still succeed so fully locking it down can be a difficult thing to do now when folks are trying to hide data within these D._N._S. queries. How are they going about doing that yeah? That's that's a great question. I I've said now twice that base sixty four is a a simple way to do it. However most folks we'll know that you can decode a sixty four message so they will then exit? They will then even encrypt it and so anything that can get it through to a host name. Resolvable set of characters is viable and any obfuscation encryption encryption any other methodology can allow that to happen and so it while it might be very easy to go grab a group of data and tried to force it with some simple base sixty four x or decoding the encrypted messages can be far more difficult Colt and so there is you think about encryption methodologies is not a very difficult thing to do so pretty low threshold for fully office getting what's going on inside that payload and in terms of mitigation. What are your recommendations there well? The first is his logging. You'll find that as a security community well talk about protection and then monitoring so we need to monitor what's going on inside of D._N._S.. Servers the Nice thing about D._N._S.. Tunneling is it tends to be very loud so I mentioned the actor needs to control the authoritative name server and so in a typical attack here what you'll find is that they'll be tens of thousands of queries ulta one domain that should stand out as an anomaly in those log sets. You'll also find often that at the domain that's utilized tends to be a newly registered domain or something that at least has a very low volume in a baseline and so simple statistic anomalies on domain look ups can immediately make these sort of attacks jumped.
"mike benjamin" Discussed on WTMJ 620
"The job done. Right. No matter how small welcome back to the fictional, Tom Faiza on devotee nj he forty four WTMJ fix it show on the air, forty four degrees, high Canadian to be sixty inland, but fifty four the lake fifty two degrees. Tomorrow hitting sixty on Monday. This is the fix it show on Danny Clayton. Tom face, a Mr. fix it is here all American window and door as well. Benjamin Lodwick the general manager, and let's head to Burlington where Mike spin weight and hey, Mike. Thanks for waiting. You're on WPRO. Jay. Learning. A month ago? Maybe three weeks I got up in the middle of the night went to into the bathroom and the door was open. I dunno inter to when I pushed the door open hit me in the face. So I started feeling all the walls walls were fine. I felt the ceiling, and it was almost too. So I got my girlfriend. My daughter told miles was on fire all the fire department. They could not find a fire. They drilled a hole in us ceiling and nothing happened. They check the basement because he basement crawling up the wire grown up the walls nothing. So they cap too large foles in the ceiling. The temperature is the bathroom one hundred thirty four degrees. The rest of a house of sixty two. Clue cats what could possibly call that. I've talked to numerous contractors electric Shen. Nobody seems to have an idea of what could have caused it. And after the fire department cut the whole probably about an hour later, the temperature started going down. But to this day, nobody knows what caused it. And I don't know if I should close all holes backup for what? While it's almost not believable. And why I never heard of such a thing is is this a ranch house or two story house health in actually that's what the fire department said. They said they've never run into anything like that either. And he quite frankly was stumped. Sure. And how's your home heated? For series. Yes. Horse there in the bathroom. Doesn't have the electric heating system in a floor. Does it or separate not? In what end the weird part is there like a little above the sinks ever counter. Yeah. Drafts with lights that part was cool. But the part above that again one hundred thirty four degrees. Use their little infrared thing es and determine there's nothing in the attic above there for those than the other place. I look is blow in the basement. But you you already did. I have no idea. I've never heard such thing. How could the bath? That's that's like possession. Your house has been possessed by this purists or something. About an hour. They're going around the house and in the basement, and they could buy nothing in in and thinking hot water, but hot water is limited about one hundred twenty degrees. So the hot water couldn't do it. Yeah. Sorry, mike. We're getting text opinions. David west bend the exhaust fan. No. I couldn't do that pellet pitcher. Band is in the shower stall and not warm at all it was just a part like in the main the main ceiling of the bathroom. The nothing was looked for. There was no little sign of any fire. I have no idea. Mike Benjamin you've stayed silent. Right. Yeah. I I actually have no idea on that one. That's a weird one while and sounds like you've done all the troubleshooting Tom that everybody else's done. Yeah. So Michael, you promise this when you figure it out what you call us back. Yeah. I can do that. Yeah. Sorry. What everybody says the same thing 'cause everybody's stumped. Yeah. I'd never heard to play, but you're not sleeping. Well, are you know, it actually I have a fire extinguisher in every bathroom now. So make sure you got to work you smoke alarms. Absolutely. For restless nights. Now. I guess. Yeah. Makes no sense. Sorry. Mike. Crazy. It's crazy. All right. We're talking about Tom's trip to to Luxembourg menu said they speak. French and German, and as part of our regular listeners of the show. No, we do continuing education here and somebody Texas his language is referred to as Luxemburgish, merging, French and German languages. My son is also citizen currently in DC at the Luxembourg conflict. Getting his e you passport and his paper that person's paperwork is in the process cool. Yeah. My son. You have to go there to be interviewed yet. He added go to the FBI and get checked out here. Then you've got to get all this lineage, then you go there, and they gotta interview as kind of a formality, and then it takes another four to six months before you get the notice that you can go to the consulate and the only consulates of New York City, Washington DC. And then what Eliot thanks. So he still got to go to a conflict to pick up his passport. So congratulations to listen on the way to and there's a lot of Luxembourgers up in apparently port Washington area for sure and the shoe company that was up there Ellen Edmund Salen Edmonds apparently -ployed a lot of Luxembourgers, and they do speak Luxembourg ish. And when you're in the country, the people they talk to you in French or German until they figure out what you're speaking. And then they'll switch languages. It's very interesting and very rich country. Lots of money. Are we learning stuff today that is the fix it show back in a bit last segment coming up got a question for Benjamin Lodwick all American window and door, Tom Payson, four one four seven nine nine one six twenty back in a mortgage, talk and text line WTMJ comes they're so small and cute. It just wanna cuddle them. They're so fluffy and soft, but they're not..
"mike benjamin" Discussed on 1A
"And up until the euro, I didn't I started getting involved in activism, and politics, and it all started after the the shooting in Florida, and we had the March for life rally here in city hall, and that was the first time we're actually felt that I needed to do something. So I left the classroom, and I went with my friend. We took the metro, and we were there at city hall in being there like I felt that I was doing something important and ever since that day like something changed and my passion for activism has grown even more. And honestly, like I'm just very happy that there's an event like this in the east end because I usually have to have my my father drive me like halfway across the town. And now it's in my neighborhood. Think you glad we could make it easy for you to get here. Berea? I'm glad we I'm glad that she speak up. Yeah. I appreciate your speaking. All right Benjamin. You are at the Mike Benjamin, what's on your mind. Thanks. I was never involved in politics. In fact, I actively voided getting involved in politics that is until two thousand sixteen when I saw that the national dialogue was about my community without my voice. And what I mean by that being a Latino immigrant once undocumented public health professional when I saw that happen. I just decided to quit my job a sea level jobs. Six figure salary to run for office. And although I didn't win this time. It led me starting a program with the Houston community college system to train young people to run for office. And so I was really excited to see judge Hidalgo win because that's what we need to see more of. So here's a question. What can we do to train the next generation of leaders? How can we be intentional about engaging? Young Latinos, not only to vote. But to run for office themselves because I think we need more of that as well. Benjamin before I let the penguins, right, Angie. I think you want to jump in. And professor you might want to jump in to catch s Benjamin what you've been doing like what your organization does to try to foster that kind of engagement. Yes. Absolutely. So it's taking so I'll give you my example. I was a political science major at rice, by some standards of pretty good school. But I didn't learn when I wanted to run for office. I had to be like, okay..
"mike benjamin" Discussed on KOA 850 AM
"Is cyber security awareness month and this week the that focuses on careers in the cyber security field. Like Benjamin runs that threat research department for century Lincoln. He joins us live right now. Good morning, Mike. Good morning, grabbing me, certainly this all makes sense. So what kind of careers are in? The cybersecurity field is a really interesting area because it touches just about every piece of technology. So if you think about the consumer space all the way through large businesses, everything from cell phones, laptops to servers, so the data and applications we utilize they all need to be protected, and so the careers come from everything from the people designing, and creating the technology all the way through the people monitoring it mitigating risks and solving problems for the end users of that technology, Mike, I'm assuming there's money in that field. But excuse me, if I it here amid there's got it. There's money and people wanting to hack and be on the other side of the fence if you will. So how do you encourage people? That have the skill set that want to learn this to stay on your side, where you're protecting people versus being on the other side where you're hacking and looking for people's data is a great question. Unfortunately, it can be pretty lucrative on the criminal side, but it is still criminal. And if you look at law enforcement in the United States and even around the world people are getting more collaborative and finding easier ways to arrest and even prosecute the criminals, and we're in a good position where it's still lucrative career. We're still at high demand. We're we're searching as an industry for more and more people with these skill sets. And so we're encouraging people at a young age to get interested in computers, computer, science and college is a great way to prepare for a career in this field. And ultimately, the skill sets can land some some amazingly interesting jobs challenging jobs, and like I said our industry is always looking for more people to be joining us in that good fight. Mike. You talk about the skill set. What are the skills that people should be learning? If this is the direction they want to go another great question. So the the really we're looking for people that can quickly ascertain it under. Technology. So if you look at a typical technology role people maybe can program, a computer, they can administrator computer, they understand a very specific aspect of technology. But again, insecurity, we're looking for people that under understand all of it. They can protect all of it. And so an ability to very quickly understand those concepts is the number one skill. We look for the next problem solving. If you look at how an attacker breaks into a computer how they steal data. They're always finding new ways they themselves are always trying to innovate around the technologies we create to stop them. And so in the ability to quickly pivot and quickly understand a new problem solve it in a new way is really really interesting and what you'll hear from the two things. I just said I didn't say be an expert at software be an expert at computers, and so it's mental capacity assault problems. And learn quickly that we look for most of all adds, Mike Benjamin, he oversees the threat security department for CenturyLink five twenty five little.
"mike benjamin" Discussed on KOA 850 AM
"Now on Colorado's morning news, October is cyber security awareness month. And this week the focus is on careers in the cyber security field. Mike Benjamin runs the threat research department for CenturyLink and he joins us now. Good morning, Mike. Good morning, grabbing me, certainly this all makes sense. So what kind of careers are in? The cybersecurity field is a really interesting area because it touches just about every piece of technology. So if you think about the consumer space all the way through large businesses, everything from cell phones, laptops, servers so the data and applications we utilize they all need to be protected, and so the careers come from everything from the people designing, and creating the technology all the way through the people monitoring it mitigating risks and solving problems for the end users of that technology, Mike, I'm assuming there's money in that field. But excuse me, if I picked it here mid there's got it. There's money people wanting to hack and be on the other side of the fence if you will. So how do you encourage people that have the skill set that wanna learn this to stay on your side, where you're protecting people versus being on the other side where you're hacking and looking for people's data is a great question. Unfortunately, it can be pretty lucrative on the criminal side, but it is still criminal. And if you look at law enforcement in the United States and even around the world people are getting more collaborative and finding easier ways to arrest and even prosecute the crew. And we're in a good position where it's still lucrative career. We're still at high demand. We're we're searching as an industry for more and more people with these skill sets. And so we're encouraging people young age to get interested in computers, computer, science and college is a great way to prepare for a career in this field. And ultimately, the skill sets can lay on some some amazingly interesting jobs challenging jobs, and like I said our industry is always looking for more people to be joining us in that good fight. Mike. You talk about the skill set. What are the skills that people should be learning? If this is the direction they want to go another great question. So the the really we're looking for people that can quickly ascertain it understand technology. So if you look at a typical technology role people may be can program, a computer, they can administrate a computer, they understand a very specific aspect of technology. But again, insecurity, we're looking for people that under understand all of it. They can protect all of it. And so an ability to very quickly understand those concepts is the number one skill. We look for the next is. Problem solving. If you look at how an attacker breaks into a computer how they steal data. They're always finding new ways they themselves are always trying to innovate around the technologies we create to stop them. And so in ability to quickly pivot and quickly understand a new problem solve it in a new way is really really interesting and what you'll hear from the two things. I just said is I didn't say be an expert at software be an expert at computers, and so it's mental capacity assault problems. And learn quickly that we look for most of all it's Mike Benjamin for century leaking rents their research department. Thank you, Mike. Thank you gave me NewsRadio nine twenty-five. Brought to us by Plante.
"mike benjamin" Discussed on KOA 850 AM
"October is cyber security awareness month and this week that focuses on careers in the cyber security field. Like Benjamin runs the threat research department for century Lincoln. He joins us live right now. Good morning, Mike. Good morning, grabbing me, certainly this all makes. Sense. So what kind of careers are in the cyber security field. Really interesting area because it touches just about every piece of technology. So if you think about the consumer space all the way through large businesses, everything from cell phones, laptops to servers, so the data and applications we utilize they all need to be protected, and so the careers come from everything from the people designing, and creating the technology all the way through the people monitoring it mitigating risks and solving problems for the end users of that technology, Mike, I'm assuming there's money in that field. But excuse me, if I picked it here amid there's got it. There's money and people wanting to hack and be on the other side of the fence if you will. So how do you encourage people that have the skill set that want to learn this to stay on your side, where you're protecting people versus being on the other side where you're hacking and looking for people's data. Yeah. It's a it's a great question. Unfortunately, it can be pretty lucrative on the criminal side, but it is still criminal. And if you look at law enforcement in the United States and even around the world people are getting more collaborative and finding easier ways to arrest and even prosecute the criminals, and we're in a good position where it's a still lucrative career. We're still at high demand. We're we're searching as an industry for more and more people with these skill sets. And so we're encouraging people at a young age to get interested in computers, computer, science and college is a great way to prepare for a career in this field. And ultimately, the skill sets can lay on some some amazingly interesting jobs challenging jobs, and like I said our industry is always looking for more people to be joining us in that good fight. Mike. You talk about the skill set. What are the skills that people should be learning? If this is the direction they want to go. Another great question. So the the really we're looking for people that can quickly ascertain it understand technology. So if you look at a typical technology role people may be can program, computer, they can administrative computer, they understand a very specific aspect of technology. But again, insecurity, we're looking for people that under understand all of it. They can protect all of it. And so an ability to very quickly understand those concepts is the number one skill. We look for the next is problem solving. If you look at how an attacker breaks into a computer how they steal data. They're always finding new ways that they themselves are always trying to innovate around the technologies we create to stop them. And so in ability to quickly pivot and quickly understand a new problem solve it in a new way is really really interesting and what you'll hear from the two things. I just said is I didn't say be an expert at software be an expert at computers. And so it's that mental capacity assault problems. And learn quickly that we look for most of all it's Mike Benjamin for century. Research department. Thank you, Mike. Thank you eighty seven fifty five money news as.
"mike benjamin" Discussed on 860AM The Answer
"Appreciate Alfredo Ortiz show very much, and we're going to visit with him a little bit later this this hour, and and talk about the great news. The census bureau announcing this week that the Hispanic household income has hit a record high. So first middle class Americans record high median income, thanks to the Trump economy. Thanks to the Republican economy now, Hispanic household income hit a record high of fifty thousand four hundred and eighty six dollars last year. Hate to break it to you that ain't Obama. Sorry. President obama. It's not you it wasn't you? It was you twenty-five before the our number's eight hundred six five five Mike who's got a bunch of calls here. I want to also salute. I wanna do a. For years. I've talked about customer service in America. Because many of us believe it sort of a dying breed. It's coming back. I think customer service is coming back in a big way. A lot of it's the gig economy, these apps, you can get things done now online, and and a response level that we never used to have the airlines we always love to everybody beats up on the airline industry. Something happened to me last night, a quick customer service story, I want to share with you. And how easy it is to make a customer show happy when they start out being so miserable. Give you that update in just a moment. But first, let's get a bunch of phone calls in here. Get your reaction to what we're experiencing here. Let's start with Carl Carl. How are you? Hi, mike. Hi, real quick. I want to your opinion. I saw I'm really not too political. I really don't know how things really go as far as that. But common sense tells me that Donald Trump if the Republicans do well in the midterms I think he's going to more or less clean house as far as getting rid of. Lowenstein? Well, he's been doing that. He's been clean, and there's been a lot of churn in the White House Carl. I mean, there's nothing new about that. But it's a good question. I know you we've talked before let me I thought weirdest experience last night on auto body experience on the plane, besides the customer service experience, I wanna share with you. I got the car Woodward book. And I mean Bob would get the mix up Carl Woodward. Bob Bernstein, I did I did that once to to their face years ago? I literally did that I said with Mr. Bob Burns. Bob woodward. It's Carl Woodward anyway, Carl Bernstein, Bob Woodward, so Bob Woodward's book is called fear about the Trump administration. Right. It's supposed to be this big inside account of the real chaos and the nervous breakdown. That's in the Trump administration. I'm about three chapters in there is nothing. I haven't read yet already. It's been out there. This is all stuff has anybody. Noticed this about this book and its course flying off the shelves that they supposedly have already sold over a million copies. It's one of the biggest selling books of the year, if not the last few years, this is these are all stories that have been imprint and in publication and online for the last two years the meeting between Roger Ailes supposedly and Bannon and the David Bossie, I know I did this was all a rehash. But the the reason it's so cleverly marketed as evidently now, he's got corroboration for the meetings or something and these conversations that are in quotes. Listen beats the heck out of me. But hey, nothing new that I've seen so far in the book fear. Well, the thing I'm fearing is I'm gonna fall asleep trying to read it eight hundred six five five Mike Benjamin, you're on the Mike Gallagher show. How you doing Benjamin? Hey, check this out. I got two comments really quick. But the Republic if anything the democrat page that Trump is doing a good thing. They hate it. You know, what to get? No kidding. No kidding. They hate everything. He's doing. Oh. Yeah. According to the the bread calm. I think. If I was driving down the road, beating whatever. Officer tried to pull their let's say. Four days later, thirty years later in this case. Sees me and says, oh, by the way, you're feeling thirty years ago. I got to give you a ticket. You can't just bring up. Something that happened thirty years ago if it was never taking care of them. But that's still. Yeah. But that's the whole nature of all this bench minutes, all decades-old old allegations. I just saw Harvey Weinstein now has another accuser. Now, this is an eleven th I guess on the record accuser from somebody from London from the early nineteen nineties. That's the nature of all of this. And of course, the argument is powerful people. The metoo movement was I think born out of powerful men preying on vulnerable women and lording over them and using their power and their influence to to assault them and get away with it. And so the the argument or the the the logic is you never can let somebody get away with this ever if you assault somebody, and if you, you know, threaten somebody's livelihood and do these just things. And. No. Most of these cases other people have come forward in this case, it seems to be Justice lady just. Professor Ford, which is another part of the peculiar aspect of this whole controversy. I can't get passed Dianne Feinstein sitting on this since July. That's the part that I cannot get past. If she's a champion of of of assault victims, if she's looking out for the welfare of people, if she's worried about other women who could might could get assaulted, you go right to the source of this, you know, to the to the alleged perpetrator during the confirmation hearings, and you bring it up you say judge cavenaugh we have this anonymous allegation. I'm sorry. It's anonymous we got to ask you about it. You deal with it. Right then. And there. I'm Chuck Grassley, chairman of the judiciary committee is saying that they're set to go for Monday and judge Kavanagh's set to go. But so far. This accuser will not respond to the judiciary committee's emails and phone calls and requests to testify Monday. So that'll be pretty interesting. If the accusation is out there the allegation is there. Judge Cavanaugh is ready to defend his name. And the accuser doesn't follow through with testifying which might explain her attorneys position. Her attorney Debra cash was on CNN. This is cut number nine paths. Pavlina the attorney saying, well, it's not up to her to corroborate her accusation. I saw that last night online on the plane. I'm I'm flying back from from L A, and I'm thinking, wait a minute. You're making this accusation in an attempt to stop somebody from becoming a supreme court Justice and extensively ruining his life. Or certainly creating. Irreparable harm to his reputation to his otherwise stellar reputation. You don't feel any kind of obligation to corroborate your own charge. But that's pretty much. Exactly what Deborah catch. Her attorney said last night on CNN. How's your quiet spoken to any of those other guys or that girl who could help corroborate her story? She's not. And why not is it time to do that? That's not her job to do that. If this is going to be investigated. It should become investigators. Not her job to do that let somebody else do that. She'll just make the allegation she'll notify the Washington Post, she'll write her her congressman, and then let the chips fall where they may. This is tough. This is really really tough seventeen minutes before the hour as we countdown forty nine days away to the midterm election. Incredible jobs news, economic news with the economy continues to soar, and if you vote for the Democrats, you know, you're going to undo that you know, that's going to stop you have to know that. Dive and all that with cheese and just a couple of moments. I want to tell a quick I wanna brag on United Airlines for just a moment. The airlines are always fair game for people complaining always there's all kinds airline stories and United has headed sheriff PR headaches the doctor that got dragged down the aisle, boomer the doctor and his head was banging along the the foot rest or the headdress or the armrest. He was run up and down the aisles lot of crazy things happen on planes. These days. Of course, I'm all excited because I'm like a little old lady. I love the drama and I love watching conflict. So I get this world wind trip to Los Angeles over the weekend by participated in the the age seventy the answer K early townhall meeting Sunday night. With my friends and colleagues, Larry elder and Dennis Prager and Michael Medved and sheriff, David Clarke, and Brian and Jenn. And it was a last second trims Friday. He can you get to LA. Mark Levin had to cancel this Zil. Sure. No problem. I get out there. And I'm in New York. So it's a it's five five and a half hours coast to coast and coming back last night. I was exhausted. I mean, the the meet and greet, man. They had hundreds of people, and it was it was a long day and a long trip, and I'm getting up there. I'm an old, man. Some flying back. I said a settle in. I've got my little routine on a long flight. I get my little. So stupid socks on and my little magazines, and I've got my ipad. And I'm all ready to go. Nice long flight. Then I love these seats get to push a button, of course, and it reclines, and if you're on certain kinds of plane the foot rush comes up, right? I'm pushing the button on the seat. Nothing. Nothing happening. Nothing working.
"mike benjamin" Discussed on The CyberWire
"Sponsoring our show and joining me once again as mike benjamin he's a senior director of threat research at centurylink mike welcome back we wanted to touch base on crypto jacking where we stand today aways to defend yourself against it to what can you share with us so the world can't help but have heard of crypto mining or crypto currency and so the act of creating a digital currency and trading it whether it be for the purposes of you know separating from governments or anonymous is transactions whatever the goal of the coin is there's a lot of good and bad that comes from the creation of the and es with any type of money in the world people want to steal it they wanna create it they wanna make money and take advantage of a new system that's in place and so for a number of years it was relatively easy to go out and buy some hardware and mine crypto currency bitcoin mining was very popular for a number of years and people were making relatively easy money by doing that evolved today that's no longer the case and so the cost of ucf gpa on amazon that you need to go by the causes gone through the roof and it's extremely expensive time consuming ultimately power consuming in order to mine upto currency so a few things have happened the first is that the actress have taken advantage of a similar thing to what they do with any bought net where they tried to take advantage of thousands hundreds of thousands of infected computers across the internet to do their bidding and so if you can imagine the cost of gpu or the cost of power to minus bitcoin imagine if you could get a hundred thousand machines to support you in doing that now unfortunately in the case of bitcoin it's still not very profitable however another currency known as minero has been useful and so we actually see java scrip minors being deployed inside websites and so two jacking really is the concept of taking over a user's browser hijacking their resources hence the name crypto jacking and getting it to do their bidding and make them a few dollars and so while that tabs open browser while that java script is executing it is doing mining in minero and making that actor money now i've seen some interesting approaches to this where some organizations have said hey you know instead of showing you an ad how much you let us use your gp for awhile and and that'll be the deal that we strike yeah it's actually interesting and so i think it's a bit exciting to see the new economic opportunities were websites are very open about what they're doing unfortunately when we describe the crypto jacking side it's a malicious actor and so whether they are doing malvern sizing injection of that that code or whether they've actually broken into a website order to deliver it they've got a lot of criminal ways they're attempting to achieve it but there's obviously a very interesting economic opportunity for websites to be using a small amount of resources we we've actually seen some of the criminal actors utilize them discretion in how they've been utilizing this because if you think about crypto coin mining and it cpu intensity it console down a computer and so nobody wants their computer to be slow while they're doing their day to day activity and so these doctors have taken upon themselves to use less than honor percent of resources look for idle interaction on the machine do a number of things where they're not actually impacting the user experience as they're doing their criminal activities and i imagine the advertising world or the the website operator world will utilize the same nology when they're looking to make profits through so they don't they don't wanna draw attention to themselves by having the fans spin up when you load that that browser browser window i'm curious how are the developers of the browsers responding to this are they building in ways to detect it in block it what we've seen a lot of different methods out there that folks are looking to develop i in from a security perspective we always have to touch on i the the security world is doing a relatively good job of going out with either emulated browsers or just simple spiders and looking for websites that have had this injected report on them some cases block them in some cases develop extensions for browsers that inform the user that they're about our active with it similar to any sort of browsing methodology and the other is that the.
"mike benjamin" Discussed on The CyberWire
"Show and pleased to welcome to the show mike benjamin he's the senior director of threat research at centurylink michael welcome to the show you know i have certainly heard of malware and i've certainly heard of spam but you brought something to my attention called mouth spam is this the best of both worlds is the worst of both worlds philipson what are we talking about here i'd say it's the best and the worst depending on how you look at it so you know mouse bam's not a new topic or concept but we have found as we've been working on the topic lately that when we say we're working on spam to the broader security community we actually get a lot of folks just assuming we're we're filtering pharmaceutical ads or dating ads and what we're really trying to look at is the malicious email people are getting and so we called in described as mouth's vam and we would describe it ultimately as email you're going to get that aims to do something malicious now in some cases dating spam is mouse bam because ultimately they wanna steal your credit card number at the end of it and in other cases pump and dump scams are pumped through these things with again trying to steal money from people but at its core we're looking for them our delivery and so mouse bam is one of the primary vehicles of infection these days we saw a couple years ago the exploit kit being popular with with criminal actors and there were enough browser exploits of java bugs and flash bugs that that was a great delivery mechanism for them they could get you to click on your l could inject malice into advertising annal to infect people through that method fast forward a few years a lot of browsers of cleanup their problems a lot of people patched there's less volume of books coming out and we put ourselves back into the position where opening a file in an email is a really effective way to affect someone and so the the old tried and true zip file the file that is not what claims to be close to text files really execute able things like that of course popular but we've also seen the macro still be a popular way to infect people so office document with macro that drop some sort of lightweight dropper into the operating system in the download the final payload and so that dropper is relatively light and small it's not a full binary excusable and then whatever it is that their final outcome that they're looking to achieve is downloaded into the machine now in terms of the distribution of these things and tracking these these botnets what are you seeing the criminal space around mouse bam is reasonably sophisticated if you think back to the spam problems that are arose in the late nineties and then became really rampant in the early two thousands they were forced to evolve and so the secu purity world the internet world for that matter did a relatively good job hunting down shutting down spammers in that air people were successfully prosecuted in courts laws were passed and those are things that helps the world mature around how to deal with spam and so as you might expect these successful criminal actors that remain they've evolved since then and so you see sort of a marketplace around what they're doing the folks who are running the spam botnets are very rarely at least at any size scale the folks who were actually trying to infect you they are being hired by the people who are trying to infect you and the folks who are after bank account information or stott installing crypto minors they're paying the net operators for successful installs or volume of delivery or whatever the mechanism so it's very interesting to watch and as such what you see from the bought nets is a similar level sophistication they're not a single command and control in a single place that's easy to remove and take down they've evolved they've seen law enforcement take their botnets in the past and so now of course they evolved to the domain generation algorithm or dga or now were them tells it the next dns hosts name to resolve is that's one of the more simple atoms that they implemented but there's a lot of redundancy a lot of levels to the command control in many cases we see peer to peer being used in conjunction with it and in almost all cases the larger more successful mouse ban bon nets are position where there's three or four of these types of techniques in.
"mike benjamin" Discussed on News-Talk 1400 The Patriot
"The world she threatened and she pressured and she used coercion and so on at the un particularly by taking down names i don't think people appointed her the schoolmarm of world so said hanan ashrawi a she is a longtime official in the palestine liberation organization as she made that point at the u n nikki haley responded by walking out i i don't know what else phenomenon i always said hanina shall we has a reputation as being one of the more moderate voices in the socalled palestinian leadership and by the way how's that election campaign going there in the palestinian authority mahmoud abbas eighty two years young is entering his thirteenth year of his fouryear term this is this is a problem it is a very real problem but it is not a problem to recognize the reality that the only time that jerusalem has ever been the capital of anything it has been a jewish capital for king david and now for contemporary israel let's go to sean in atlanta sean you're on the michael medved show thank you mike benjamin netanyahu is playing whack the dog with what iran the reason i say that because he's being investigated and his country and i don't get why he will if when when when we were ready to go to war with iraq general power was went on tv showing this and bad weather nuclear this and that's what exactly what benjamin netanyahu said the other day to show the world by the nuclear deal should not stand and i think that israel has given the us a lot of information and this information could also been a secret and let's remember i don't understand what you're saying i mean you're you're right that bb the prime minister of israel went on international tv and showed that iran denied have a nuclear program which everyone agrees they did when they denied that they did say basically indicating these are not the kind of people were you necessarily want to accept their word for it but go ahead what what's your point what i'm saying is that that whole tv thing could have been a secret he gave the information to the u n or the united states he he had given it to the united states before and i am virtually certain that it was in collaboration with.
"mike benjamin" Discussed on WGTK
"The world she threatened than she pressured and she used coercion and so on at the un particularly by taking down names i don't think people appointed her the schoolmarm of the world so said hana ashrawi she is a longtime official in the palestine liberation organization she made that point at the un and nikki haley responded by walking out i don't know what else on on i've always said hamanaka trolley has a reputation as being one of the more moderate voices in the socalled palestinian leadership and by the way how's that election campaign going there in the palestinian authority mahmoud abbas eighty two years young is entering his thirteenth year of his fouryear term this is this is a problem it is a very real problem but it is not a problem to recognize the reality that the only time that jerusalem has ever been the capital of anything it has been a jewish capital for king david and now for contemporary israel let's go to sean in atlanta sean you're on the michael medved show thank you mike benjamin netanyahu is playing whack a dog with what iran the reason i say that because he's being investigated that his country and i don't get why he will if when when when he was ready to go away iraq general power was went on tv showing this and bad weather nucleus this and that's why exactly what benjamin netanyahu pay all the day to show the world by the nuclear deal should not stand and i think that israel has given the us a lot of information and this information could also been a secret and let's all remember i don't i don't understand what you're saying i mean you're right that b the prime minister of israel went on international tv and showed that iran did have a nuclear program which everyone agrees they did when they denied that they did saying basically indicating these are not the kind of people were you necessarily want to accept their word for it but go ahead what what's your point what i'm saying about that is that that whole thing could have been a secret he should've gave the information to the you an or the united states he'd get he had given it to the united states before and i am i'm virtually certain that it.
"mike benjamin" Discussed on KNBR The Sports Leader
"Mrs buster posey's san francisco giants now back to the giants post game show with marty larry i came vr six eighty all right nice to have you back was kyle is run to the board now leo and it's taken off met did a great job for two weeks pal how are you mugabe motivate yourself very good glad to have you whether so you'll do some replace risk tonight as well right we'll do yeah very good hey uh if you're in the north beach area and of course we love talking about some of our favorite restaurants in north beach area i've been mentioning u us restaurant it's a lot of fun 414 columbus columbus and vallejo street it's a local hang out for over a hundred years very famous restaurant authentic italian food and you know i say this every night i'm starting to get hungry linguini with rock shrimps gallup's capers in olives based on a tomato sauce a real southern italian dish it's a huge supporter their restaurants a huge supporter the giants photos of the early history the restaurants there's also photos of former giants and it is a lot of fun to go there so check it out the u s restaurant in north pichai we are going through the decades and trying to pick out the face of the decade and then we're doing something for them special at at t park so here we go here the '90s so kyle get ready wrath is ready see down who you think was the face of the franchise in the 1990s kurt man wearing steve decker jeffrey doug mirabella terry kennedy and brian johnson we'll clock made it for the these j t snow jr phillips robby thompson jeff can't mike benjamin in the ninth these so there's a real spill over to the os in the nineties matt williams bill miller charlie hayes jose rebate richer really a royce clayton sean dunnston darren lewis willie mcgee kevin mitchell mark leonard kevin best barry bonds let alan hill marvin benard stan javier's error ellis burks jeff.
"mike benjamin" Discussed on KNBR The Sports Leader
"Whoa be in which it it is a lot of jimmy fireworks humor but yet while we could that thank you and ali said was it all it was shook up on the back and i said that's all i do charts all tasty adjustments meant little adjustments that's what they sell a as henry some of the telling literally get choked up johnny guess what choked antic choked up on the bat twelve it sets a franchiserecord so long mike benjamin we all remember 1995 benjamin franklin with guy benjamin he's out there too all right dude it is the day the holy day that the nfl return inner masing the nfl returns in like it is turned more into like a social issue league than an actual footballing that's a good call i mean series between the michael bennett news yesterday the ongoing catholic stuff like people are more like like michael bennett michael bennett michael bennett michael bennett michael bennett neil like a wave of this game yeah no patriots chief so she'll be great game no question nice atmosphere up in foxborough it's our favorite in all sixteen games as she will year the way probably the best team in the league already and i think those arriving in this morning just listen in to pat and everything i was like you know what i finally it's not a single hallo yama yeah i think all him okay well still i mean i'm not ready for that but i hear you think i mean i think i'm laying down marias lonsdale back their heart i got my rifle i still do i think i think time is just the loyalty thing if the ship man i am going down with the ship i think the in goes down with the shia they signed this guy hits the field the night at age forty i'm like he's he's the greatest quick analogy slashed metaphor and in a matter of your way but like at the if you ever seen it's a great movies called.
"mike benjamin" Discussed on KNBR The Sports Leader
"Off the deal vast wore did a fourthinning basit by donaldson walk rider john sacrifice by gorky orlando's is knocks in two with a big yet to set a panic again panic wind dragged down the leftfield line obey fair way under the quarter pera digs it out he's got it we're waiver they're in hernandez he's going to store panic with his ninth of this series this is a double and it's now applied nothing at all no he was not done five nothing giants panic would come up again in the sixth lennick at that point the rockies did have one run on the board it was five two one with one out hernandez basit panic at the plate 100 so it in a line drive down the rightfield line legit number again digging out of gonzalo he does it nicely other going away dander growers off wine hernandez stores maddox got another it runs a double edits sixtoone just kept on swinging had left feel right fielder ever the rockies jason down joe panic with the double james were opening the game up at that point they got a home run for bag williamson the seven bidding rockies got a home run themselves or the bottom of the eighth inning panic led off due to here's the pitch panic here today wall up the metal bastet another one for panic he is fourforfive tonight he's got eleven heads in three games their match mike benjamin vanags got a smile on his face adverse race and we did we did do so more research we knew mike benjamin had been alaska i'd have eleven it's in a threegame series we found out that freddie lynch german 1928 bill terry in 1929 each also had eleven hits in a series for the giants so panic had matched of ranch guys record the giants though would get two runs of eddie than a nick conley drove we in panic with a tworun homer they needed so baserunners though in the ninth inning to make sure panic at a chance for all time history and that's exactly what they got gaby tom odds with a leadoff single.