Created with Sketch.
Linux Security Podcast
15 minutes | Jul 6, 2018
What are Red Teams and Why They Exist - Linux Security Podcast Ep 13
Red Teams have become a common tool for testing enterprise security. They attempt to penetrate security defenses as if they were hackers with nefarious intent. Atomicorp's Mike Shinn comments that bad security is almost always the result of limited imagination. Red teams are motivated to be creative and determine the best way to circumvent security measures in place, sometimes by any means possible. Mike has been red teaming since the 1990's, before there was a term for the practice. He breaks down how red teams operate, their objectives, the difference between physical and digital vulnerabilities and how constraints can limit their value. He also shares some stories about past red teaming experience. Enjoy!
14 minutes | Jun 28, 2018
Why Hackers Hack. It's Not Why You Think - Linux Security Podcast Ep 12
Why do hackers hack into your networks and devices? Many people think it's for credit card data, other PII or to steal intellectual property. This is sometimes true, but there are many other reasons as well. What you value about your enterprise assets is often different from what hackers value. More and more we are seeing hackers break into networks so they can leverage the computing resources to do work for them like mining cryptocurrency. Vandalism yielded to economic theft and fraud and now we have people stealing capacity. Atomicorp CEO Mike Shinn briefly walks through the history of hacking and how cyber defense today should begin with an understanding of attacker incentives.
14 minutes | Jun 24, 2018
What is Virtual Patching and How Can it Enhance Security - Linux Security Podcast Ep 11
Virtual patching is a way of implementing a security policy to eliminate or mitigate a security vulnerability. It is not actually patching, thus the name virtual. It is a way to do something very quick and external to the application and it is not used nearly enough in cybersecurity defense. Why not just use a patch? Sometimes there is no patch available. Other times speed is of the essence and patching will not be complete for some time. And, patches sometimes introduce risk that something will break. Virtual patches avoid this risk altogether. Atomicorp CEO Mike Shinn developed some of the earliest examples of virtual patches and breaks down what they are, when they are used and why they are gaining in popularity.
11 minutes | Jun 14, 2018
SQL Injection Attacks, How They Work and the Problem with Defending Against Them - Linux Security Podcast Ep 10
SQL Injection Attacks are a method for taking advantage of flaws in the way an application is written. In particular, they exploit vulnerabilities that offer direct access to databases. Mike Shinn, CEO of Atomicorp, has employed SQL injections in Red Team exercises and built countermeasures that defend against them. In this week's episode Shinn talks about SQL Injections, the typical vulnerability of databases, the high frequency of the risk and common methods for defending against the attacks.
12 minutes | Jun 7, 2018
CVEs Explained. What They Are and How They're Used - Linux Security Podcast Ep 9
The Common Vulnerabilities and Exposures (CVE) system is a critical tool for the cybersecurity industry. CVEs provide consistency in naming and clarity on the nature and impact of various vulnerabilities. In this week's Linux Security Podcast, Atomicorp CEO Mike Shinn discusses the origin and management of the CVE process, how it's used by cybersecurity professionals and why it's so important. He also discusses how vulnerability management systems are perpetually hobbled by the limitations of the CVE system.
13 minutes | May 31, 2018
Efail Vulnerability and its Impact on Encrypted Email - Linux Security Podcast Ep 8
The Efail vulnerability has been in the news lately and has many people rushing to remove encryption from their email clients. The vulnerability does impact S/MIME and PGP users, but only a subset of them. That means a lot of people are removing encryption from their email unnecessarily and putting themselves at risk. Atomicorp CEO and long-time Red Team professional Mike Shinn discusses what Efail is, how the exploit works and why the notification process was handled poorly. If you ever need to use encrypted email, you should definitely listen to this episode.
22 minutes | May 23, 2018
What is OSSEC and Why People Use It - Linux Security Podcast Ep 7
OSSEC was founded in 2004 and received its most recent update to 3.0 in April 2018. It is an open source project for cybersecurity and delivers the most robust endpoint detection and response capabilities available to enterprises today. OSSEC PM Scott Shinn discusses the history of of the project, the core features and how it differs from commercial security software currently in use. Scott is CTO of Atomicorp, a former contract CISO for the U.S. Department of the Interior and co-author of Troubleshooting Linux Firewalls.
24 minutes | May 17, 2018
What the Equifax Hack Tells Us About Cybersecurity Today - Linux Security Podcast Ep. 6
Equifax was the victim of one of the highest profile hacks in history. More than 147 million people's financial data was exposed. Surprisingly, the Equifax CEO blamed the entire incident on a single engineer failing to patch a known vulnerability in Apache Struts. Anyone versed in security knows this scapegoating is ridiculous. The Struts vulnerability might have been the point of entry, but the failure was an over-reliance on patching as a security strategy. Atomicorp's Mike Shinn breaks down the Equifax hack, how it happened and what it says about how security cultures based on patching will face similar fates.
11 minutes | May 10, 2018
What is a WAF and How Are They Different from Traditional Firewalls - Linux Security Podcast Ep. 5
Web application firewalls (WAF) are a specialized form of firewall designed to protect applications from internet-based attacks. Firewalls must be lightweight to ensure people can quickly get onto the internet and data can be returned, but WAFs are much more sophisticated. They need to interact with data coming from the web server and the user and analyze it in ways that a traditional firewall cannot. It is an application itself. Atomicorp CEO and long-time Modsecurity contributor Mike Shinn talks about these differences, good and bad WAF attributes, software-based WAFs, the role of rules in making a WAF effective and the origin of the open source WAF Modsecurity.
13 minutes | May 4, 2018
OSSEC, SIEM and Logging - Linux Security Podcast Ep. 4
Logging is important for at least two reasons. Engineers need to know what is going on so they can figure out if something bad is happening and fix it. Bigger companies also have the need to capture logs to comply with a variety of regulations and business compliance requirements. SIEM has become popular for log aggregation and visualization but there are other open source tools such as OSSEC that provide similar functionality. Atomicorp CEO Mike Shinn walks through his experience with logging, SIEM and OSSEC approaches and breaks down what is important and how the space has evolved over the past 20 years, including the introduction of automation.
21 minutes | Apr 25, 2018
Meltdown and Spectre Vulnerabilities, the issue and countermeasures - Linux Security Podcast Ep. 3
The Meltdown and Spectre vulnerabilities took the security industry and the chip market by surprise. Many people are characterizing these vulnerabilities as flaws in microprocessor design, but the choice was intentional to increase data processing speed. It just wasn't contemplated as an attack vector. Essentially all mobile devices are at risk and no security tools would even detect an attack was underway. Mike Shinn breaks down the vulnerabilities, how Meltdown and Spectre differ and what risks they pose to unpatched systems.
15 minutes | Apr 25, 2018
File Integrity Monitoring history, features, limitations and recent advances - Linux Security Podcast Ep. 2
File Integrity Monitoring is designed to notify you when files have changed on a system. It was one of the very first security detection capabilities in existence and is almost as old as passwords. FIM has also been incorporated into many regulatory and security protocols. Mike Shinn breaks down the core elements of FIM, how it evolved, where it falls short today, and how open source solutions like OSSEC provide new features that are a big step up from Tripwire and other legacy tools.
9 minutes | Apr 25, 2018
What is a Brute Force Attack? Linux Security Podcast Ep. 1
A Brute Force Attack is one of the oldest cyber attacks. It was even featured in the 1980's thriller, War Games. In this episode, Mike Shinn walks through how a Brute Force Attack works, reviews some different flavors of attacks and how to defend against them.
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2022