Lock and Code
The Internet is not safe enough for women, and Sue Krautbauer has some ideas about why

The Internet is not safe enough for women, and Sue Krautbauer has some ideas about why

November 21, 2021

Cyberstalking. Harassment. Stalkerware. Nonconsensual pornography, real and digitally altered. The Internet can be a particularly ugly place for women.

On Lock and Code this week, we ask why. Join a conversation with with Digitunity's Sue Krautbauer about what has gone wrong with the Internet, and what we can do to fix it. 

Why we fail at getting the cybersecurity basics right, with Jess Dodson

Why we fail at getting the cybersecurity basics right, with Jess Dodson

November 8, 2021

The cybersecurity basics should be just that—basic. Easy to do, agreed-upon, and adopted at a near 100 percent rate by companies and organizations everywhere, right?

You'd hope. But the reality is that basic cybersecurity blunders have led to easy-to-discover vulnerabilities in companies including John Deere, Clubhouse, and Kaseya VSA (which we've all talked about on this show), and at least for Kaseya VSA, those vulnerabilities led to one of the worst ransomware attacks in recent history.

Today, on the Lock and Code podcast with host David Ruiz, we speak with security professional and recovering Windows systems administrator Jess Dodson about why we seem to keep getting the cybersecurity basics so wrong, and why getting up to speed—which can take a company more than a year—is so necessary.

Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabela Bagueros

Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabela Bagueros

October 25, 2021

What does online privacy mean to you?

Maybe it's securing your online messages away from prying eyes. Maybe it's keeping your browsing behavior hidden from advertisers. Or maybe it's, like for many people today, using a VPN to hide your activity from your Internet Service Provider.

But because online privacy can mean so many things, that also means it includes so much more than just using a VPN.

Today, we speak to The Tor Project Executive Director Isabella Bagueros about what other types of online tracking users are vulnerable to, even if they're using a VPN, how else users can stay private online without becoming overwhelmed, and why users should be careful about trusting any one, single VPN.

ExpressVPN made a choice, and so have I

ExpressVPN made a choice, and so have I

October 12, 2021

On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber hacking campaign coming from the United Arab Emirates, called Project Raven, that has reportedly impacted hundreds of journalists, activists, and human rights defenders in Yemen, Iran, Turkey, and Qatar. 

But in a bizarre twist, this tale of surveillance abroad tapered inwards into a tale of privacy at home, as one of the three men named by the DOJ is Daniel Gericke, the chief information officer at ExpressVPN.

Which, as it just so happens, is the preferred VPN vendor of our host David Ruiz, who, as it just so happens, has spent much of his career explicitly fighting against government surveillance. And he has some thoughts on the whole thing. 

Teaching cybersecurity skills to special needs children with Alana Robinson

Teaching cybersecurity skills to special needs children with Alana Robinson

September 26, 2021

Internet safety for kids is hard enough as it is, but what about Internet safety for children with special needs?

How do you teach strong password creation for children with learning disabilities? How do you teach children how to separate fact from fiction when they have a different grasp of social cues? And how do you make sure these lessons are not only remembered for years to come, but also rewarding for the children themselves?

Today on Lock and Code, we speak with Alana Robinson, a special education technology and computer science teacher for K – 8, about cybersecurity trainings for children with special needs, and about how, for some lessons, her students are better at remembering the rules of online safety than some adults.

Backups are not a simple ransomware defense, with Matt Crape

Backups are not a simple ransomware defense, with Matt Crape

September 13, 2021

A recent spate of ransomware attacks have derailed major corporations, spurring a fuel shortage on the US East Coast, shuttering grocery stores in Sweden, and sending students home from grade schools. The solution, so many cybersecurity experts say, is to implement backups.

But if backups are so useful, why aren't they visibly working? Companies with backups have found them misconfigured, or they've ended up paying a ransom anyways.

On Lock and Code this week, we speak with VMware technical account manager Matt Crape about backups, a complex defense to ransomware.

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere

August 29, 2021

No one ever wants a group of hackers to say about their company: “We had the keys to the kingdom.”

But that’s exactly what the hacker Sick Codes said on this week’s episode of Lock and Code, with host David Ruiz, when talking about his and fellow hackers’ efforts to peer into John Deere’s data operations center, where the company receives a near-endless stream of data from its Internet-connected tractors, combines, and other smart farming equipment.

Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks

Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks

August 16, 2021

When Luta Security CEO and founder Katie Moussouris analyzed the popular social "listening" app Clubhouse, she found a way to eavesdrop on conversations without notifying other users. This was, Moussouris said, a serious and basic flaw, so, using her years of expertise, she documented the vulnerability and emailed some information to the company. 

Her emails went unanswered for weeks. 

Today, on Lock and Code with host David Ruiz, we speak to Moussouris about Clubhouse, vulnerability disclosure, and the imperfect implementations of "bug bounty" programs. 

Disaster planning with Lesley Carhart, and the slim chance of a critical infrastructure “big one”

Disaster planning with Lesley Carhart, and the slim chance of a critical infrastructure “big one”

August 2, 2021

The 2021 attacks on two water treatment facilities in the US—combined with ransomware attacks on an oil and gas supplier and a meat and poultry distributor—could lead most people to believe that a critical infrastructure “big one” is coming.

But, as Lesley Carhart, principal threat hunter with Dragos, tells us, the chances of such an event are remarkably slim. In fact, critical infrastructure’s regular disaster planning often leads to practices that can detect, limit, or prevent any wide-reaching cyberattack.

“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers

“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers

July 19, 2021

On April 1, a volunteer researcher for the Dutch Institute for Vulnerability Disclosure (DIVD) began poking around into Kaseya VSA, a popular software tool used to remotely manage and monitor computers. Within minutes, he found a zero-day vulnerability that allowed remote code execution—a serious flaw. Within weeks, his team had found seven or eight more. 

In today's episode, DIVD Chair Victor Gevers describes the race to prevent one of the most devastating ransomware attacks in recent history. It's a race that Gevers and his team almost won. Almost.

 

 

Podbean App

Play this podcast on Podbean App