Small-town street scene in Illinois American flag flapping in breeze by huge painted American flag fading from brick wall
 

Episode 12 - Disconnects and Redundancies

This week, the guys discuss a disconnect between employees working remotely and their corporate IT departments hindering productivity for both parties, along with how the debate between IT providers leaning towards a self-service model for IT help. The newest cybersecurity team models are discussed along with tips for company-wide cybersecurity.

In addition, the guys discuss the recent shutdown of Parler and the issue of companies relying on a cloud-based server, instead of relying on its own hardware.

Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com
Be sure to rate the podcast, leave us a review, and subscribe! 

10103417-small

Send Us Your Questions & Rants!

welcome to the cyber rants podcast where we're all  about sharing the forbidden secrets and slightly  
embellished truths about corporate cyber security  programs we're ranting we're raving and we're  
telling you the stuff that nobody talks about  on their fancy website and trade show giveaways  
all to protect you from cyber security  criminals and now here's your hosts mike rotondo  
zach fuller and lauro chavez hello and welcome to  the cyber rants podcast this is your co-host zach  
fuller joined by mike rotondo and lauro chavez  we have a excellent show today as usual planned  
ready to go be interesting to see where this  conversation goes but before we start mike why  
don't you kick us off with the news the news of  the day good day and welcome to podcast 2 of 2021  
um hey the ranchmore gangs are scavenging for  sensitive data by targeting top executives  
yes your least technical people with the most  information are now targets again keep that in  
mind when you're going through your training  your execs may need a little extra training  
google titan security keys hacked by french  researchers yep the google security is now  
hackable malicious software infrastructure easier  to get to unemployed than ever now it is no longer  
a command line it's now point-and-click even  younger script kitties or script kids with even  
less skills can now hack you i guess it's progress  team tnt.net now steals docker api and aws  
credentials lock that aws down make sure that you  are uh double checking your security but there are  
there's bad stuff out there guys android malware  claims to give hackers full control of your  
smartphone as if the android hasn't been hacked  enough there is now a rat out there called rogue  
that can basically give people complete control  of your smartphone security research is claiming  
downloading 70 terabytes of sensitive parlor data  we're going to touch more about this later but  
uh parlor if you haven't heard was shot down and  now the data apparently has been hacked intel adds  
hardware enabled ransomware detects to 11 gen  v pro chips that's kind of interesting actually  
i think that's something that is positive that  they if they can actually make that work that's  
that's a great advancement another interesting  headline massive i t employee disconnect hindering  
remote productivity this is a discussion about how  itc's working remote and how people working remote  
see working remote from a technical perspective so  we will touch on that later in the podcast as well  
office january security updates fix remote code  execution bugs yep there's more microsoft bugs  
it's 2021 the 15th and we've got multiple critical  patches already cisco addresses high severity flaw  
in cmx software we have cisco releasing 67  addressing 67 high severity vulnerabilities  
patch up your cisco cyber criminals are  bypassing multi factor authentication to  
access organizations cloud services that's scary  mfa which was for a long time considered to be  
almost bulletproof is now becoming vulnerable look  into your scissor cisa has some warnings out there  
as well as some potential ways to deal with that  but it is becoming an epidemic and the last story  
it's finally over we can now all uninstall adobe  flash player it's dead that's the headlines lauro  
sayonara i had a lot of good times with flash it's  been a long road adobe thank you i was i was just  
about to ask you mike if that if you have any good  news for us and uh you ended on a good note there  
yeah that's uh you know at least something good's
all happening so you know typically this is  the moment where i go into vulnerabilities  
like that's not ever going to be new  vulnerabilities out there so i thought  
i'd take conversation um where it might be more  valuable to the listeners and start talking about  
available exploits that are working against said  vulnerabilities that we talked about previously  
on the show and that might be out right now  so instead of just telling you to patch your  
systems i'm going to tell you why you should pass  your systems because of the available exploits  
they're going to be available for download in  tools like madison display and um some modules  
will be also capable to be parsed into cobalt  strike so of those things let's talk about paper  
stream ip if you're running paper stream there is  a local privilege escalation that's been validated  
to work that exploit will work okay getting a  remote code execution is there stone to type nexus  
if you've been installed there is a remote code  execution that gives you authenticated privileges  
that has been validated by multiple researchers  this month this is all very current things from  
the beginning of the month so wordpress for  wp discuss and auto optimize both of those  
authenticated arbitrary file uploads have been  validated those are php files and go right up to  
one of the wordpress plugins running uh seven or  two seven uh for those the custom global variables  
for wordpress also another validated exploit  this month so again make sure that your wordpress  
plugins are updated very very important and then  of course the big one for today is the netsia  
server it's an authentication bypass and adds a  root user and the module is available from meta  
display it's been validated by 15 researchers at  this point so if you've gotten that csb um 16 make  
sure that you're you're looking at that in in in a  very serious way that's enough that's enough today  
zach i like it thank you thank you lauro  interesting to see what's happening out there and  
i've actually had people tell me that oh wordpress  is extremely secure and you can't go wrong and all  
that like well great platform but introduce these  plug-ins and problems will certainly occur so  
i've seen it happen we have a little bit different  approach today so we've been talking about general  
topics in the books and improving your cyber  security programs and such but there's some really  
interesting things that have happened and some  interesting articles that have come out recently  
so we'll talk about two of those today let's dive  right into the first one this is an article from  
help net security if you haven't seen their site  helpnetsecurity.com and this article came out  
this week january 13th and it is titled  massive i.t employee disconnect hindering  
remote productivity the article is all  about the disconnect between employees and  
the it departments with it teams believed to  be true in terms of connectivity satisfaction  
visibility all those things and it turns out  employees serve employees that are surveyed  
think much much differently so i think  it's time to get on the the same page with  
the with the uh the rest of staff now i i'm  curious to see what you guys think but to me  
this has always been a problem right i don't  think any an employee or has ever said i love  
my work machine i love showing up to work and  getting on my windows desktop there in my cube and  
it just is wonderful and works all the time and  i can always print and email always works i don't  
think that's ever happened in history i could be  wrong but i think there's always been a disconnect  
it's interesting to see that now that there's  not a there's not butts and seats in an office  
so to speak and everybody's working remote  from home it's causing even more issues well  
i mean coming from an i.t perspective i can  tell you the end users are wrong right was  
it the problem i always liked my uh my company  provided laptop after i rooted it with admin  
access and installed the apps i needed and got the  printer drivers to work i mean then it worked fine  
i'm sure that's the problem right you know the  configuration changes i think that are necessary  
to be made to secure those remote endpoints  when they're in various locations people's  
homes maybe a coffee shop do have problems right  i mean and a lot of this there wasn't a lot of  
time to test these things people had to be remote  immediately so all the testing now is being done  
you know pretty much in parallel with with  real world ops well i think there's also a  
disconnect between you know i t without it  having regular interaction with their user  
base i think what's happening is that the roadmap  for it and what's being done is not necessarily
done for the usability of the end user right  now where they're focused on security which  
they should be but may hinder usability and i  think that's one of the complaints in the article  
is that they they're just not they're not taking  the employee into account so they're almost being  
pushed aside from a security perspective that  being said it's kind of a two-edged sword that  
um you know you have to choose security versus  usability and that's something we face all the  
time um you know and if you have on non-responsive  uh remote users or you have um critical patches  
they need to be done um and that may interrupt  employee productivity from time to time  
whereas if you have the machines in the office  you have more control over them so i mean that's  
it's a tough it's a tough road to hoe i think too  you got to wonder because if we go back to the  
the the user errors right the the old picnic  error the problem in chair not in computer  
or the idt id10t errors well how how many  times do you think we're thinking about  
a lot of employees are going to have  very little training or not very  
be very skilled in their use of their machines  and so how often before were they able to  
talk to the person sitting at the desk next to  them or say hey how do i do this how do i do that  
whereas now working remotely they don't have  that option right so they either have to  
figure it out themselves which probably creates  more frustration or reach out to the help desk  
remotely they're not going to have that that  handle necessarily totally it's it's always been  
trying to accomplish self-service right and  they've always wanted some form of a checkout  
cart where the user could go and say i need this  software installed and check it out in a cart and  
then it gets applied later in an update right and  so i you know again i think what's happening is  
you know not just neglect for the user but i  think in a manner in which to pervade the the  
importance of these changes to the user because  one of the problems that we face is we'll have an  
organization and you know we'll run them through a  you know a cmmc gap assessment or pci or something  
similar and they'll come back that they have you  know they're missing multi-factor authentication  
for you know majority of the workforce as a best  practice and that might be a work stream that  
that is stalled for two plus years just because  the body of the employees don't want to do it  
they don't want to have to use a one-time  pin right as an additional part of a login  
and they'll fight that change and management will  sort of listen to the people and because they want  
productivity and you know they want everybody  to be happy but at the same time you're like you  
said it's a double-edged sword my you're negating  that security to to you know basically cater to  
the needs of the people um and what will happen  is that somebody eventually will make a mistake  
use a weak password or a log and get brute forced  and and that that easy change with multi-factor  
while is it one more thing to do sure but look at  the the next level of security layers it provides  
over traditional single login one of the one of  the the mentions in the article it actually states  
100 of surveyed it managers believe end users  are satisfied with the service desk experience  
and that that statement that result of the survey  just blew me away that's pretty confident i mean  
if if i was running a it help desk or it services  right i would i don't know that i would be able  
to say yeah a hundred percent everybody is  everybody is satisfied you know people are  
people are satisfied with work i would i would  say that um yeah they're you know satisfied for  
the most part or at a certain level but not  with certainty that yep up everybody's good  
because then it goes on to say that yet only 44  of the remote employees are completely satisfied  
so kind of a interesting thing goes back to what  you mentioned mike about not really uh not really  
caring so much kind of thinking oh  well it's just the it's just the  
employee's problem but you take that  uh disconnect and then compound it with  
those security issues like you're mentioning  lauro trying to add additional steps it's gonna  
it's gonna cause ongoing problems but in fact the  matter is we gotta figure this out in the world  
of technology because it has to happen especially  with remote work working is here to stay so this  
is going to be a big thing i think there's going  to be a lot of a lot more companies spinning up  
new technologies um new consulting firms just to  tackle this problem yeah i mean it's something  
that's going to have to be addressed and it's you  know something that's really never going to be  
100 it's a scary number i don't know 100 of  people that would agree on 100 of anything right  
it's just bizarre and my guess is you know that's  maybe the old cynic in me but just about the time  
all the vaccines are distributed we'll figure  it out so well they'll probably either decide  
to you know bring people back house right or um  you know you know you said i think the remote  
workforce is here to stay for the majority  of companies um but i think that there will  
be some that go back to that traditional um you  know want that you know human in a seat paradigm  
well yeah and we have now some clients that  have talked about that i mean they were in the  
process of doing giant uh renovations of their  buildings and their working spaces and they've  
invested serious amounts of capital and say oh  no you guys just work from home i mean obviously  
they're not necessarily going to do that right  so well to wrap up this article it says that  
53 of it managers claim they spend most of their  time working on securing their remote workforce  
but on the other hand security is not within  the top three priorities that employees listed  
for it organizations rather the top employee  concerns included preventing i.t issues altogether  
and the speed in which issues are resolved so it  just goes to show that still of course security  
for for the the standard user security takes a  back seat to convenience right of course they have  
to have to be able to have uh easy access to their  technologies and i i think that's going to be a  
take a long time to change there's a missed  educational opportunity too because i mean  
i think there needs to be and maybe  that's what's missing is an education  
this is why we're doing these security things  right i mean the dark web the cyber criminals  
have declared war on remote access and yeah  we we need to inconvenient inconvenience you  
with some additional security measures yeah it  needs to be communicated not just implemented
yeah absolutely they forget to see the big picture  you know it's like well would i rather go through  
this extra step and keep my job or would i rather  go through a major breach and have the company lay  
off a bunch of people right i mean to me that's  pretty easy easy choice but i'm biased for being  
in the business right but interesting stuff i  don't think it's going to get solved overnight  
but at least people are thinking about it and the  and covid has certainly changed the way we look at  
the use of i.t and staffing for organizations  in general so the next article is is from  
hackread.com so just check out their website good  good source of information and it is about parlor  
you probably heard people probably heard on the  news about parlor but um the title of the article  
from january 11th is security researchers claims  downloading 70 terabytes of sensitive parlor data  
lauro you and i we were talking about parlor and  and you gave a real good overview the other day do  
you want to do kind of a recap for those people  who haven't followed it yeah absolutely so um  
you know what i want to try to keep so this you  know this is a kind of a sensitive conversation  
for a lot of a lot of people and this you  know certainly does raise a question about  
you know our republic right and and what  powers corporations have but essentially  
parlor for those who do not know was a place  of let's just call it um internet freedom  
you could post things there and it was not  moderated um sites that are moderated that will  
um censor your content or places like facebook  instagram youtube sources like that twitter right  
you're gonna if you post something they're gonna  they have teams and they have ai they're gonna  
censor what you say so um parlor was one of those  locations that was still very free speech very you  
know digital freedom so there was a lot of content  getting posted there right and again i'm trying  
to say politics out of it doesn't i try to want to  leave that out of it but people were posting their  
opinions um on you know freedom of speech opinions  on this site and um in any case what had happened  
is that because of the notoriety with um with this  with this app and and with the policing that was  
happening with twitter and facebook and instagram  and youtube um individuals were abandoning those  
apps for what we refer to as alt tech okay which  which is what parlor was it was part of all tech  
so if you're not familiar with bit shoot or  library or gab for example right these are all  
all tech sites that give you an opportunity to go  someplace that's more digitally free and it's not  
censored so when this had this mass exodus from  from mainstream tech to alt tech especially to  
parlor um google was the first organization to  come forth and say hey we we don't we don't like  
the way you're operating your business you're  not policing your content and so we're going to  
move remove your app from the app store so once  you remove google play you know from the google  
play store now all the droid phones that are  part google can't get it and so apple followed  
suit apple also removed the app parlor from their  app store just allowing anybody that had an iphone  
um or an apple product from being able to um  install that application which that's okay you  
can still go to the website you can still read  it there at which point amazon um aws services  
uh put force that they were going to terminate  the parlor services so they had all their  
data and everything stored there in aws  right they were using aws elastic and so  
um that got terminated at midnight according to  what amazon said they kept their word and they  
terminated the site okay so during this time  right i think things are getting turned down  
um the parlor technical team's probably running  around trying to figure out backups okay well  
unfortunately there was a insecure direct  object vulnerability with the site okay and  
a hacker named donkey basically was able  to exploit that and pull down every post  
that had ever been sent to parlor in  in order because she could guess the um  
the string right the quarry string for the for the  the reference object so because of that she she  
you know the the individual knew everything where  it was going to be and could pull it all down  
and it had location data it had times dates  it had the original content from every post  
so anybody who ever posted anything to parlor  through the app or through the website was  
pulled down in this in this particular um you  know data data siphon and so that data is going  
to include user names it's going to include  location data because parlor didn't scrub  
that right they weren't scrubbing any of this  type of metadata from those posts so i'll pause  
there that's that's probably en enough zach  i think that that kind of hopefully gives a  
good background to everybody on what exactly  happened so here we are parlor's been basically  
put into the dirt in the course of about a week um  from the disbandment of all of the cop of all the  
supporting technologies to the turning off of the  actual um operating systems and instances in the  
amazon cloud leaving the organization essentially  not having anything to do and nowhere for those  
people to get their data back or anything that  they saved or accounts or anything so eradicated  
eviscerated it it's pretty interesting stuff going  on i the bigger picture there's there's clearly a  
war going on to you know for control of of the  media of people of americans really thoughts  
opinions ideas trying to shape culture trying  to shape uh shape the outcomes of all kinds of  
different things you know and and um i mean it's  been going on a long time and advertising and such  
um tracking user activities and all that but these  big tech companies have more and more power and it  
it makes you wonder you know there's been this  big rush to the the cloud and and using all cloud  
services and and which there's a lot of benefits  to that of course but it makes you wonder well  
are are issues like that going to make people  start uh bringing bringing it back out of the  
cloud start going to their own hardware they're  building their own data centers again be more  
focused on control of be more like hillary clinton  i i hope though right no i certainly hope so  
and you know mike has heard me call the cloud of  fad for a really long time i'm a big believer that  
it's just somebody else's computer it is someone  else's computer and that all sounds great because  
now you think you don't have to manage you don't  have to own it there's this shift of risk that you  
don't have to now worry about from your business  but look at parlor um to know that you know your  
your services are there the hand of another of  another party and then that that party can decide  
your fate at any given time based on  something that maybe content that's not even  
you know you're providing a platform one  of your users may have posted something  
right that wasn't agreed with the community again  so here's this whole freedom of speech thing but  
yeah absolutely if you had if parlor had their own  hardware rented in a data center space in a couple  
places in the united states maybe overseas i think  they would still be fine um i think the pirate bay  
ceo said it best they have no excuse it's it's  it's infantile that they can't stay in business  
pirate pay is still running and they get  hunted down every day and they've just been  
rolling servers from location to relocation right  swinging dns over and over and over again to keep  
things rolling right it's literally like having  a chop shop on a train or on a bus or a rider  
truck rolling around the cities so just you know i  mean to take you know just parlor out of it i mean  
going back to you know i've worked for several  large companies i'm sure laurel you have too  
that have their own cloud that's one thing but  i mean when you work with a major bank and they  
don't trust the cloud with their data why would  you right why wouldn't you have you can offload  
some service yeah the elastic is great but early  ability is great but the fact is you got to have  
a backup right you have to have your own steel  you got to have your own uh bare metal that you  
can control your content and you can control  certain parts of your aspect in your business  
and i think what's happened is that financial  decisions have over overtaken sound technical  
decisions and i think what's happening is they're  looking at accounting and going well it costs us x  
number of dollars to be in the cloud it costs  us two times that to have our own hardware  
we're just going to go cloud and i think  people are putting themselves in risk  
i think businesses are putting themselves  at risk by being 100 percent cloud dependent  
and not having anything on prem i think there's  a risk to being 100 office 365 i mean exchange  
servers aren't really that hard to manage  um you know your own active directory isn't  
that hard to manage and i think you know yeah for  growth for a small company uh you know that that  
that is valuable but you know as you mature and  grow as a company you should be having your own  
infrastructure your own backbone um and you know  going back to parlor yeah i don't get it i mean  
forgive me for being a cynic here and being the  old guy in the room but the guys you know the ceo  
is an under 30 you know tech integrator or tech  guy who you know probably never grew up without  
a cloud right and didn't do things the way we did  back in the early 2000s where we had massive data  
centers a massive co-location and we had massive  teams that manage the servers and you know would  
never have thought of offloading you know to  somebody else so i mean the there is no excuse  
in pirate bay the ceo of pirate bay is right i  mean there is no excuse um so what you're saying  
is money's defied logically really right yeah back  i mean back then you had copies of all your punch  
cards right i mean hold on hold on he's up there  uh he's up there chip oh we're not that old okay
look at your posture your whipper snapper well  yeah and that that's the thing it but since since  
when has redundancy the requirement for redundant  systems gone by the wayside and that's the thing  
is that yeah you may you may have amazon azure  all these platforms are great but uh still have  
redundancy right because you just you don't have  control over those third parties and even though  
they're massive conglomerates they're still third  parties right and so i think it's the old saying  
two is one one is none right if you have one  of something when it goes down you have nothing  
and so the the focus on on redundant systems  backups all that i think has has been  
maybe maybe as a society we've been a little too  trustworthy um just because they're they're big  
names and everybody else does it that way you just  said you just said one is zero you're gonna make a  
bunch of mathematicians mad now well let me you  know go back to i mean i remember the days of  
taking the backups to iron mountain the tapes to  iron mountain every week oh i got one better than  
that i remember when the shredded truck pulled up  and i had to stand there and chunk my stuff into  
the massive shredder like metal teeth and then i  had to watch it be destroyed i had to sign a paper  
well yeah but my point on that is a tape in iron  iron mountain or whatever the camera iron vault  
or whatever the name of the company was isn't  going to get corrupted right i mean it may be  
corrupted over time but your backups aren't being  hacked right i mean how many times have we seen  
well we got online backup and all that  by the way that's been corrupted because  
that's what the hackers went after first  right so you can't have you don't have a  
restore point you don't have a restore point  because your store points been destroyed  
your tapes in a mountain somewhere  underground you restore everything from tape  
it's it's you know it's done you've eliminated  part of the ransomware thing and i think you know  
by i've said this many times i says people do you  do business on their phone it's like everything  
that makes it easier for you to use makes it  easier for us to break into oh totally well  
you remember that uh that no name the firm that  lost all that bitcoin right from the phone right  
right well so i worked for one of the large  power companies at one point right and they  
still had a big data center underground with the  big silos running tapes you know the robotic arms  
they had like six or seven of those silos  i mean they weren't betting anything but  
long-term data storage right and again i think  every security practitioner out there probably  
feels like we do they're like we've we've seen a  problem with this cloud situation the whole time  
um but again that that money savings over reason  is is the reason the reason we're here in the  
first place it's like pay a little more and  then have the the ability to always control  
your your your hardware and the data that's on  it always right you can oh you just go in there  
put your hands on it and you're not gonna go to a  google data center you're not getting into amazon  
i'm not going to see the whatever you know bread  box they've got running your stuff on you're never  
going to see that right well well i'm pretty upset  they did away with the zip drive you know those  
were great backup devices but your reality has  been cloud cloud is is is has created a lot of  
benefits for a lot of organizations but again  back to redundancy redundant systems people are  
i think are becoming a little too trustworthy and  uh very much favoring convenience and cost over  
the uh long-term uh benefits  and long-term security so  
we could certainly rant about the these  topics i think all day long but we're we are  
a bit over time here so thank you everyone for  listening share your comments be sure to uh rate  
the show on your favorite podcast platform and  let us know if there are any topics you want us to  
rant about and we will schedule it for future  episodes thanks a lot and have a great day