Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:26
right here we go to say something
0:29
, licenses
0:32
and one and of
0:35
the different parties and when industry
0:38
bow and junior me tonight as always
0:40
is mister andrew tell it
0:42
hello, jerry, how are you, sir? i'm great
0:44
how are you doing? i'm
0:46
doing good i see
0:48
nobody else can see it, but i see this amazing background
0:50
that you've done with your studio and all sorts of cool
0:52
pictures did you take those?
0:54
do not take those the are straight off amazon
0:57
actually it's i'll i'll have to post a
0:59
picture at some point budget the pictures
1:01
are actually sound absorbing panels
1:05
no
1:07
there's jokes i'm not going to make him but then you
1:09
and your great good to see
1:11
awesome a reminder that the thoughts
1:13
and opinions we express on the show or hours and
1:15
do not represent those our
1:18
employers but as you are apt to point
1:20
out they could be further a price
1:24
in by doing with it really means is you
1:26
know going to change our opinions you just going to
1:28
higher
1:29
correct
1:31
mansour our existing opinions some
1:33
day that a work
1:35
all right so we have some
1:37
interesting stories today the first
1:39
one comes from se magazine
1:42
com the title is why solar winds
1:44
just might be one of the most
1:46
secure of software companies
1:48
in the turkey universe
1:51
pretty interesting one i i i went
1:53
into this a little
1:56
cynical
1:58
the
1:58
what it is real
1:59
reducing stephanie are there there is
2:02
i think what i found interesting as people
2:04
things one is very obvious
2:07
the
2:08
this to see planted attempt
2:11
to get back into the good graces the eighty
2:13
world
2:14
but at the same time
2:17
it is we're that the have
2:19
made some pretty significant
2:21
improvements in their security posture
2:23
and i think for that it deserves
2:26
the discussion
2:28
and only improve it's but they're also
2:30
having
2:33
the strong appearance of
2:35
transparency and sharing lessons
2:37
learned which we appreciate
2:40
correct the one thing that i soaps
2:43
will get into a little bit but they still don't really
2:45
tell you
2:47
how this the thing
2:49
happened
2:50
aliens
2:51
abby susie leaves they did tell you what
2:54
happens in so in the
2:56
article here they describe the spurs
2:59
see so of solar
3:02
winds describes that
3:04
the attack didn't actually change
3:07
their code base so the attack was against
3:09
their code repository
3:12
the actually against one of their build
3:14
systems and so they were
3:16
the adversary here was injecting
3:19
code at build time basically
3:21
so wasn't something that they could detect through
3:23
code reviews
3:25
the actually being
3:26
added as part of the build process
3:29
and by inference the head
3:32
pretty good control at least a sort they could
3:34
control over there
3:36
source code but they did not have
3:38
good control
3:39
over the build process in
3:41
in the article they go through
3:44
the security ah plus they've made to their build
3:46
process which are quite interesting like the
3:48
i would describe it as they have three
3:51
parallel the
3:53
channels that are run by three different
3:55
teams at
3:58
the end of the
3:59
in a be to those there's a comparison
4:03
and if they don't
4:04
they don't match they
4:06
call it it a deterministic built so
4:09
there are those security team
4:11
does one a dub up steam there's another and
4:13
a kiwi team does team third
4:16
the
4:16
there old building
4:19
the same set of code the
4:21
should end up with the same i know
4:24
final product
4:26
over the systems are
4:29
central to themselves they don't coming
4:31
little have access to each other's though
4:33
there should be a very low
4:36
opportunity for for an adversary
4:38
to have access to all three
4:40
environments and do the same thing they did
4:42
without being able to detect at
4:44
the end when they do the comparison between
4:47
a novel approach i hadn't
4:49
that about it it seems
4:52
the my first bush was it seemed excessive
4:55
that is the more think about it
4:57
it's probably not a huge amount of
4:59
resources to do submit made it makes
5:01
sense
5:04
yeah
5:05
the also they mention that three different people
5:07
are in charge of it rained so to
5:09
corrupted somehow injected
5:12
it all three would take
5:14
the how corrupting three different individuals
5:17
somehow someway yeah they would have the cool
5:19
the three teams would have to collude
5:22
the beach or which
5:24
the typical
5:28
absolutely so they actually i haven't
5:30
looked into it but they actually center they've open
5:32
source to their of their approach to this
5:34
the multi can most well just go multichannel
5:37
built
5:38
that was
5:39
interesting sony outlook their served
5:41
it's a good read that they talk about how the changed
5:44
from their pro model of having one central
5:46
a sock under the
5:48
the company see so to three different
5:50
sacks that monitor different different
5:53
aspects of the environment they went
5:55
from having a part time
5:58
red team to a dedicated he moves
6:00
focused on the built environment at
6:02
elsa the one
6:05
reservation i have is this kind
6:07
of feels maybe a little bit like they're
6:09
fighting the last
6:11
war
6:13
insole, all the stuff that they're
6:15
describing is very focused on addressing
6:18
the thing the failed last
6:21
time in
6:23
are they making equal improvements
6:25
in in other areas could be that would
6:27
say that
6:29
they're stuck in a bit of a pickle here are they
6:31
need to address the com question
6:33
is how do you can't stand this from happening again
6:35
dallas that is what most people
6:38
are good as him it's what the government's asking and that's
6:40
when customers asking them and
6:42
so they somewhat forced whether
6:44
that's the most the fishing users
6:46
not to deal with that problem right
6:49
they they have no choice but i also feel like a
6:51
lot of the changes they met built change
6:53
their build process would
6:55
catch the
6:57
great many other supply gmt
7:00
attack outcomes
7:01
seems to me for free of has also just
7:04
begun low things are easy to someone
7:06
explain i didn't want to devils in the details
7:09
that they had to figure out an image that they did
7:12
they halted all new development of any
7:14
new features for seven months and turned
7:16
all attention to steer
7:19
the elite family to play moved
7:21
from the attic and on prem
7:24
that been built environment to one that was in
7:26
a to be worse so that they could depend
7:28
amicably create and
7:30
destroy them as needed
7:32
the average it's an interesting the fundamental
7:35
concept this article saying
7:37
is say once you been breached i
7:40
knew secure yourself do
7:43
you have a lower likelihood of being breached
7:45
if you? are you like dale? you have
7:47
the board's attention now you have the budget i have the
7:49
people not have the mandate to secure
7:52
the company is that
7:54
true? i
7:56
i it is situational
7:58
we know that there are some
8:00
drawn a blank of use when the hotel chains
8:03
i don't see the wrong name but
8:05
i believe that there are are
8:07
also instances
8:10
roll readily available
8:12
the contras true like to just keep
8:14
can exact over and over and i sometimes
8:16
wonder that has to do it's complexity their environment
8:19
and dead legacy stuff in
8:21
there for i'm and if you look at a company like adderall
8:23
anything about silhouettes but i'm guessing
8:26
you know that they're somewhat of a clearly
8:29
modern id footprint that maybe
8:32
someone easy to retrofit as opposed to
8:34
the hotel chain probably some huge
8:36
data centers that are incredibly archaic
8:39
in their potential architecture and design
8:41
and now that's
8:43
a good points very good points a different
8:45
very different business model for
8:48
it and he talked about how they're spinning they've got
8:50
three different tiers of socks now
8:52
sourcing to them they're spending a crap
8:54
ton of money on security
8:57
whether it's a with crowd strike watching
8:59
all their and point stuff they mentioned in here
9:01
i'm sure that contract appreciated that their own
9:03
tier three so i can i get a lot
9:06
of stuff and they also talking that
9:08
now they're retention rates for customers your backup
9:10
in the nineties which is pretty pretty good
9:13
so other not yet clearly this is a pr
9:15
thing but the same
9:17
time i really do appreciate
9:20
the company has gone to the sharing is much the
9:22
sharing because the rest of us can learn from yeah
9:25
absolutely and the other
9:27
thing it's interesting as a look at this site where for sulfur company
9:30
now it's a small complete
9:32
something the size of these guys and we don't have the resources
9:34
these guys have but i
9:37
think about how many points
9:39
in our dev chain crowley
9:42
could be easily corrupted in the supply
9:44
chain attack that they're
9:47
starting with their model that
9:49
by wonder what what
9:51
can i do like how much of this could you do
9:54
on a budget there's a huge amount of people
9:56
environment here there's a huge amount of of
9:59
red tape legacy and checks
10:01
and balances that must
10:03
add tremendously to the cost
10:05
probably slow things down a little bit probably
10:08
got it would get push back if you just
10:10
trying to show up and your dev shop and say
10:12
hey we're doing this now without ever gone to the
10:14
sort of events so what of dancing around here is accounts
10:16
of a culture post
10:19
reach you know have a culture that's
10:21
probably more willing to accept what could be perceived
10:23
as draconian security mandate
10:25
over how they do things as opposed to pre
10:27
bridge
10:29
but it probably doesn't
10:32
still down for a while
10:34
yeah
10:35
the
10:36
the overhead at the port on any they also
10:38
in the article point
10:40
out that you know it remains to be seen
10:43
how
10:44
well solar winds continues
10:46
carrying on but he does it like
10:48
you said it does seem like
10:50
the if
10:51
that really taken this in learned
10:54
from it and not only learn from it but also
10:56
his we see in this
10:58
article trying to help the rest
11:00
of the rest of the industry language is
11:02
by the way like what we're trying to do here on
11:05
the show kudos to them
11:08
the
11:10
yeah
11:12
the also wonder how many other doves development
11:14
shops
11:17
we'll learn from this and
11:19
adopt some these practices so
11:21
they're not the next obliging attack that's
11:24
really where the benefit comes
11:26
yeah absolutely
11:30
all right onto the next story
11:32
which comes from computer weekly dot com and
11:34
the title here is log for shell and this
11:36
way to becoming endemic
11:39
who the the us government after
11:41
joe biden president joe biden sub
11:44
executive order in
11:47
twenty twenty one
11:48
maybe
11:49
formed a cyber security
11:52
what it's called the cyber labour safety review
11:54
fiber safety review board a could remember
11:56
the us
11:57
which i think was modeled after
11:59
the
11:59
if be or what have you
12:01
that they released this report last
12:04
week which describes
12:07
what happened in or least their analysis
12:09
what happened
12:10
in the log for j incident
12:13
happened last year
12:17
oh i'm nick
12:19
mixed emotions about this
12:21
one the older one of the one
12:23
of the key findings instead open
12:26
source development doesn't have
12:28
the same level as
12:30
maturity and resources that that
12:32
commercial software does
12:34
and the one hand
12:38
you wanted a promises of open source was
12:40
many ice makes
12:42
very shallow
12:44
which would be cuisine is not
12:46
really holding water very well
12:49
but it but i think the other
12:50
problem is it's asserting
12:53
that
12:54
open source developers are uniquely
12:56
making security mistakes in
12:58
their development
13:00
last i checked every single
13:02
month for the past twenty plus
13:05
years microsoft
13:07
releases set of patches
13:09
or security bugs in their software
13:12
and they are not open source and and
13:14
so i i
13:15
i think in a what with a little frustrating
13:17
to me use they didn't
13:19
if you will be didn't address the that
13:21
else and in the room
13:23
which was not necessarily that the
13:25
the that open source developers here
13:27
did
13:28
a bad job didn't understand how to
13:31
code securely
13:33
self evident that they made him he
13:35
made mistakes
13:37
but the bigger problem is
13:39
the fact that it was
13:41
rolled up into so
13:43
freaking many
13:46
other open source
13:48
they're not open source packages
13:51
in the end multi tiered right
13:54
combined into a package this combined
13:56
into another package the combined into another
13:58
pegasus
13:59
combined into his commercial
14:02
software
14:03
the and
14:04
the big challenge we had as an industry
14:07
was figuring out
14:10
where they were all that stuff was
14:12
and then at even after that trying to beat
14:14
on your vendors
14:17
come to terms with effect of they actually have
14:20
love for j in there
14:22
the environment and then having to make these like
14:24
painful decisions do we stop using
14:27
for instance vm were because we know that
14:29
they have the out that they have love for jay and have
14:31
it released a patch
14:32
the time
14:35
but that that is suggests the more
14:37
concerning problem
14:40
not to serve you see for love for t but when you
14:42
look across the industry
14:44
we have lots of things like log
14:46
for j that are pretty
14:48
mans by oh either a single
14:50
person or a very small team on
14:52
a best effort basis and they serve some kind
14:54
of important function they just
14:57
keep getting consolidated
14:59
the and i don't think there's a real appreciation
15:02
for how pervasively some of these
15:04
things
15:05
or be used they do talk about in the recommendations
15:07
about creating both in a better a building materials
15:10
for software which only
15:13
do that for coming at it the runway
15:15
paid seems to me like we need to be looking
15:18
for hotspots and addressing
15:20
the suspects and this and stuff and that seen
15:22
that in it's concerning twitter what do you mean by
15:24
hot spots
15:25
in terms of potentially
15:29
where we managed or not
15:31
it's not the right way to say it
15:33
well managed opensource packages
15:36
that have become super
15:39
ingrained in the eighty ecosystem
15:41
like log for change like openness and so has
15:43
been in some of the other bass and
15:46
and and so on the
15:49
see this coming go but
15:51
at the end of the day i i i don't know
15:54
that we have a good handle on where those
15:56
things are so we're just gonna continue to
15:59
get surprise some
16:01
enterprising researcher was
16:03
submerged nobody's looked under before
16:05
and realizes oh gosh there's this piece
16:07
of code it was managed by a teenager
16:10
the proverbial basement
16:12
then they since moved on the college and it's
16:15
in the study mean to anymore anymore but
16:17
it's like the used by
16:19
hi everybody in their dog
16:23
we don't seem to be a thinking about their problems
16:25
least in that way
16:28
certainly early on in the covering this to about
16:30
how open source is less
16:33
rigorous in their controls than
16:35
commercial but i think
16:37
it's very fair to say that the vast
16:39
majority of commercial applications reusing
16:43
tons of open sore and so louis in
16:45
their code right the
16:48
kind of odd implication there's a commercial
16:50
entities right even if the ground up when that's not
16:52
true star years the flip side if
16:55
i've got a well known
16:57
mature vetted package
17:00
that does it's job well that i
17:02
can including myself her baggage i
17:05
could potentially save myself a lot of bugs
17:07
and and vulnerabilities
17:09
because that package has been so well vetted
17:13
in theory right hundred you
17:15
know it's like ready your own encryption algorithm bad
17:18
idea there's a whole whole
17:20
it be of people whose edited ruined
17:22
because they thought they knew better and that's a really
17:24
hard problem solved so i think there's
17:27
value in having and
17:30
was like engineering standards of this
17:32
type of strength of concrete that is reuse
17:35
because it's a known quantity as
17:37
opposed to hey we're just going invent new concrete
17:39
give it a whirl i see the little bit like that
17:43
what are you i agree with you i also
17:45
wonder how often damn shops can
17:47
spare someone who whole job
17:50
is to dig deep into the ecosystem
17:52
of all the packages they pullin when
17:54
they do the development in know than life
17:56
cycle those the
17:59
level where he about vs hey that's a solved
18:01
problem i just put off the shelf and move on
18:05
i think that is the very issue
18:07
for associate that is
18:10
probably because they don't think most companies have
18:12
the ability to do that when you thing and i
18:14
got a curated
18:16
market of i open source tools
18:18
that are will maintain think we're headed in that
18:20
direction they don't
18:22
love the idea
18:24
any stretch of the same don't
18:27
mean to imply that i do
18:30
i don't see a good alternative
18:32
in the reason is that like you said
18:34
we want it as a as the developer
18:37
of of application whether it's open
18:39
source or not
18:40
you want to use you don't want to recreate
18:43
something that's already existing and you
18:45
want to use them this reliable
18:48
i think that one of the problems
18:50
is
18:51
these smaller pieces of open source
18:53
technology like have a strong feeling that
18:55
like the know when love for
18:57
j started out they didn't expected they
18:59
were going to be in every freaking this
19:02
a commercial an open source software
19:04
out there it just happened it
19:06
happened over time when
19:09
he didn't you know it and and i'd the just think
19:11
there was little consideration on both sides
19:13
of the equation or what was happening
19:16
was just happening in nobody
19:18
really
19:19
was aware of it sounds like a log which
19:21
aging was like gum use me everywhere had
19:23
there's a limit of hey i wrote this it's up to you
19:26
want to use a that's on you know it's there
19:28
soviet answer so it
19:30
this
19:32
is it's the from
19:35
ireland suffer bill materials as your solve either
19:38
i know why people are talking about it i know that
19:40
it helps but it means i think it it
19:42
helps in so much as if you have
19:44
a few as the me
19:46
a manufacturer of software or even
19:48
us oh consumer
19:51
have a as been the
19:53
goes all the way down which by the way is itself
19:55
a pretty tricky
19:57
something like log for j heads
20:00
becomes much easier to look across
20:02
your environments a if i get it there and there yeah
20:05
that's what i have to go fix by the way
20:07
like it's your also depended on
20:09
your clothes source
20:11
commercial software provider
20:13
also doing it a
20:15
similar
20:16
and a job so i think there's a
20:18
coming set of standards and
20:20
practices
20:22
the industry's gonna have to it to get to
20:24
because this problem is gonna go way
20:26
it's going to continue to get worse
20:29
and families either gonna have some enterprising
20:32
government like australia in the air
20:34
the us is gonna stuffer the
20:36
wish none of us like dot or throat organ
20:39
to have you come up or something
20:41
the and wrong it'll be hitters new see how
20:43
how it plays out now
20:45
that i think the genies of a bottle you gotta
20:47
assume some these big cybercrime sin
20:50
against or whatever community users attempting
20:52
to replicate this
20:54
hundred percent the person
20:56
they get a be looking around seeing what is that
20:59
would open source components exist
21:02
in pervasively in and what would
21:04
be easy is
21:06
for me to take over slash compromise
21:09
so that the i could brolin roll
21:11
up to into his his money
21:13
environments as i can with that
21:15
would be
21:17
super convenient as a as an adversary
21:20
anyway but the lots
21:22
more to come on that i do think
21:24
we're going to see lots of
21:27
hyper focus on
21:29
no
21:30
there's good supply chain open source
21:33
humming
21:34
and i fear that it's going to
21:37
the largely misguided for at least from
21:39
one fair enough already
21:41
the next story comes from bleeping computer
21:43
and the it's fascinating one title
21:46
is hackers impersonate cyber security firms
21:48
in callback phishing attacks clever
21:50
people we we have a story here about
21:53
in adversary or maybe multiple adversaries
21:55
who have become super
21:58
enterprising
21:59
and they
21:59
sending letters
22:02
to unwitting
22:04
the employees at different companies
22:07
you know how will target this is this is really
22:09
no letters discussion but that but been
22:11
in the examples they cite they have a letter
22:14
like i had to get comes
22:16
the way of email and crowd
22:18
strike letterhead and it basically
22:21
says hey crowd strike and your employer
22:23
has this
22:25
that his contract and place we've seen some
22:27
anomalous activity you have
22:29
you in your company are
22:31
beholden to different regulatory requirements
22:34
and we have to move really fast we need
22:36
you to call this oh numbers
22:38
and to schedule an assessment
22:41
and him
22:42
unlike by the way a lot of a lot of
22:44
these things is pretty well written i would
22:46
like to think that if i got it i would
22:48
say was bs but it
22:51
is it really will read this that slothful a
22:53
grammatical errors kind of makes sense
22:56
in in apparently if you follow the instructions
22:59
by the way the hypothesis
23:01
is that little lead to unsurprisingly
23:04
i read somewhere a infection is
23:06
the install a remote access trojan
23:09
on your workstation and then you should use
23:11
that as a be chatting and into year
23:14
the company
23:16
yeah
23:18
he to see a bit know the good reason why you shouldn't let
23:20
your employees of randomly install software
23:23
yes that you have to assume the
23:25
some this is where i struggle by the way
23:27
with this engineering training is
23:29
i really do believe in son of failure
23:32
sort of warfare is unintelligent failure it's
23:35
it's a psychological weakness of how
23:37
human beings greens work
23:40
the bad guys are exploiting and
23:43
they will find some percentage
23:46
in some certain circumstances that
23:48
will fall for these sorts of efforts
23:52
and you've got to be resilient against that i
23:54
don't think you can train that risk away
23:58
the yeah i would say that it's pair
23:59
i think that you can train in away
24:02
because then you start to think that when it happens
24:06
it's the failure of the person
24:08
in actually think that's a long way to think about it if
24:10
you have obviously
24:12
you want to do some a level of training
24:15
church the stood for door the reason
24:17
you're obligated to do that by many regulations
24:19
and whatnot
24:21
that are also what you want people
24:23
to understand like what to look for it's
24:25
it helps in the long run but it is the end of the day
24:27
like you we have the designer and baronets
24:30
who will stand that kind of
24:34
issue rate of yeah if if we're
24:37
the bar security is predicated on
24:39
someone recognizing
24:41
that a well written email on
24:43
crowd stoked letterhead
24:45
this
24:46
this is fake
24:48
we have problems yeah if
24:50
you never give be taken down by one
24:52
here and click on an employee that
24:56
i think is probably the salt
24:57
and this a failure on on on
25:00
our alec i t and insecurity
25:02
side not under his employees
25:04
and though
25:06
really be on the lookout obviously
25:09
this is a pretty and i hadn't
25:11
heard this before it makes total sense in hindsight
25:14
but something to be on the lookout for
25:17
alright the last three we have comes
25:19
from cyber security ties dot
25:21
com
25:23
one of my new new favorite websites by the
25:25
way
25:27
the good stuff title is microsoft
25:30
rollback a macro blocking and office
25:32
sos confusion
25:34
so earlier in the year microsoft made
25:37
a a much heralded
25:39
announcements that they were going to be blocking
25:43
the macros in microsoft
25:45
office from anything that was
25:48
originated from the internet
25:50
and and
25:52
was borne out by the way by the parents
25:55
some researchers have said that they'd much
25:57
as two thirds
25:59
the
25:59
the attacks involving macros
26:02
as
26:03
oh in a way
26:04
it's a pretty effective control microsoft
26:06
last week
26:08
no to they were reversing course and real
26:10
enabling macros
26:12
i assume
26:14
because see oppose everywhere were
26:17
for meltdown that there
26:19
if you spread sheets were no longer working and
26:22
obviously we should assume that the attacks
26:24
are going to be back on the upswing and
26:26
i apparently this is a
26:28
temporary reprieve it's a little
26:31
unclear when microsoft is going to
26:33
three enable it but i have a strong
26:35
feeling that a lot of organizations
26:37
have
26:39
thinking of taking a a breather
26:41
on this front because microsoft
26:43
solve that for us and now
26:45
we now we to be back on on the defensive
26:50
yeah i'm really curious what the conversation
26:52
was like that for some reverse
26:54
course i what broke that was that big
26:56
of a deal that was so
26:58
imperatives because it has been a problem
27:01
the release fifteen years will max
27:04
oh yeah at least this was a pretty big
27:06
win and now
27:08
it's can
27:10
i get rolled back so i
27:12
was disappointed
27:14
there are in in those i think
27:16
to some links in here you can actually go back
27:18
and run a bullet through group policy
27:21
settings obviously so if you're so
27:23
inclined probably really
27:25
good idea as a as an i t industries
27:27
inc with were sauce
27:29
the strange until they ran a bully
27:32
this is without knowing all the reasons
27:34
behind it is feels like such a pure example
27:36
of productivity vs security
27:39
sort of treat awesome playing a real time
27:43
and almost guarantee this what's going on
27:46
that yes that is a
27:48
little concerning definitely
27:51
yeah no ago
27:53
indeed he would have it's to
27:55
be continued stay tuned to be continued
27:59
that is
27:59
the story for to they are just
28:02
one little bit of editorial it
28:04
i spend a lotta time during the week reading
28:07
different stories all kinds of google alert
28:10
set up for for different security stories
28:12
and whatnot
28:14
what we talk about in these
28:16
hard cash
28:18
in
28:20
it is amazing to me
28:22
how many stories that
28:24
are
28:25
how to his news
28:28
are actually basically
28:30
marketing pieces i
28:34
know that we've talked about this in the past but it
28:36
is a learning i actually gotten to the point
28:38
now where it dropped down to the end to see
28:40
what they're going to try to sell me before you get
28:42
to invested
28:44
the i look who wrote if
28:46
they're like not a staff writer if they're like
28:48
contributing writer and from chief marketing
28:50
officer from blah blah blah my nope
28:52
the
28:53
a very quickly just
28:56
pretty and if it's something written by an employee
28:58
of a vendor some variety i
29:01
don't mean to be harsher adjust there's
29:04
a bias there that they believe
29:07
their own marketing and
29:09
or old dog food and they're clearly pushing the
29:11
problem they know how to solve
29:13
weird characterizing the problem
29:15
is
29:16
something that their offerings can solve
29:20
right and but i think it's a
29:22
certainly understandable
29:24
this shouldn't but i
29:26
i'm concerned that as a
29:28
industry where
29:31
do we go to get actual best practices
29:33
because his year if everything you read is written
29:35
by
29:36
security vendor who wants the
29:39
best practices are install crowd strike
29:41
install bred canaries though
29:43
mcafee the study earrings interesting you
29:46
bring up his ringside point which is i'm
29:48
seeing some movement in the cyber insurance
29:51
industry that they're basically saying
29:54
the brought us level for those that are less
29:56
sophisticated these are the three
29:58
eighty hours we once you one else
30:00
and if it's not one of these three your your premium
30:02
pricing
30:04
that's interesting
30:06
then you're like wow especially
30:08
because it's such a blanket statements
30:10
and so many virus or different
30:13
and i'm sure i'm not passing judgement on the
30:15
efficacy of those three vendors is why
30:17
not saying them it's more that's
30:19
feels like a very lack
30:22
of nuanced opinion that very blunt
30:25
instrument being applied there
30:28
yeah it also ignores
30:31
like a whole spectrum of other stuff
30:33
doing in snatches the greedy are
30:36
deep state in which is onset coming
30:38
very much read somewhere they're just getting their asked
30:40
experience workouts and so they're like what
30:42
is what will stop read somewhere furnace
30:45
specific the point
30:47
that's your point about it so many marketing pieces
30:50
being masquerading as
30:52
it was sec news i think is very true that
30:56
on a note i want to take city sponsor of bob's
30:58
budget firewall
31:01
probably fair for ethics with
31:03
cleared ten years of no not
31:05
at their sponsorship not
31:07
nicer to prove any kind other than
31:09
the relations between person
31:12
right that is the show
31:14
for the sleek happy to have rather
31:16
than two weeks naruto
31:19
the make a habit of
31:20
i know is great i appreciate
31:23
right for us to all for listers pistol
31:26
ass
31:27
i am
31:28
moved to
31:30
commercial podcasting
31:32
hosting platform and so we get actually now
31:34
and some metrics only of out of
31:36
ten thousand ish
31:38
wow
31:39
wix is that counting the inmates that are forced
31:41
to listen to part of their correction know c c
31:43
i i think actually because that's the one
31:46
that many things so there's probably like
31:48
one stream is forcing like
31:50
baby five hundred people
31:52
yeah
31:54
then when they do crowd control like better be thousands
31:57
of people that is true i
31:59
was quite
31:59
the teens and really proud
32:02
of you when i found that the your voice was
32:05
found to be one of the best tools to
32:07
disperse crowds
32:08
a we'll have to be good as since and rate is
32:11
up there with
32:13
charles's
32:14
there
32:16
right neck and neck
32:18
better to tear gas i are you were
32:20
this better i was not aware that
32:22
i had to overtaken tear gas
32:25
impressive my friend usually proud i i
32:28
parents should be proud i am i'm
32:30
gonna go tell them
32:31
alright alright that'd
32:34
, good with really sorry
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More