Podcasts about 2fa

  • 448PODCASTS
  • 819EPISODES
  • 49mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Sep 25, 2022LATEST

POPULARITY

20152016201720182019202020212022

Categories



Best podcasts about 2fa

Show all podcasts related to 2fa

Latest podcast episodes about 2fa

Daily Tech News Show
Myth Factor Authentication - DTNS 4361

Daily Tech News Show

Play Episode Listen Later Sep 23, 2022 30:47 Very Popular


Two-Factor Authentication is a step above a simple password for account protection but it isn't perfect. We dispel some common myths people hold about 2FA. France tries to curb the influence of Amazon on small booksellers in the country by forcing mandatory delivery fees. And is podcasting out of ideas?Starring Tom Merritt, Shannon Morse, Len Peralta, Roger Chang, Joe.Link to the Show Notes. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.

Daily Tech News Show (Video)
Myth Factor Authentication – DTNS 4361

Daily Tech News Show (Video)

Play Episode Listen Later Sep 23, 2022


Two-Factor Authentication is a step above a simple password for account protection but it isn't perfect. We dispel some common myths people hold about 2FA. France tries to curb the influence of Amazon on small booksellers in the country by forcing mandatory delivery fees. And is podcasting out of ideas? Starring Tom Merritt, Shannon Morse, Len Peralta, Roger Chang, Joe, Amos MP3 Download Using a Screen Reader? Click here Multiple versions (ogg, video etc.) from Archive.org Follow us on Twitter Instgram YouTube and Twitch Please SUBSCRIBE HERE. Subscribe through Apple Podcasts. A special thanks to all our supporters–without you, none of this would be possible. If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you! Become a Patron! Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme! Big thanks to Mustafa A. from thepolarcat.com for the logo! Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit Send to email to feedback@dailytechnewsshow.com Show Notes To read the show notes in a separate page click here!

The iDeveloper Podcast
343 - Scotty Checks Out Gluttonous Johns Backend

The iDeveloper Podcast

Play Episode Listen Later Sep 22, 2022 32:31


This week the boys show the possibilities of Capionista. Is 1TB of storage on a phone reasonable? The iPhones new Dynamic Island. John talks his work on a cross functional project including 2FA, SMS and phone keyboards. Scotty expands on last weeks discussion of working on the backend of MoneyWell Sync, the decision to move to hosted solutions, and how the perils of his past App Review horrors turned out. Parse Parse Hosting Barky The Failure Dog, Courtesy of Captionista

The Accountability Minute:Business Acceleration|Productivity
Cybersecurity Tip #1 to Protect Your Valuable Business

The Accountability Minute:Business Acceleration|Productivity

Play Episode Listen Later Sep 20, 2022 2:11


Today we are talking about Cybersecurity Tip #1 to protect your business, which is to Use Secure Passwords and Multi-factor Authentication. Not only should you have a strong password to sign into the various platforms and software that your business uses, it's also good practice to change those passwords regularly and use multi-factor authentication. Longer passwords are better—at least 8 characters, with a mix of uppercase and lowercase letters, numbers, and symbols. Passwords can be hacked with automated software that tries every possible combination, so the longer your password is, the more combinations it has to try. Multi-factor authentication is when you need a password and an additional step. It's also called two-step verification. This reduces the likelihood of a successful attack because additional information is needed to login. Typically, this is a code sent to the user's cell phone, or a code generated by a two-factor authentication (2FA) app such as Authy. You can use a password manager to help you manage the various passwords for your accounts, so you're not reusing the same one, or having to try and remember all the passwords you have for all your accounts. If one account gets hacked, then any other account using the same password can also more easily get hacked. And whatever you do, avoid using the word “password” as your password at all costs. There are many password manger options. Some are: • Dashlane • LastPass • LogMeOnce • Keeper • NordPass • Bitwarden • RememBear • 1Password • PasswordBoss • Enpass • RoboForm • ZohoVault • TrueKey Tune in tomorrow for Cybersecurity Tip #2 to protect your business. Subscribe to my high-value proven business success tips and resources Blog (https://www.accountabilitycoach.com/blog/) If you get value from these Accountability Minutes, please take a minute to leave me a short rating and review. I would really appreciate it and always love to hear from you. Take advantage of all the complimentary business tips and tools by joining the Free Silver Membership on https://www.accountabilitycoach.com/coaching-store/inner-circle-store/. Want more from The Accountability Coach™, subscribe to more high-value content by looking for me on https://www.accountabilitycoach.com/my-podcast/ and on most podcast platforms and in most English-speaking countries, or by going to https://itunes.apple.com/podcast/accountabilitycoach.com/id290547573. Subscribe to my YouTube channel with short business success principles (https://www.youtube.com/annebachrach) Connect with me on Linked-In (https://www.linkedin.com/in/annebachrach) Connect with me on Pinterest (https://pinterest.com/resultsrule/) Connect with me on Instagram (https://www.instagram.com/annebachrach/) Connect with me on Facebook (https://www.facebook.com/TheAccountabilityCoach) Go to https://www.accountabilitycoach.com to check out for yourself how I, as your Accountability Coach™, can help you get and stay focused on you highest payoff activities that put you in the highest probability position to achieve your professional and personal goals, so you can enjoy the kind of business and life you truly want and deserve. As an experienced accountability coach and author of 5 books, I help business professionals make more money, work less, and enjoy even better work life balance. Check out my proven business accelerator resources by going to https://www.accountabilitycoach.com/coaching-store/. Aim for what you want each and every day! Anne Bachrach The Accountability Coach™ Business professionals and Advisors who utilize Anne Bachrach's proven business-success systems make more money, work less, and enjoy better work life balance. Author of Excuses Don't Count; Results Rule, Live Life with No Regrets, No Excuses, the Work Life Balance Emergency Kit and more. Get your audio copies today.

Cyber and Technology with Mike
20 September 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Sep 20, 2022 10:09


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Hacker selling GTA5 data, extorting company for GTA6 data 2.        American Airlines reveals July data breach impacting customers  3.        Emotet now being leveraged by multiple new ransomware operators 4.        Russian State hackers continue Ukraine focus, pose as T-com providers I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Cyber and Technology with Mike
19 September 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Sep 19, 2022 11:12


In today's podcast we cover four crucial cyber and technology topics, including: 1.Uber Breached after employee provides MFA 2.Researchers find flaw impacting Netgear routers 3.TeamTNT botnet now impacting misconfigured Kubernetes 4.Hacking duo from Vietnam claim IHG attack I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Our Hometown News
Security Features

Our Hometown News

Play Episode Listen Later Sep 18, 2022 2:23


At Our-Hometown, the security of our customers' websites and data is one of our top priorities. Our engineering team has provided an detailed overview of the multiple layers of security within the Our-Hometown platform. Click on the question to expand the response. The following are more tips and features designed to keep your website secure. Website Security Refresher Use Two-Factor AuthenticationUse Strong PasswordsDon't Share Accounts/LoginsAdjust Former Employee AccountsManage Screen Share/Remote Access SoftwareKeep your Anti-Virus and Firewall protection up to date Two-Factor Authentication Two-Factor Authentication, or 2FA, still requires your staff to login with their normal username and password, but upon...Article LinkLet us know your thoughts about this episode by reaching out on Social Media!Facebook: https://www.facebook.com/ourhometownincInstagram: https://www.instagram.com/ourhometownwebpublishing/Twitter: https://twitter.com/ourhometownincLinkedIn: https://www.linkedin.com/company/our-hometown-com/..........Our Hometown Web Publishing is The Last Newspaper CMS & Website You'll Ever Need.  We help you generate revenue, engage with readers, and increase efficiency with Our Hometown's Digital & PrePress CMS features to fit your needs & budget.OHT's Web Publishing Platform is:-Powered with WordPress-Hosted on Amazon Web Services-Integrated with Adobe InDesign & Google Drivehttps://our-hometown.comSubscribe to our YouTube channel: https://www.youtube.com/channel/UCKw6KpKUiQkWldrX2-J1Kag?view_as=subscriberOur-Hometown can be reached via email for comments or questions at: ops@Our-Hometown.com

The Bad Crypto Podcast
The Best of The Bad Crypto Podcast: Travis Gets Hacked - Episode #041

The Bad Crypto Podcast

Play Episode Listen Later Sep 15, 2022 44:13


We're sharing our best shows from the last five years as Joel and Travis take a break from broadcasting new content for the crypto curious and the crypto serious. In 2017, Travis experienced a cell phone SIM hack perpetrated by security vulnerabilities at his wireless carrier, social engineering, and use of technology know-how to execute the nefarious hack.  Your cell phone number is more public and connected to more private, personal information than your social security number. To protect yourself from potential attacks, be sure to enable two-factor authentication on all of your email, banking, and social media accounts and store your cryptocurrency moonbags on cold storage wallets. In Episode #633, we had guest Haseeb Awan of Efani share their unswappable SIM technology and encourage listeners to revisit that episode. We have a SPECIAL OFFER of one month of Efani phone service FREE to Bad Crypto Podcast listeners.  http://badco.in/633FULL SHOW NOTES: http://badco.in/041 TIME STAMPS: 00:00 - Intro - Warning, explicit content as Travis expresses his feelings about getting hacked.  02:40 - Bad Crypto voicemails - we answer listeners' questions, but Do Your Own Research and Not Financial Advice 08:20 - Top News Stories, dated October 25, 2017 16:16 There are some ICOs that are not really that awesome. If they look like a shitcoin, and they smell like one, don't invest in it. Blockchain is going to be a major industry disrupter.  17:43 - James Altuchair, author of Cryptocurrency 101, says he thinks cryptocurrencies are the biggest innovation since the Internet. We are on the ground floor of an enormous trend that is going to change the world.  19:38 - Travis hypothesizes on the tokenization of natural resources.  23:22 - Feature story: Travis gets hacked 23:30 - Travis noticed his iPhone didn't have cell phone service, only WiFi. Alerts for an Apple ID passcode were popping up, followed by a text message from a T-Mobile representative.  24:45 - Skype call to T-Mobile for assistance. The hacker circumvented Travis' passcode and his PIN. Convinced the representative via social engineering to SIM swap Travis' account.  26:20 What's the resolution to this situation?  31:40 - Remove your cryptocurrency from exchanges to cold storage.  34:16 - Some vengeance was had; Travis found the hacker via the “Find My iPhone” device location connectivity on the hacker's phone. 35:49 - I was the Global Digital Strategist for Semantic for the Norton Brand. I know how to operate safely online and I did all the right things. The weakest link in my security aside from not having 2FA on my Apple ID and Gmail accounts, was the account representative at T-Mobile susceptible to human engineering.  37:12 - I would love to hear their CEO at T-Mobile to speak on this security issue. But here's the lesson, lock down your stuff, use two-factor authentication at all times. 37:46 - Would it be safe to say the FBI would be interested in looking at what this person did? I believe there's at least one felony count in what this person did.  38:17 - What if this person emails you and owns up to it, and has some sort of promise to never do this again? It would be nice to see somebody set straight before they were arrested.  38:36 - Go ahead and email us at badcryptopodcast@gmailcom; maybe if you show some remorse, all this evidence I have against you won't be shared to the authorities. All this bad karma comes back around to you, dude.  39:20 - If some of these people would just use their skills to do good in the world, imagine how much better off we would be.  40:00 - Lock down your social media accounts to a reasonable amount of security and data sharing with these companies. Turn on your 2FA for Twitter, Facebook, Instagram.  40:22 - If you're in crypto and you're not securing things with 2FA, you're in for some heartache. If it can happen to me, it can happen to anyone. One of the best solutions is to maybe actually get a burner phone and a pre-paid SIM card and you don't give that number to anyone and you use it solely for 2FA on that device. 41:50 - Outro SUBSCRIBE, RATE, & REVIEW: Apple Podcast: http://badco.in/itunesGoogle Podcasts: http://badco.in/googleSpotify: http://badco.in/spotify FOLLOW US ON SOCIAL MEDIA: Twitter: @badcryptopod - @joelcomm - @teedubyaFacebook: /BadCrypto - /JoelComm - /teedubyawFacebook Mastermind Group: /BadCryptoLinkedIn: /in/joelcomm - /in/teedubyaInstagram: @BadCryptoPodcastEmail: badcryptopodcast[at]gmail[dot]comPhone: SEVEN-OH-8-88FIVE- 90THIRTY   DISCLAIMER:Do your own due diligence and research. Joel Comm and Travis Wright are NOT FINANCIAL ADVISORS. We are sharing our journey with you as we learn more about this crazy little thing called cryptocurrency. We make NO RECOMMENDATIONS. Don't take anything we say as gospel. Do not come to our homes with pitchforks because you lost money by listening to us. We only share with you what we are learning and what we are investing it. We will never "pump or dump" any cryptocurrencies. Take what we say with a grain of salt. You must research this stuff on your own! Just know that we will always strive for RADICAL TRANSPARENCY with any show associations.Support the show: https://badcryptopodcast.comSee omnystudio.com/listener for privacy information.

Heartland Newsfeed Podcast Network
The Best of The Bad Crypto Podcast: Travis Gets Hacked - Episode #041

Heartland Newsfeed Podcast Network

Play Episode Listen Later Sep 15, 2022 44:13


We're sharing our best shows from the last five years as Joel and Travis take a break from broadcasting new content for the crypto curious and the crypto serious. In 2017, Travis experienced a cell phone SIM hack perpetrated by security vulnerabilities at his wireless carrier, social engineering, and use of technology know-how to execute the nefarious hack. Your cell phone number is more public and connected to more private, personal information than your social security number. To protect yourself from potential attacks, be sure to enable two-factor authentication on all of your email, banking, and social media accounts and store your cryptocurrency moonbags on cold storage wallets. In Episode #633, we had guest Haseeb Awan of Efani share their unswappable SIM technology and encourage listeners to revisit that episode. We have a SPECIAL OFFER of one month of Efani phone service FREE to Bad Crypto Podcast listeners.  http://badco.in/633FULL SHOW NOTES: http://badco.in/041TIME STAMPS:00:00 - Intro - Warning, explicit content as Travis expresses his feelings about getting hacked. 02:40 - Bad Crypto voicemails - we answer listeners' questions, but Do Your Own Research and Not Financial Advice08:20 - Top News Stories, dated October 25, 201716:16 There are some ICOs that are not really that awesome. If they look like a shitcoin, and they smell like one, don't invest in it. Blockchain is going to be a major industry disrupter. 17:43 - James Altuchair, author of Cryptocurrency 101, says he thinks cryptocurrencies are the biggest innovation since the Internet. We are on the ground floor of an enormous trend that is going to change the world. 19:38 - Travis hypothesizes on the tokenization of natural resources. 23:22 - Feature story: Travis gets hacked23:30 - Travis noticed his iPhone didn't have cell phone service, only WiFi. Alerts for an Apple ID passcode were popping up, followed by a text message from a T-Mobile representative. 24:45 - Skype call to T-Mobile for assistance. The hacker circumvented Travis' passcode and his PIN. Convinced the representative via social engineering to SIM swap Travis' account. 26:20 What's the resolution to this situation? 31:40 - Remove your cryptocurrency from exchanges to cold storage. 34:16 - Some vengeance was had; Travis found the hacker via the “Find My iPhone” device location connectivity on the hacker's phone.35:49 - I was the Global Digital Strategist for Semantic for the Norton Brand. I know how to operate safely online and I did all the right things. The weakest link in my security aside from not having 2FA on my Apple ID and Gmail accounts, was the account representative at T-Mobile susceptible to human engineering. 37:12 - I would love to hear their CEO at T-Mobile to speak on this security issue. But here's the lesson, lock down your stuff, use two-factor authentication at all times.37:46 - Would it be safe to say the FBI would be interested in looking at what this person did? I believe there's at least one felony count in what this person did. 38:17 - What if this person emails you and owns up to it, and has some sort of promise to never do this again? It would be nice to see somebody set straight before they were arrested. 38:36 - Go ahead and email us at badcryptopodcast@gmailcom; maybe if you show some remorse, all this evidence I have against you won't be shared to the authorities. All this bad karma comes back around to you, dude. 39:20 - If some of these people would just use their skills to do good in the world, imagine how much better off we would be. 40:00 - Lock down your social media accounts to a reasonable amount of security and data sharing with these companies. Turn on your 2FA for Twitter, Facebook, Instagram. 40:22 - If you're in crypto and you're not securing things with 2FA, you're in for some heartache. If it can happen to me, it can happen to anyone. One of the best solutions is to maybe actually get a burner phone and a pre-paid SIM card and you don't give that number to anyone and you use it solely for 2FA on that device.41:50 - OutroSUBSCRIBE, RATE, & REVIEW:Apple Podcast: http://badco.in/itunesGoogle Podcasts: http://badco.in/googleSpotify: http://badco.in/spotifyFOLLOW US ON SOCIAL MEDIA:Twitter: @badcryptopod - @joelcomm - @teedubyaFacebook: /BadCrypto - /JoelComm - /teedubyawFacebook Mastermind Group: /BadCryptoLinkedIn: /in/joelcomm - /in/teedubyaInstagram: @BadCryptoPodcastEmail: badcryptopodcast[at]gmail[dot]comPhone: SEVEN-OH-8-88FIVE- 90THIRTY DISCLAIMER:Do your own due diligence and research. Joel Comm and Travis Wright are NOT FINANCIAL ADVISORS. We are sharing our journey with you as we learn more about this crazy little thing called cryptocurrency. We make NO RECOMMENDATIONS. Don't take anything we say as gospel. Do not come to our homes with pitchforks because you lost money by listening to us.We only share with you what we are learning and what we are investing it. We will never "pump or dump" any cryptocurrencies. Take what we say with a grain of salt. You must research this stuff on your own! Just know that we will always strive for RADICAL TRANSPARENCY with any show associations.Support the show: https://badcryptopodcast.comSee omnystudio.com/listener for privacy information.

Cyber and Technology with Mike
15 September 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Sep 15, 2022 7:19


In today's podcast we cover four crucial cyber and technology topics, including: 1.Criminals trick users with fake Queen phish 2.Criminals mimic Sniffies dating app to push malware 3.Researchers find new Linux tool used by Chinese-linked actors 4.Ransomware crew Lorenz exploiting flaw in MiVoice setups I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The Cyberlaw Podcast
The Cyberlaw Podcast: All the Cyberlaw You Missed in August

The Cyberlaw Podcast

Play Episode Listen Later Sep 7, 2022 73:33


This is our return-from-hiatus episode. Jordan Schneider kicks things off by recapping passage of a major U.S. semiconductor-building subsidy bill, while new contributor Brian Fleming talks with Nick Weaver about new regulatory investment restrictions and new export controls on (artificial Intelligence (AI) chips going to China. Jordan also covers a big corruption scandal arising from China's big chip-building subsidy program, leading me to wonder when we'll have our version. Brian and Nick cover the month's biggest cryptocurrency policy story, the imposition of OFAC sanctions on Tornado Cash. They agree that, while the outer limits of sanctions aren't entirely clear, they are likely to show that sometimes the U.S. Code actually does trump the digital version. Nick points listeners to his bracing essay, OFAC Around and Find Out. Paul Rosenzweig reprises his role as the voice of reason in the debate over location tracking and Dobbs. (Literally. Paul and I did an hour-long panel on the topic last week. It's available here.) I reprise my role as Chief Privacy Skeptic, calling the Dobb/location fuss an overrated tempest in a teapot. Brian takes on one aspect of the Mudge whistleblower complaint about Twitter security: Twitter's poor record at keeping foreign spies from infiltrating its workforce and getting unaudited access to its customer records. In a coincidence, he notes, a former Twitter employee was just convicted of “spying lite”, proves it's as good at national security as it is at content moderation. Meanwhile, returning to U.S.-China economic relations, Jordan notes the survival of high-level government concerns about TikTok. I note that, since these concerns first surfaced in the Trump era, TikTok's lobbying efforts have only grown more sophisticated. Speaking of which, Klon Kitchen has done a good job of highlighting DJI's increasingly sophisticated lobbying in Washington D.C. The Cloudflare decision to deplatform Kiwi Farms kicks off a donnybrook, with Paul and Nick on one side and me on the other. It's a classic Cyberlaw Podcast debate.  In quick hits and updates: Nick and I cover the sad story of the Dad who photographed his baby's private parts at a doctor's request and, thanks to Google's lack of human appellate review, lost his email, his phone number, and all of the accounts that used the phone for 2FA.  Paul brings us up to speed on the U.S.-EU data fight: and teases tomorrow's webinar on the topic. Nick explains the big changes likely to come to the pornography world because of a lawsuit against Visa. And why Twitter narrowly averted its own child sex scandal.  I note that Google's bias against GOP fundraising emails has led to an unlikely result: less spam filtering for all such emails.  And, after waiting too long, Brian Krebs retracts the post about a Ubiquity “breach” that led the company to sue him.

The ALPS In Brief Podcast
ALPS In Brief — Episode 65: Cybersecurity Services for Solo and Small Law Firms

The ALPS In Brief Podcast

Play Episode Listen Later Sep 6, 2022 26:03


In this episode of ALPS In Brief, Mark and the founders of Sensei Enterprises discuss cybersecurity options and support for solo and small law firms. Somebody's got to take care of you and that's just what they do. Transcript: MARK BASSINGTHWAIGHTE: Hello, I am Mark Bassingthwaighte, the risk manager here at ALPS, and welcome to ALPS In Brief, the podcast that comes to you from the historic Florence Building in beautiful downtown Missoula, Montana. I am back from a trip into the home office in Missoula, and back in the satellite office here in Florida, and have with me two folks that I've just had the joy and pleasure of getting to know over the years, and the privilege to work with a few times over the years at various ABA events, and it's just been a lot of fun. MARK: Please help me in welcoming Sharon Nelson and John Simek. Sharon and John are President and Vice President of Sensei Enterprises, which is really the heart of the topic we're going to talk about today. Before we jump into some of the questions and things I'd like us to visit about Sharon and John, may I have each of you take a couple of minutes and share whatever you'd like to share about yourselves? What would help our listeners get to know you a bit better? SHARON NELSON: I'll start, and then I'll turn it over to John. What we do at Sensei Enterprise is managed information technology, managed cybersecurity services, and digital forensics. We have three branches, and that means we're running a fire station without a Dalmatian here, so there's always emergencies. It gets very difficult to keep all the balls in the air. We are also married with six children and 10 grandchildren. We're together all day and all night too. MARK: I love it. JOHN SIMEK: You didn't tell [inaudible 00:01:53], you're a lawyer though. SHARON: Oh well. JOHN: Do they care? SHARON: Maybe. John is the veteran technologist and I am the lawyer, and that's why we decided to work together when we started the company some 25 years ago, more than that now, just a little bit. John was the talent and I was the lawyer/marketer who could sell ice cubes to Eskimos, so that worked out really well for us both. JOHN: I'm not a lawyer, as you can probably tell. I'm an engineer by degree, and been involved in technology informally even before the internet. I remember that presidential candidate that was trying to create [inaudible 00:02:40]. Whatever, but back in the days of the modems and all that stuff. But I have a lot of technical certifications, formal training as well. I guess a lot of people think that I should be wearing a pocket protector and have a propeller head. But yeah, as Sharon said, I do the technology stuff, testifying expert as well, because of the forensics and all that. I just got done with a deposition a couple weeks ago that was really entertaining, at least to me, but not for the other attorney. SHARON: That's how it's always supposed to turn out. I forgot to say Mark, that I was the President of the Virginia State Bar a few years ago. That was [inaudible 00:03:25]. JOHN: That's how we ended up in Montana one year. SHARON: Yeah, that's how we ended up coming to see you folks out in Montana. MARK: Indeed. That's right. That was a good time. SHARON: It was a wonderful time. JOHN: I did go fishing when we were out there. MARK: There we go. Boy, there's no place better. You want to talk about some quiet country time on the river with a fly? A lot of fun. One of the things that I've never really visited with you guys about, I'm genuinely very interested. Sharon, you've talked, years ago, you've been a lawyer for quite some time. How did you make this jump? Was that always the plan to go into this Sensei Enterprise type business, the alternative practice, a non-traditional track if you will? How did this all come about? SHARON: Life is full of accidents. As I was a young [inaudible 00:04:22]. JOHN: We're experts at that. SHARON: Oh yeah. When my first child was born, her condition required me to stay home through several surgeries and several years. She's fine, but I ended up working from home as a lawyer. And then, later on after I had been a lawyer and been seriously involved in the Bar Association, I had this very nice man who taught technology to anyone at colleges, and he was helping me computerize my law practice back in the '80s. I was pretty wired up for a solo. But then, he got relocated because of his job, and I said, "What am I going to do without you?" And he said, "Well, I've got this friend down the street, and he's really brilliant, but he's a pain in the butt." And he said, "But I'll set up a lunch, and if you can stand him, then he could do a better job even than me." SHARON: I met him for lunch, I could stand him, and so, we started out with him helping me with my law practice technology. Ultimately, he had always wanted his own company, and he just looked at me one day and said, "You know, I could be the talent of a company, and you're a lawyer, and you can sell anybody anything, so why don't we hook up and form a company?" And that's how we got started. MARK: Wow. That's awesome. I love that. I love that. Oh my. Can you tell me a little bit about the types of services? You can a little highlight or overview, but can we dig in a little bit in terms of the types of services that you offer? I'm also interested, how would you describe your typical client? I know that you do a lot of work I think with businesses that are not just... You're not limiting your services in other words to law firms. Is what you have to offer, would it be useful, beneficial to solo small firm lawyers around the country? SHARON: We actually are devoted to solo small firm lawyers, not that they are an exclusive client roster. We have a client that has over a thousand people. JOHN: Not a legal entity. SHARON: No, not a legal entity. But in any event, we do all sizes. But we have a special feeling in our hearts for the needs of the solo small, because most companies are not interested in them. They don't really want them, because they can't get much of a profit out of them. JOHN: They might have some minimum. Unless you've got 10 bodies or more, they're not interested to even talk to you. SHARON: And so, somebody has got to take care of these people, so we really specialize in finding cost-effective things that they can use to do what they need to do. That's been something that we've been celebrated for, is that we do take care of solo and smalls along with the bigger firms. It's been a mix, Mark, and I really feel strongly about that because I was a solo myself, and I know how hard it was to get competent help and to get things that you could afford. And now that cybersecurity is so important, it's really critical that the solo and small firms have people to guide them in a way that's budget-friendly, because this stuff can be really expensive. MARK: Yeah, I'm well aware. What types of services can you help? If I'm just a solo stuck here in Florida, or Montana, or Iowa, what can you do for me? JOHN: Basically, we do an assessment, an initial assessment, come in there to see what you've got going, and is it appropriate? Should we forklift some things? Are you in the Cloud even? Because today, it's so much more affordable and flexible to be in the Cloud. SHARON: And secure, more secure. JOHN: Maybe you should be considering that. We do have some clients that are remote, up in Massachusetts as well as down the coast, and we can do a lot of things remotely. Sometimes though, you do have to have boots on the ground, and some folks might have a local person if they need hands-on to something. But generally no, we can get equipment, we can figure it, we can ship it, do all that. But essentially, get you in a position where you're a heck of a lot more secure with your technology. SHARON: And you're getting good recommendations from us about what [inaudible 00:09:08]. JOHN: Stability, backup. SHARON: Practice management systems, document management. We can help them work with the companies who have appropriate pricing for solo and small. That's really our niche, is to be able to do that for those people. The solo and smalls are really neglected. JOHN: But it really is a unique thing though, because there's not a template. You can't go to the green drawer and pull out a system for a solo. SHARON: No. I mean, they all have different needs. JOHN: They've got different needs, different things that are important to them, different types of practice, their workflows are different. We really do try to, as Sharon said, customize and make sure that they do have a cost-effective solution. The other advantage I think we have is that we know a lot about the law, and a lot about what lawyers' responsibilities are, and what their- SHARON: And what's ethical. And what's ethical has changed, Mark. In today's world, you have to take reasonable measures to protect client data and confidential data. These days, we have gotten to the point where one reasonable measure is having two-factor authentication, because it's almost always free. It comes with Office 365, which so many solo smalls use. You just have to turn it on. That's where of course the problem comes. JOHN: That's got to be really hard. SHARON: It's the convenience factor, though. They want to get right in. They don't want to have to get a text on their phone, or push a button on their phone. JOHN: Type a code. SHARON: Type a code, and whatever it is. There's all kinds of two-factor authentication obviously, and you have to help them get past the I don't want the extra step to, I have to have the extra step, because ethics demands this of me, because multifactor authentication stops almost 100% of credential-based account attacks. You don't get us that much better than that. JOHN: Especially not when it's free. SHARON: Yes, especially when it's free to do. You just have to put up with one little annoying thing that you have to do. JOHN: You can trust devices too, so it's not every time. You don't have to do this 30 days, or whatever it is, whatever the period of time is. A lot of folks I don't think realize that. They think when they hear this, they go, "No, I'm not going to do this every darn time I connect." You don't have to. SHARON: You said, tell a story. Here's a story. We've been able to successfully convince most of our law firm clients that they must ethically do this. There were several who protested, and they dragged their feet, and they dragged their feet, and then one of them got hit by ransomware. That's what happens when you don't take some advice. First thing they said was, "Okay, we got hit. We were attacked. I guess you were right about that 2FA thing, so could you come back and fix that for us now?" MARK: Hard lesson learned, but boy is it a good lesson once they understand it. I'm hearing you can do lots of advising and guidance on terms of how to become secure, taking into consideration regulations we're subject to, the ethical rules, et cetera. I just had somebody call me up yesterday about, they were talking about some other things, and a side question came out. It's a solo setting up her own firm, and she's interested, are there services and people out there that can help monitor the systems to give you a heads up? Her question was, how do I know if I'm breached? Can you help them answer that, or help them deal with that risk? SHARON: You have today an ethical obligation to monitor for a breach. That's pretty much been established. Now that you know you have to monitor, that's one reason why we are a managed service provider, because we have all sorts of alarms, and alerts, and we check things like backups to make sure everything is going the way it should. JOHN: There's a lot of automation. SHARON: There's a lot of automation. The thing is, when something goes wrong, we'll get a notice, so the lawyer is protected by having the managed services and the alerts that will go to their provider. That way, they know right away, they can usually fix it right away, or if the power is out or something like that, they have to wait until power comes back obviously. But that's why you want someone watching over all of this for you, because the average lawyer has no idea what any of these alerts mean. These things go off, and they're clueless. You want that in the hands of a professional, and it's not very expensive to get it. And so, this idea of endpoint detection and response, this is another thing that we would say is reasonably required in order for you to monitor for those breaches. JOHN: It's not just monitoring, it's also- SHARON: React. JOHN: Yeah, it reacts to it. Artificial intelligence is a part of what the tool uses, in conjunction with human beings in a security operation center. If you get a ransomware attack as an example, or there's some rogue process that comes and starts and the system sees that, wait a minute, this is outside of baseline operation, and it can even automatically take the device off the wire, off the network. But they have, at least the solutions that we're implementing for our clients, it has a rollback capability. If it's got a problem, and you say, "Shoot, you know what? Let's go back to 30 minutes ago," and put your system back into a state before this happened, and we've got that ability. SHARON: It's really kind of magic to lawyers. As much as we try to explain it, and John did in fairly simple terms, they really don't get it. They just get that the magic works. MARK: Right. That's okay. They don't need to get it. If they have somebody like you behind the scenes taking care of it, they just need to make sure these kinds of things are in play or in place. May I also assume that if I have, I do stupid on my laptop, and I get hit with something that we talk about ransomware as a classic example, are you also offering services to help me address and deal with these kinds of breaches? SHARON: Absolutely. That's what you do. JOHN: I do want to point out though Mark, all the technology and things that we do do, you cannot fix a human being. MARK: Right. Oh boy. SHARON: Who clicks on a phishing email or a phishing text? JOHN: Sharon talked about a story. We had a story from... What's today? Thursday. I think it was either Friday, or it was no longer than a week ago. We've got all these things in place, the software, [inaudible 00:16:33], whatever, and yet we've got a lawyer that gets this message, and then he actually initiates a phone call- SHARON: To the bad guys. JOHN: To the bad guys, and then is carrying on this conversation, and under his own ID, he's opening up his machine to this caller, and I'm going, "I can't stop that." SHARON: They finally asked him to enter some bank information- JOHN: And he got suspicious. SHARON: Then he finally got suspicious and severed the connection. JOHN: He called us and we said, "Whoa, hold on." SHARON: But that kind of thing happens a whole lot. People do stupid stuff, and of course now everybody is on their phone a lot, and so the phishing via text has become a big deal. They call that smishing. People will fall for that. They'll get something that says, "You just made a purchase for $500, and if you didn't make this purchase, you've got to do this, or call there." JOHN: Click here or whatever. SHARON: Whatever. Don't click. Don't call. People are not thinking. MARK: I'm hearing we have full service, which I'm not surprised, but I just want to underscore all of this. John, you raised a very, very good point. I'm often writing and lecturing about some similar things. Regardless of what IT does, we still have to deal with the reality of the human factor. You can't patch that. You can't. We have to do some training here. Is that something you guys do as well? Are there any training resources available for solo small firms? SHARON: The best training resource I know of is somebody who is not in your own company, in your own law firm. It's somebody from the outside who carries a bigger bat and has a reputation. That's why we started out long ago doing cybersecurity awareness training for law firm employees, and we do it remotely, which of course people have gotten used to that now. We have a PowerPoint, and we talk through the PowerPoint. We only charge $500 for an hour. Trust me, they can't absorb more than one hour, because this stuff is complicated, and they have to pay attention. An hour is about right. You might want to do it more than once a year. You might want to do it twice a year. At $500, most law firms can afford that, even the solos and the small firms, because it's a whole firm price. We're there for an hour, and we answer questions as we go along, but we can show them the phishing emails and all the stuff. We talk about social engineering, and all the stupid stuff they do, like sharing and reusing passwords. JOHN: The latest attacks. SHARON: The latest attacks. We [inaudible 00:19:30] the latest information. Nonetheless, people forget. The stat that's most interesting to me, Mark, is that over 80% of successful attacks involve a human in some way or another. MARK: Right. Good stuff. One of the reasons I really was excited about visiting with the two of you again, is to try to find or create awareness about resources that are out there, because there are so many places where there is, if you will, nothing locally. When you talk about this preventative educational piece, just as an example, at $500 a pop, I sit here and say, as a risk guy, two or three times a year? That's chump change, and absolutely essential to do in my mind, when I compare the potential loss of time, worry, money, data, all kinds of things, if somebody just does something stupid and clicks on the wrong thing, and we get hit with ransomware, and it's all gone, locked up. JOHN: I think the other requirements you're going to have Mark too though, and what we're seeing a lot of, is that the cyberinsurance carriers are now in their renewals and in their applications, they want to know, are you getting training for your employees? SHARON: That's one of the questions, and they don't want to hear no, or they might charge you more, or they might offer you less coverage. We've seen it all. Cyberinsurance is driving the solo and small firms crazy. MARK: Here's one as a side comment following up on that, please folks, if you're filling out these applications, don't lie. If you say you're doing something, and a policy is issued based on those representations, it's just the same as malpractice insurance or anything else. If it turns out you aren't having these trainings and you don't do these other things that you say you are doing or have in place, that's going to jeopardize coverage. Just a little side note there, be very careful and honest about answering this. I don't want to keep you too much longer, and I really, really appreciate you taking some time today. Could we close maybe with some thoughts about what are the top two or three things that you think lawyers in this space need to be concerned about, focused on perhaps, and/or a tip or two to address these kinds of things? Just a quick wrap. SHARON: Are you talking about cybersecurity in particular, Mark? MARK: Yes. JOHN: I think Sharon has talked about the things that certainly are really high on my list, and that's the multifactor authentication, the EDR systems, endpoint detection response. SHARON: And an incident response plan, which only 36% of attorneys have an incident response plan, and it is so critical, because if you fail to plan, you plan to fail. That's an old chestnut of a line, but it's really true. You have got to have a plan, and you probably need somebody to consult with you a little bit, because there's no absolute template out there that fits everybody. You can start with one, but you really need to have somebody who knows what they're doing help you out with developing a plan. It's not all that hard, it's just that people don't do it. And then, if they do do it, then they leave it to molder, and of course nothing stays the same in this world, especially cybersecurity. In a year, if you haven't looked at it and done anything with it, some portion of it is probably quite obsolete. JOHN: But I think the critical foundation for that whole thing, before you even get down to saying, how am I going to respond, what does my IRP look like, is inventorying your assets and your data. If you don't know you have it, you can't protect it. MARK: That is an excellent point. Yes. That's absolutely an excellent point. I appreciate your time here. Before we wrap it up, I do want to give you a moment to share. If any of our listeners have a need and desire to reach out to you to discuss the kinds of things that you can help them out with, how can they get a hold of you guys? SHARON: Our phone number is 703-359-0700, and our website is senseient.com, or of course you could search Sensei Enterprises. We have all different kinds of folks in the office, and we'll funnel you to the right people. Very happy to do that, and always happy to have a no-cost consult if people have some questions they'd like to ask. We do a lot of that at the beginning, and then it turns out that they do in fact have a need, which is harmonious for us both. But if it doesn't work out, at least we've tried to help. And so, we would encourage that, Mark. I hope that's helpful. MARK: Yes, it is very much so. To those of you listening, I hope you found something of value out of today's podcast. My intent again today, I just am trying to find solutions. I get so many calls of, who do I turn to? This is a rough space at times, and lawyers just feel left out and unsure who to reach to. I assure you, these two and the business they have, these are good folk, and it's a great business. I would not hesitate reaching out at any time. John, Sharon, thank you very much for joining me today. John, good fishing, and hope you guys take care of those grandkids and kids. Boy, that's a busy, crazy life, but I'm sure it's exciting. That's just awesome. I'll let you get back to it, guys. Thank you for listening. Bye-bye, all. SHARON: Thank you very much. JOHN: Bye-bye. MARK: Bye-bye.

Cyber Security Matters, hosted by Dominic Vogel and Christian Redshaw
Ep. 143: Preventing Account Takeovers (w/ Diego Matute, Founder of Cyphercor, Inc.)

Cyber Security Matters, hosted by Dominic Vogel and Christian Redshaw

Play Episode Listen Later Sep 6, 2022 22:12


Founder of Cyphercor Inc., Diego Matute is today's guest on the Cyber Security Matters podcast, hosted by Dominic Vogel and Christian Redshaw. Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider. Cyphercor's flagship product, LoginTC, is a mobile app that can contain multiple tokens to securely access LoginTC-enabled websites. Cyphercor provides LoginTC capabilities for free to educational institutions and non-profit organizations. In this episode, we will cover: -What an account takeover is -What happens when an account takeover occurs   -How multi-factor authentication is a critical component of protecting your data -Where cyber insurance is headed in the future Want to connect with Diego? Here are a couple of ways that you can do exactly that: -LinkedIn: @DiegoMatute -Website: www.cyphercor.com

Cryptocurrency for Beginners: with Crypto Casey

⭐ ⛰️ NordVPN ► https://bit.ly/NordVPN-37b (70% off!) ⭐

DevSecOps Podcast Series
Going Way Beyond 2FA

DevSecOps Podcast Series

Play Episode Listen Later Aug 31, 2022 30:45


In this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and some sound advice for those writing or maintaining APIs. It's obvious that Neil has not only spent time doing solid engineering work but he's learned a few things that he's willing to share. Enjoy. Show Links: - OWASP DevSlop Episode: https://www.youtube.com/watch?v=hrAKE6LaizE&ab_channel=OWASPDevSlop - Slide Deck: https://bit.ly/35dcTm0 - Neil on Twitter: https://twitter.com/ndm

Techmeme Ride Home
Mon. 08/29 – Apple's iGlasses To Be Called Reality One?

Techmeme Ride Home

Play Episode Listen Later Aug 29, 2022 15:45 Very Popular


Really, Apple? THAT is what you're going to call your AR/VR glasses? I tell you what “that” is. A look at the passkeys Apple is bringing us soon. More deets on the Netflix ad-supported tier. WhatsApp's super-app ambitions seem to be bearing fruit in India. And is it too late for Eminem and Snoop Dogg to save the NFT market?Sponsors:Kolide.com/rideLinks:Trademark Filings Suggest Apple May Be Securing ‘Reality' Names for AR/VR Headset (Bloomberg)Apple says 95% of iCloud users already have 2FA enabled ahead of Passkeys launch (9to5Mac)Snapchat brings 'Dual Camera' recording to in-app camera (Engadget)Netflix Eyes $7-to-$9 Price for Its New Ad-Supported Plan (Bloomberg)Meta and Jio launch grocery shopping on WhatsApp in India (TechCrunch)WhatsApp's super app ambitions are starting to come true in India (The Verge)MTV VMAs: Eminem and Snoop Dogg Perform as Bored Apes in the Metaverse (CNET)Looks bare: OpenSea turns into NFT ghost-town after volume plunges 99% in 90 days (CoinTelegraph)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Software Defined Talk
Episode 374: Is there no Dev in DevOps?

Software Defined Talk

Play Episode Listen Later Aug 26, 2022 65:50


This week we discuss DevOpsDays Dallas, devs not wanting to do ops, Twitter Security issues and Apple playing the long game. Plus, some thoughts on Dr. Pepper and Burger King. Runner-up Titles Don't have the USB cable Barton, can you get me a drink? Just like a beer This is my own podcast, I can do whatever the fuck I want! One day, I'm going to stop being the the butt of all the jokes Throwing a lot of Harvard shade. If you are in France, eat at the Burger King They came for the DevOps glory The jury's still out for the Dev in DevOps The same sane things Security, always a problem What if there was just one company? Rundown Dallas DevOpsDays (https://devopsdays.org/events/2022-dallas/welcome/) Devs don't want to do ops (https://www.infoworld.com/article/3669477/devs-don-t-want-to-do-ops.html) Twitter Twitter's security alarm (https://www.axios.com/newsletters/axios-login-34223563-612c-45a2-b8f2-0ff779d0c0f9.html?chunk=0&utm_term=emshare#story0) Twitter Whistleblowing Report Actually Seems To Confirm Twitter's Legal Argument, While Pretending To Support Musk's (https://www.techdirt.com/2022/08/24/twitter-whistleblowing-report-actually-seems-to-confirm-twitters-legal-argument-while-pretending-to-support-musks/) Apple Wait, When Did Everyone Start Using Apple Pay? — The Wall Street Journal (https://apple.news/AWkbbZpimR02alYW1mAwaxw) Ad Revenues (https://www.axios.com/newsletters/axios-login-77029a01-7f39-4716-9d96-b6c8ac0041b6.html?chunk=1&utm_term=emshare#story1) The golden noose around Apple's neck (https://spectatorworld.com/topic/the-golden-noose-around-apples-neck/) 1 big thing: Americans' beliefs are privacy law's hidden roadblock (https://www.axios.com/newsletters/axios-login-77029a01-7f39-4716-9d96-b6c8ac0041b6.html?chunk=0&utm_term=emshare#story0) Relevant to your Interests Charted: Streaming surpasses cable (https://www.axios.com/newsletters/axios-login-7fd08ad2-7f56-4c27-b8c2-9298e054bc56.html?chunk=2&utm_term=emshare#story2) AIOps startup BigPanda raises Series E extension, bringing its total capital to $340M (https://techcrunch.com/2022/08/17/aiops-startup-bigpanda-raises-series-e-extension-bringing-its-total-capital-to-340m/) Sync Computing nabs $15.5M to automatically optimize cloud resources (https://techcrunch.com/2022/08/16/sync-computing-rakes-in-15-5m-to-automatically-optimize-cloud-resources/) GitPOAP is a decentralized reputation platform that represents off-chain accomplishments and contributions on chain as POAPs. (https://www.gitpoap.io/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axiosprorata&stream=top) Cybersecurity platform Aceiss unveils product after seed close (https://member.fintech.global/2022/08/18/cybersecurity-platform-aceiss-unveils-product-after-seed-close/) Excel @ mentions feature approaches GA on the desktop (https://www.theregister.com/2022/08/17/microsoft_excel_at_mentions/) Cisco pops as guidance, Q4 results top expectations amid concerns of slowdown (https://seekingalpha.com/news/3874201--cisco-pops-as-2023-guidance-q4-results-beat-forecasts-amid-concerns-of-slowdown) There's no such thing as vulnerability-free software, it simply doesn't exist… yet (https://blog.chainguard.dev/theres-no-such-thing-as-vulnerability-free-software-it-simply-doesnt-exist-yet/) Google Cloud claims it blocked the largest DDoS attack ever attempted (https://siliconangle.com/2022/08/18/google-cloud-claims-blocked-largest-ddos-attack-ever-attempted/) Excel Formula Generator - Excel Formula AI Bot (https://excelformulabot.com/) WSJ News Exclusive | Amazon Among Bidders for Signify Health (https://www.wsj.com/articles/amazon-among-bidders-for-signify-health-11661123042?mod=djemalertNEWS) Twitter tests a special tag to highlight phone number-verified accounts (https://www.theverge.com/2022/8/19/23313757/twitter-phone-number-verified-label-bots-privacy-security?scrolla=5eb6d68b7fedc32c19ef33b4) YouTube․com/podcasts goes live as simple 'Explore' page (https://9to5google.com/2022/08/21/youtube-podcasts-explore/) Will MoviePass' return help struggling theaters? (https://thehustle.co/08232022-MoviePass) Zoom pares back annual forecast as revenue growth slows to single digits (https://www.cnbc.com/2022/08/22/zoom-zm-earnings-q2-2023.html?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Former security chief claims Twitter buried ‘egregious deficiencies' (https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axiosprorata&stream=top) The Math Proves It—Network Congestion Is Inevitable (https://spectrum.ieee.org/internet-congestion-control) Sony confirms PS VR2 is coming to market 'in early 2023' (https://www.engadget.com/sony-confirms-ps-vr2-is-coming-to-market-in-early-2023-224256205.html) Twitter whistleblower won hacker acclaim for exposing software flaws (https://www.washingtonpost.com/technology/2022/08/23/peiter-mudge-zatko-twitter-whistleblower/) SSH Security Best Practices using Certificates, 2FA and Bastions (https://goteleport.com/blog/how-to-ssh-properly/?mkt_tok=ODE5LVdIVC00ODMAAAGGalp5pPNPihtU6fE8s-ewjsEBnb-hWmEbMR0NX6vHtlAHhTlzGLbUwTIxNWSL4d55i-2w8mJlk8p_5RNt8LK4LAP3FTPVkDQSMJT2G9aytA) Twitter CEO @paraga weighs in on whistleblower story. (https://twitter.com/donie/status/1562069281545900033) The House passed a defense spending bill saying you can't sell software to the DoD that has any known CVEs in it. (https://twitter.com/JGamblin/status/1560016175265972224) There's no such thing as vulnerability-free software, it simply doesn't exist… yet (https://blog.chainguard.dev/theres-no-such-thing-as-vulnerability-free-software-it-simply-doesnt-exist-yet/) Neumann's Resurrection & The Trump Org's Future (https://puck.news/neumanns-resurrection-the-trump-orgs-future/?_cio_id=f6c606078958dac00d&utm_campaign=Media+Monday+-+LEADS+%288%2F22%2F22%29&utm_content=Media+Monday+-+LEADS+%288%2F22%2F22%29&utm_medium=email_action&utm_source=customer.io) Nonsense Shouting in the Datacenter (https://www.youtube.com/watch?v=tDacjrSCeq4) Kubernetes (https://twitter.com/DennisCode/status/1560079800252764163?s=20&t=reqly34jg7V2ZSmYWGbl-A) CS Final Exam (https://twitter.com/gf_256/status/1561205709366255617) Conferences Register for the SDT Austin Meetup August 27th at 6:30 PM (https://www.eventbrite.com/e/software-defined-talk-meetup-in-austin-tx-tickets-396650401027) VMware Explore 2022, August 29 – September 1, 2022 (https://www.vmware.com/explore/us.html?srccode=na_pxkba4ap4tgmb&cid=7012H000001KawVQAS) - Coté's pitch (https://twitter.com/cote/status/1551895600270016512). Coté's VMware Explore 2022 Page (https://cote.io/explore/) Sydney Cloud FinOps Meetup (https://events.finops.org/events/details/finops-sydney-cloud-finops-presents-sydney-cloud-finops-meetup/), Oct 13, 2022 Matt's presenting Kubecon. Oct. 24 – 28 (https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/) SpringOne Platform (https://springone.io/?utm_source=cote&utm_medium=podcast&utm_content=sdt), SF, December 6–8, 2022 THAT Conference Texas Call For Counselors (https://that.us/call-for-counselors/tx/2023/) Jan 16-19, 2023 SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: The Sandman Audio Book (https://www.audible.com/pd/The-Sandman-Audiobook/B086WP794Z?ref=mrq_aud_sndmn_pser1&source_code=MRQOR13307142003UG&device=d&cvosrc=ppc.google.listen%20to%20the%20sandman&cvo_campaign=1859944977&cvo_crid=449246326732&Matchtype=p&ds_rl=1261256&gclid=Cj0KCQjw9ZGYBhCEARIsAEUXITXUUAZIJWHSjRdtii_NKJX6rFLqbyRzQTre-yOEBdBwaROX8T3z62oaAqdpEALw_wcB&gclsrc=aw.ds) Coté: Amazing Oriental (https://amazingoriental.com/Location/winkels-duivendrecht/) Photo Credits CoverArt (https://twitter.com/cote/status/1562451838678761472/photo/1) Banner (https://unsplash.com/photos/5ZR4DxAG3RQ)

Cryptocurrency for Beginners: with Crypto Casey

⭐ ⛰️ NordVPN ► https://bit.ly/NordVPN-37b (70% off!) ⭐

All the Hacks
My Favorite Apps, Products and Services for a Productive and Optimized Life

All the Hacks

Play Episode Listen Later Aug 19, 2022 28:48 Very Popular


#73: In this bonus episode, Chris shares all the apps, products, services and chrome extension he uses to make his life more productive and efficient. That includes optimizing email, scheduling meetings, storing information and accessing everything quickly from your computer. He'll also share the products he uses at home to make life more efficient, including his desk A/V  setup.Full show notes at: https://www.allthehacks.com/productivity-apps Selected Links From The EpisodeGmail ShortcutsGmail GTD MethodSuperhuman (1 month free)CalendlyNick Gray's Calendly GuideNotionAlfred AppRectangle AppChrome ExtensionsLibrary ExtensionCapital One EnoLushaTab to Window/PopupDon't F*** with PasteCardPointers + 20% off ProKeepaOneTabBlueStacksPaprika1PasswordMicsATR2100XShure SM7B + Cloudlifter + Focusrite 2i2HeadphonesApple AirPodsAudio-Technica M50xBose QuietComfort 35 IIVideoLogitech C920 + C930Sony a7c + Elgato Camlink 4kILOKNZI TeleprompterDuet DisplayElgato Ring LightLumeCube LightDuet Display AppUnifi Wifi SystemAugust Smart LocksRing Alarm SystemSonos Sound SystemOura Ring ($50 Off) Full Show NotesHow to optimize your email and inbox [00:58] Easily schedule events with Calendly [6:08]Where to store information online [6:50] Using Notion to organize everything [8:43] My favorite productivity app: Alfred [10:43]Organize your desktop windows with Rectangle [12:04]The best Chrome extensions for productive browsing [12:33]Running mobile apps on your computer [15:46] Organizing recipes and meal planning with Paprika [17:09] Storing passwords and 2FA keys with 1Password [17:59] Upgrading your audio with a microphone [19:58] My favorite headphones [21:30]Improving your video setup {22:26]The ultimate home WiFi setup with Unifi [24:44] Home Tech: Locks, Alarm System + Speakers [26:01]Tracking your fitness and sleep with the Oura Ring [26:59] Connect with All the HacksAll the Hacks: Newsletter | Website | Facebook | EmailChris Hutchins: Twitter | Instagram | Website | LinkedIn

Cryptocurrency for Beginners: with Crypto Casey
US Gov Declared War on Crypto?!

Cryptocurrency for Beginners: with Crypto Casey

Play Episode Listen Later Aug 14, 2022 7:46


⭐ ⛰️ NordVPN ► https://bit.ly/NordVPN-37b (70% off!) ⭐

Talk Python To Me - Python conversations for passionate developers
#377: Python Packaging and PyPI in 2022

Talk Python To Me - Python conversations for passionate developers

Play Episode Listen Later Aug 13, 2022 68:11 Very Popular


PyPI has been in the news for a bunch of reasons lately. Many of them good. But also, some with a bit of drama or mixed reactions. On this episode, we have Dustin Ingram, one of the PyPI maintainers and one of the directors of the PSF, here to discuss the whole 2FA story, securing the supply chain, and plenty more related topics. This is another important episode that people deeply committed to the Python space will want to hear. Links from the show Dustin on Twitter: @di_codes Hardware key giveaway: pypi.org OpenSSF funds PyPI: openssf.org James Bennet's take: b-list.org Atomicwrites (left-pad on PyPI): reddit.com 2FA PyPI Dashboard: datadoghq.com github 2FA - all users that contribute code by end of 2023: github.blog GPG - not the holy grail: caremad.io Sigstore for Python: pypi.org pip-audit: pypi.org PEP 691: peps.python.org PEP 694: peps.python.org Watch this episode on YouTube: youtube.com --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Twitter: @talkpython Follow Michael on Twitter: @mkennedy Sponsors RedHat IRL Podcast AssemblyAI Talk Python Training

Cryptocurrency for Beginners: with Crypto Casey

⭐ ⛰️ NordVPN ► https://bit.ly/NordVPN-37b (70% off!) ⭐

Security Squawk
Twitter zero day- Twilio Breach- Phishing emails coming from PayPal and QuickBooks - Phishers getting around MFA in Coinbase

Security Squawk

Play Episode Listen Later Aug 10, 2022 35:23


In this week's episode the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss two data breaches, Twitter and Twilio. Twitter confirms that zero-day was used to expose data of 5.4 million accounts. The experts will get into what happened here and how you can protect your social media accounts. Also, the crew gets into Twilio who discloses a data breach after an SMS phishing attack on employees. Next, the team discusses what your next phishing email could be from, like Paypal and Quick Books. Lastly, the experts get into why phishers are making their way around 2FA and using other tactics like a phishing campaign aimed to take over Coinbase. Tune in! Like and Subscribe! Articles that were used in the show: https://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/ https://www.bleepingcomputer.com/news/security/twilio-discloses-data-breach-after-sms-phishing-attack-on-employees/ https://www.ghacks.net/2022/08/08/your-next-phishing-email-may-come-straight-from-paypal/ https://threatpost.com/phishers-2fa-coinbase/180356/

Cryptocurrency for Beginners: with Crypto Casey
Crypto Adoption & Development is on Fire!

Cryptocurrency for Beginners: with Crypto Casey

Play Episode Listen Later Aug 7, 2022 13:01 Very Popular


⭐ ⛰️ NordVPN ► https://bit.ly/NordVPN-37b (70% off!) ⭐

The CyberWire
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. And more crypto looting.

The CyberWire

Play Episode Listen Later Aug 4, 2022 27:43 Very Popular


Ukraine claims to have taken down a massive Russian bot farm. Russian cyber operations may have been premature. A report says Emergency Alert Systems might be vulnerable to hijacking. The Mirai botnet may have a descendant. Adam Flatley from Redacted with a look back at NotPetya. Ryan Windham from Imperva takes on Bad Bots. Attacks on a cryptocurrency exchange attempt to bypass 2FA. Solana cryptocurrency wallets looted. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/149 Selected reading. Ukraine takes down 1,000,000 bots used for disinformation (BleepingComputer) Did Russia mess up its cyberwar with Ukraine before it even invaded? (Washington Post)  So RapperBot, What Ya Bruting For? (Fortinet Blog) Gaming Respawned (Akamai) Coinbase Attacks Bypass 2FA (Pixm Anti-Phishing) Thousands of Solana wallets drained in multimillion-dollar exploit (TechCrunch) Thousands of Solana Wallets Hacked in Crypto Cyberattack (Wall Street Journal)  Solana, USDC Drained From Wallets in Attack (Decrypt)  Ongoing solana attack targets thousands of crypto wallets, costing users more than $5 million so far (CNBC)  Solana and Slope Confirm Wallet Security Breach (Crypto Briefing) How Hackers Target Bridges Between Blockchains for Crypto Heists (Wall Street Journal)

Application Security Weekly (Audio)
ASW #206 - Manish Gupta

Application Security Weekly (Audio)

Play Episode Listen Later Aug 4, 2022 75:23


In our first segment, we are joined by Manish Gupt, the CEO and Co-Founder of ShiftLeft for A discussion of how the changes and advancements in static application security testing (SAST) and intelligent software composition analysis (SCA) have helped development and DevSecOps teams work better together to fix security issues faster! In the AppSec News: Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw206

Paul's Security Weekly
ASW #206 - Manish Gupta

Paul's Security Weekly

Play Episode Listen Later Aug 4, 2022 75:23


In our first segment, we are joined by Manish Gupt, the CEO and Co-Founder of ShiftLeft for A discussion of how the changes and advancements in static application security testing (SAST) and intelligent software composition analysis (SCA) have helped development and DevSecOps teams work better together to fix security issues faster! In the AppSec News: Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw206

Tevora Talks Info-Sec Podcast
Tevora Talks - North Korea Spying on Emails + T-Mobile's Insider Threat + Top Impersonated Apps + Australian Hacker Arrested!

Tevora Talks Info-Sec Podcast

Play Episode Listen Later Aug 4, 2022 31:11


This week, Matt Mosley and Kash Izadseta cover the news of the week! T-Mobile gets hacked by one of their own in a $Million scheme An Australian hacker & malware developer gets arrested Virus Total reveals the top most impersonated applications used by malware North Korean hackers bypass credentials and 2FA to read victim's emails Links mentioned in this episode: http://example.com https://www.bleepingcomputer.com/news/security/mobile-store-owner-hacked-t-mobile-employees-to-unlock-phones/ https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html https://thehackernews.com/2022/07/australian-hacker-charged-with-creating.html https://biz.crast.net/new-gmail-attack-bypasses-passwords-and-2fa-to-read-all-emails-2/ http://tevoratalks.com Instagram, Twitter, Facebook: @TevoraTalks

Lambda3 Podcast
Lambda3 Podcast 310 – VPN e Privacidade – Parte 2

Lambda3 Podcast

Play Episode Listen Later Jul 29, 2022 93:17


Este episódio do Podcast traz a segunda parte da conversa necessária sobre privacidade online com o lambda Giovanni Bassi e os convidados André Valenti, Guilherme Siquinelli e William Grasel, desta vez trazendo o assunto para o ambiente web, usuários, dados e mais.  Entre no nosso grupo do Telegram e compartilhe seus comentários com a gente: https://lb3.io/telegram Feed do podcast: www.lambda3.com.br/feed/podcast Feed do podcast somente com episódios técnicos: www.lambda3.com.br/feed/podcast-tecnico Feed do podcast somente com episódios não técnicos: www.lambda3.com.br/feed/podcast-nao-tecnico Lambda3 · #310 - VPN e Privacidade - Parte 2 Pauta: Técnicas de tracking de usuários na Web Google quer matar cookies Primeira tentativa: Federated Learning of Cohorts (FLoC). Segunda tentativa: Topics API Rastreamento sem consentimento do usuário: Fingerprinting CDN e privacidade idle detection, api do chrome que gerou conversa por permitir identificar quando o usuário está na frente do computador ou não Como proteger os dados dos seus usuários no navegador Evite dados sensíveis de usuário no front APIs de Criptografia na Web Passwordless Web Auth API login e/ou 2FA autenticação biométrica yubikeys futuro: passkeys Novos recursos de privacidade nos navegadores (Brave, Firefox, Chrome, Edge) Participantes: André Willik Valenti - @awvalenti Giovanni Bassi - @giovannibassi Guilherme Siquinelli - @guiseek William Grasel - @willgmbr Links: Lambda3 Podcast 298 - VPN e Privacidade - Parte 1  Lambda3 Podcast 97 - Privacidade Edição: Compasso Coolab Créditos das músicas usadas neste programa: Music by Kevin MacLeod (incompetech.com) licensed under Creative Commons: By Attribution 3.0 - creativecommons.org/licenses/by/3.0

The Cale Clarke Show - Today's issues from a Catholic perspective.

People have always complained that “no one wants to work anymore”. But if we don't, we miss out on one of God's great purposes for our lives. Plus: There's a new priest in town: how Jesus bridges God and humanity. And: if you're an investor in—or fan of—Bed, Bath and Beyond, you might just want to pull the covers up over your head.   https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fomny.fm%2Fshows%2Fthe-cale-clarke-show-todays-issues-from-a-catholic%2Fa-bishop-the-papal-visit-and-the-digital-continent&data=05%7C01%7C%7C064a2f5ed4204363599208da70e9b871%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637946446363703130%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iBJrYNtXuUOlu0tQ2qCG97iPtbANEEqqEICVIc%2Fh9%2FM%3D&reserved=0  

NFT 365: 1st Daily Podcast Minting NFTs
259. Metaversity: GenZ reimagining the future of web3 education

NFT 365: 1st Daily Podcast Minting NFTs

Play Episode Listen Later Jul 28, 2022 70:01


Brian welcomes the team from Metaversity on the podcast today! Metaversity's core mission is educating and fostering an environment of entrepreneurs. It is a Web3 company and project that helps provide side-hustle education. Owning a Metaversity NFT enables holders to get access to various workshops, training programs and seminars put together by successful entrepreneurs.  Srikar, Sai, and Harsha talk about the team's origin stories and their vision for Metaversity. Already well on their way with the roadmap, they are minting their genesis collection soon and this will be followed by a larger release of 5000 NFTs. Utility access will focus on education and collaboration with other projects. Follow our guests on social media: https://themetaversity.app/ Twitter: @Metaversity_ IG: @metaversitynft Srikar @srikarkarra Sai @saikarra22 Harsha @h_tambareni Sai Karra's Book “Outset: The Start to Something Great” https://a.co/d/8StyNqJ 4:25 - Metaversity team introductions 10:30 - The purpose driving the project and team 11:40 - Passion in both business and education 13:45 - Sai discusses being a content creator and author of the book “Outset” 16:25 - Harsha discusses the excitement of blockchain technology and innovation 17:50 - Education in Web3 can set yourself up for success in the space 13:50 - Strategy approaching the Metaversity NFT project launch in current market 21:25 - Srikar discusses his opinion on Web3 influencers 23:15 - Audience relationship is key when considering marketing, collaboration, and influencer tools 25:00 - Being a creator gives an edge 25:50 - Providing value with your content can help build organic growth 28:00 - The team brings their own selves to the project but are so aligned in their collaboration 32:50 - Origin story of the project idea being aligned with a “university” and developed into the Metaversity concept 38:00 - Discord discourse 42:03 - 2FA should be standard 46:55 - Jarshs discusses the current state of computer science education and his experience at Georgia Tech 47:50 - Discussion of the Metaversity genesis NFT launch, followed by full collection release of 5000 50:40 - Addressing team diversity and the accessibility of their education utility 56: 55 - Advice for getting more involved in Web3 - Srikar recommends focusing on connecting with others 1:04:00 - Some plans for Metaversity such as coding tools, that will integrate technology with utility 1:05:45 - Trait swapping feature in development with other projects in collaboration with Metaversity Discover the latest Web3 strategies to improve your business at the upcoming Crypto Business Conference in San Diego, October 9th-11th 2022  https://www.socialmediaexaminer.com/nft365 ______________________________________________________________ Learn more about the NFT365 Podcast

The Accountability Coach: Business Acceleration|Productivity
6 Cybersecurity Tips to Protect Your Business

The Accountability Coach: Business Acceleration|Productivity

Play Episode Listen Later Jul 21, 2022 10:57


Making sure your business has systems in place to withstand cyberattacks is one of the most important actions you need to do. As a business owner, you have an obligation to protect your company's sensitive information, as well as your clients' information. The Equifax data breach of 2017 exposed the personal data of millions of people. As a result, Equifax had to pay $700 million in settlement fees. This is just one of many unfortunate examples. Smaller businesses may be even easier targets, which is why it's very important to have a solid cybersecurity strategy in place. If you're not sure where to start, let's review 6 tips to help you increase your company's cybersecurity to protect your business. 1. Use Secure Passwords and Multi-factor Authentication Not only should you have a strong password to sign into the various platforms and software that your business uses, it's also good practice to change those passwords regularly and use multi-factor authentication. Longer passwords are better—at least 8 characters, with a mix of uppercase and lowercase letters, numbers, and symbols. Passwords can be hacked with automated software that tries every possible combination, so the longer your password is, the more combinations it has to try. Multi-factor authentication is when you need a password and an additional step. It's also called two-step verification. This reduces the likelihood of a successful attack because there is additional information needed. Typically, this is a code sent to the user's cell phone, or a code generated by a two-factor authentication (2FA) app such as Authy. You can use a password manager to manage the various passwords for your accounts, so you're not reusing the same one, or having to try and remember all the passwords you have for all your accounts. If one account gets hacked, then any other account using the same password can also more easily get hacked. And whatever you do, avoid using the word “password” as your password at all costs. There are many password manger options. Some are: • Dashlane • LastPass • LogMeOnce • Keeper • NordPass • Bitwarden • RememBear • 1Password • PasswordBoss • Enpass • RoboForm • ZohoVault • TrueKey 2. Secure Your Wi-Fi Network Make sure your Wi-Fi is secure and hidden. While your router typically comes with a pre-set password, make sure to change it immediately to something more secure. Additionally, if you offer free Wi-Fi to your guests, create a separate guest network with a different password, so they don't have access to your company's network. You're ultimately responsible for what people do on your network. By securing your guest network with a password, you can control who has access to it and make sure you're not opening up your business to considerable risks. Also check that encryption is enabled on your router. Encryption provides data security for sensitive information, and enabling it scrambles plain text that's sent or stored on the web into unreadable, or “cipher text.” Once it's sent to the end user, the text is unscrambled, or decrypted. If you're out of the office or in a public area, avoid using the free Wi-Fi network. As tempting as it may be to check your email at the airport, there are a lot of potential risks that come with a free public network, such as opening yourself up to hackers. Look for a network that's secured with a strong password, and if you can't find one and absolutely need to hop online, use your phone as a temporarily private hotspot. 3. Backup Your Data Regularly If your system gets hacked, not only will others gain access to sensitive information, but you may lose access to your own data. Backing up your data regularly to the cloud will still give you access to it if anything happens. Ransomware attacks happen by locking you out of your data and preventing access until you pay a ransom fee. If you have a recent copy of your data, you don't need to worry about getting that information back. How often you backup your data depends on your business and how much information you're storing. At the very least, you should back it up after any important task has been completed. Some backup service options are: • https://www.carbonite.com/en/ • https://mozy.com/ • www.mypcbackup.com • www.justcloud.com • www.backupgenie.com • www.zipcloud.com • www5.ibackup.com • www.crashplan.com • www.sosonlinebackup.com • https://www.idrive.com/index.html 4. Create Separate User Accounts for Each Team Member As much as you'd love to retain your team members for as long as possible, the time will sometimes come for them to move on. Hopefully that's on good terms, but in case it's not, it's always safer to make sure you can easily delete their individual user accounts. Having separate user accounts also helps keep track of version history, or who makes changes to what. If anything ever happens to your files or data, you'll be able to track who the last person to make the changes was so you can restore the files. Make sure that when your employees are setting up their user accounts, they understand how to set up a strong password. 5. Encrypt Any Data Sent Via Email Cybersecurity training should be part of any new employee onboarding. This includes training employees on the types of data to send or not to send through email. Any sensitive information, such as login information and passwords, credit card information, or social security information, should never be sent through email. Tools such as Enigmail are useful security tools to encrypt your email. Never email any confidential information to anyone via email. Passwords can be sent through software such as LastPass. The same way you wouldn't want to send sensitive information on a postcard for everyone to see, you should be cautious about what you send through email in case you get hacked. 6. Implement Anti-Virus Software and Firewalls Anti-virus software and firewalls block malicious software from getting into and infecting your computer. They guard your system from any suspicious activity or users trying to make contact with it. It's like a security guard, making sure only the people on your approved list are let in. VPNs mask your identity on the internet and protect your location and online activities. A VPN is like a middleman—when you go to a site, the site sees the VPN's IP address, not your own personal IP address. You get what you pay for, so it's a good idea to pay for a VPN service instead of going with a free one. A decent VPN can cost you between $5-$12 per month, which is a small price to pay for added security. Anti-virus software can protect your computer from things like spyware, adware, or trojan horses. Firewalls, on the other hand, protect your network from suspicious traffic. Together, you have the best chance of fighting cyberattacks from various angles. A few anti-virus software options are: • McAfee • Norton • Total AV • Surfshark • Kaspersky • Bitdefender • AURA • Panda • Avira If you don't already have a cybersecurity strategy in place, now's the time to implement one. Take a look at the systems you have and get a sense of what needs to be done to protect them from all angles, whether that's using two-factor authentication, backing up your data regularly, using a VPN, implementing anti-virus software, or encrypting any sensitive information sent over email. It's your job as a business owner to protect your company and its assets from cyberattacks. Putting in the work now and having the proper tools to build resilience to threats will definitely pay off. For more help with growing your business and accelerating your results, reach out to me today and schedule your complimentary consultation. Aim for what you want each and every day! Anne Bachrach The Accountability Coach™ The Results Accelerator™ To help you stay focused and on track to achieving your goals, check out these other high-value resources. Subscribe to my high-value business success tips and resources Blog https://www.accountabilitycoach.com/blog/) - Subscribe to my YouTube channel with business success principles (https://www.youtube.com/annebachrach) - Connect with me on Facebook (https://www.facebook.com/TheAccountabilityCoach) - Connect with me on Linked-in (https://www.linkedin.com/in/annebachrach) - Connect with me on Pinterest (https://pinterest.com/resultsrule/) - Connect with me on Instagram (https://www.instagram.com/annebachrach/) If you are getting value from any of Podcasts, please take a minute to leave me a short rating and review. I would really appreciate it, and love to hear from you. Go to https://www.accountabilitycoach.com to check out for yourself how I, as your Accountability Coach™, can help you get and stay focused on you highest payoff activities that put you in the highest probability position to achieve your professional and personal goals, so you can enjoy the kind of business and life you truly want and deserve. Get your daily Accountability Minute shot of a single, simple, doable idea, so you can start your day off on the "right foot". You can find The Accountability Minute on https://www.accountabilitycoach.com/my-podcast/ as well as on most podcast platforms and in most English-speaking countries. As an experienced accountability coach and author of 5 books, I help business professionals make more money, work less, and enjoy even better work life balance. Check out my proven business accelerator resources by going to https://www.accountabilitycoach.com/coaching-store/. Author of Excuses Don't Count; Results Rule, Live Life with No Regrets, No Excuses, and the Work Life Balance Emergency Kit, The Roadmap To Success with Stephen Covey and Ken Blanchard, and more.

Goal Setting & Achievement Podcast: Business|Productivity
6 Cybersecurity Tips to Protect Your Business

Goal Setting & Achievement Podcast: Business|Productivity

Play Episode Listen Later Jul 21, 2022 10:57


Making sure your business has systems in place to withstand cyberattacks is one of the most important actions you need to do. As a business owner, you have an obligation to protect your company's sensitive information, as well as your clients' information. The Equifax data breach of 2017 exposed the personal data of millions of people. As a result, Equifax had to pay $700 million in settlement fees. This is just one of many unfortunate examples. Smaller businesses may be even easier targets, which is why it's very important to have a solid cybersecurity strategy in place. If you're not sure where to start, let's review 6 tips to help you increase your company's cybersecurity to protect your business. 1. Use Secure Passwords and Multi-factor Authentication Not only should you have a strong password to sign into the various platforms and software that your business uses, it's also good practice to change those passwords regularly and use multi-factor authentication. Longer passwords are better—at least 8 characters, with a mix of uppercase and lowercase letters, numbers, and symbols. Passwords can be hacked with automated software that tries every possible combination, so the longer your password is, the more combinations it has to try. Multi-factor authentication is when you need a password and an additional step. It's also called two-step verification. This reduces the likelihood of a successful attack because there is additional information needed. Typically, this is a code sent to the user's cell phone, or a code generated by a two-factor authentication (2FA) app such as Authy. You can use a password manager to manage the various passwords for your accounts, so you're not reusing the same one, or having to try and remember all the passwords you have for all your accounts. If one account gets hacked, then any other account using the same password can also more easily get hacked. And whatever you do, avoid using the word “password” as your password at all costs. There are many password manger options. Some are: • Dashlane • LastPass • LogMeOnce • Keeper • NordPass • Bitwarden • RememBear • 1Password • PasswordBoss • Enpass • RoboForm • ZohoVault • TrueKey 2. Secure Your Wi-Fi Network Make sure your Wi-Fi is secure and hidden. While your router typically comes with a pre-set password, make sure to change it immediately to something more secure. Additionally, if you offer free Wi-Fi to your guests, create a separate guest network with a different password, so they don't have access to your company's network. You're ultimately responsible for what people do on your network. By securing your guest network with a password, you can control who has access to it and make sure you're not opening up your business to considerable risks. Also check that encryption is enabled on your router. Encryption provides data security for sensitive information, and enabling it scrambles plain text that's sent or stored on the web into unreadable, or “cipher text.” Once it's sent to the end user, the text is unscrambled, or decrypted. If you're out of the office or in a public area, avoid using the free Wi-Fi network. As tempting as it may be to check your email at the airport, there are a lot of potential risks that come with a free public network, such as opening yourself up to hackers. Look for a network that's secured with a strong password, and if you can't find one and absolutely need to hop online, use your phone as a temporarily private hotspot. 3. Backup Your Data Regularly If your system gets hacked, not only will others gain access to sensitive information, but you may lose access to your own data. Backing up your data regularly to the cloud will still give you access to it if anything happens. Ransomware attacks happen by locking you out of your data and preventing access until you pay a ransom fee. If you have a recent copy of your data, you don't need to worry about getting that information back. How often you backup your data depends on your business and how much information you're storing. At the very least, you should back it up after any important task has been completed. Some backup service options are: • https://www.carbonite.com/en/ • https://mozy.com/ • www.mypcbackup.com • www.justcloud.com • www.backupgenie.com • www.zipcloud.com • www5.ibackup.com • www.crashplan.com • www.sosonlinebackup.com • https://www.idrive.com/index.html 4. Create Separate User Accounts for Each Team Member As much as you'd love to retain your team members for as long as possible, the time will sometimes come for them to move on. Hopefully that's on good terms, but in case it's not, it's always safer to make sure you can easily delete their individual user accounts. Having separate user accounts also helps keep track of version history, or who makes changes to what. If anything ever happens to your files or data, you'll be able to track who the last person to make the changes was so you can restore the files. Make sure that when your employees are setting up their user accounts, they understand how to set up a strong password. 5. Encrypt Any Data Sent Via Email Cybersecurity training should be part of any new employee onboarding. This includes training employees on the types of data to send or not to send through email. Any sensitive information, such as login information and passwords, credit card information, or social security information, should never be sent through email. Tools such as Enigmail are useful security tools to encrypt your email. Never email any confidential information to anyone via email. Passwords can be sent through software such as LastPass. The same way you wouldn't want to send sensitive information on a postcard for everyone to see, you should be cautious about what you send through email in case you get hacked. 6. Implement Anti-Virus Software and Firewalls Anti-virus software and firewalls block malicious software from getting into and infecting your computer. They guard your system from any suspicious activity or users trying to make contact with it. It's like a security guard, making sure only the people on your approved list are let in. VPNs mask your identity on the internet and protect your location and online activities. A VPN is like a middleman—when you go to a site, the site sees the VPN's IP address, not your own personal IP address. You get what you pay for, so it's a good idea to pay for a VPN service instead of going with a free one. A decent VPN can cost you between $5-$12 per month, which is a small price to pay for added security. Anti-virus software can protect your computer from things like spyware, adware, or trojan horses. Firewalls, on the other hand, protect your network from suspicious traffic. Together, you have the best chance of fighting cyberattacks from various angles. A few anti-virus software options are: • McAfee • Norton • Total AV • Surfshark • Kaspersky • Bitdefender • AURA • Panda • Avira If you don't already have a cybersecurity strategy in place, now's the time to implement one. Take a look at the systems you have and get a sense of what needs to be done to protect them from all angles, whether that's using two-factor authentication, backing up your data regularly, using a VPN, implementing anti-virus software, or encrypting any sensitive information sent over email. It's your job as a business owner to protect your company and its assets from cyberattacks. Putting in the work now and having the proper tools to build resilience to threats will definitely pay off. For more help with growing your business and accelerating your results, reach out to me today and schedule your complimentary consultation. Aim for what you want each and every day! Anne Bachrach The Accountability Coach™ The Results Accelerator™ To help you stay focused and on track to achieving your goals, check out these other high-value resources. Subscribe to my high-value business success tips and resources Blog https://www.accountabilitycoach.com/blog/) - Subscribe to my YouTube channel with business success principles (https://www.youtube.com/annebachrach) - Connect with me on Facebook (https://www.facebook.com/TheAccountabilityCoach) - Connect with me on Linked-in (https://www.linkedin.com/in/annebachrach) - Connect with me on Pinterest (https://pinterest.com/resultsrule/) - Connect with me on Instagram (https://www.instagram.com/annebachrach/) If you are getting value from any of Podcasts, please take a minute to leave me a short rating and review. I would really appreciate it, and love to hear from you. Go to https://www.accountabilitycoach.com to check out for yourself how I, as your Accountability Coach™, can help you get and stay focused on you highest payoff activities that put you in the highest probability position to achieve your professional and personal goals, so you can enjoy the kind of business and life you truly want and deserve. Get your daily Accountability Minute shot of a single, simple, doable idea, so you can start your day off on the "right foot". You can find The Accountability Minute on https://www.accountabilitycoach.com/my-podcast/ as well as on most podcast platforms and in most English-speaking countries. As an experienced accountability coach and author of 5 books, I help business professionals make more money, work less, and enjoy even better work life balance. Check out my proven business accelerator resources by going to https://www.accountabilitycoach.com/coaching-store/. Author of Excuses Don't Count; Results Rule, Live Life with No Regrets, No Excuses, and the Work Life Balance Emergency Kit, The Roadmap To Success with Stephen Covey and Ken Blanchard, and more.

Security Nation
Jacques Chester of Shopify Talks CVSS Scores

Security Nation

Play Episode Listen Later Jul 20, 2022 39:36


Interview LinksA Closer Look at CVSS ScoresRapid Rundown LinksBleeping Computer story: PyPI mandates 2FA for critical projects, developer pushes backTwitter thread on deleting atomicwrites, and undeleting itPyPi issues mentionedhttps://github.com/pypi/warehouse/issues/11625https://github.com/pypi/warehouse/issues/11805https://github.com/pypi/warehouse/issues/11798Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Python Bytes
#293 And if I pull this open source Jenga block...

Python Bytes

Play Episode Listen Later Jul 20, 2022 47:34


Watch the live stream: Watch on YouTube About the show Sponsored by Microsoft for Startups Founders Hub. Special guest: Ashley Anderson Ashley #1: PSF security key giveaway for critical package maintainers Giving away 4000 2FA hardware keys Surely a team effort but I found it via @di_codes twitter (Dustin Ingram) links to previous talks on PyPI/supply chain security Interesting idea for helping with supply-chain vulnerabilities At least one dev pulled a critical package in response Previously: I don't have any critical projects Armin Ronacher has an interesting take Michael #2: PyLeft-Pad via Dan Bader Markus Unterwaditzer was maintaining atomicwrites More on how this relates to a project (Home Assistant) I wonder if PyPI will become immutable once an item is published Brian #3: FastAPI Filter Suggested and created by Arthur Rio “I loved using django-filter with DRF and wanted an equivalent for FastAPI.” - Arthur Add query string filters to your api endpoints and show them in the swagger UI. Supports SQLAlchemy and MongoEngine. Supports operators: gt, gte, in, isnull, it, lte, not/ne, not_in/nin Ashley #4: Tools for building Python extensions in Rust PyO3 pyo3 - Python/Rust FFI bindings nice list of examples people might recognize in the PyO3 README Pydantic V2 will use it for pydantic-core maturin - PEP 621 wheel builder (pyproject.toml) pretty light weight, feels like flit for Rust or python/Rust rust-numpy (+ndarray) for scientific computing setuptools-rust for integrating with existing Python projects using setuptools Rust project and community place high value on good tooling, relatively young language/community with a coherent story from early on Rust macro system allows for really nice ergonomics (writing macros is very hard, using them is very easy) The performance/safety/simplicity tradeoffs Python and Rust make are very different, but both really appeal to me - Michael #5: AutoRegEx via Jason Washburn Enter an english phrase, it'll try to generate a regex for you You can do the reverse too, explain a regex You must sign in and are limited to 100 queries / [some time frame] Related from Simon Willison: Using GPT-3 to explain how code works Brian #6: Anaconda Acquires PythonAnywhere Suggested by Filip Łajszczak See also Anaconda Acquisition FAQs from PythonAnywhere blog From announcement: “The acquisition comes on the heels of Anaconda's release of PyScript, an open-source framework running Python applications within the HTML environment. The PythonAnywhere acquisition and the development of PyScript are central to Anaconda's focus on democratizing Python and data science.” My take: We don't hear a lot about PA much, even their own blog has had 3 posts in 2022, including the acquisition announcement. Their home page boasts “Python versions 2.7, 3.5, 3.6, 3.7 and 3.8”, although I think they support 3.9 as well, but not 3.10 yet, seems like from the forum. Also, no ASGI, so FastAPI won't work, for example. Still, I think PA is a cool idea, and I'd like to see it stay around, and stay up to date. Hopefully this acquisition is the shot in the arm it needed. Extras Michael: Python becomes the most sought after for employers hiring (by some metric) Ashley: PEP691 JSON Simple API for PyPI Rich Codex - automatic terminal “screenshots” Joke: Neta is a programmer

Open Source Security Podcast
Episode 332 - PyPI: 2FA or not 2FA, that is the question

Open Source Security Podcast

Play Episode Listen Later Jul 18, 2022 39:01


Josh and Kurt talk about PyPI mandating two factor authentication for the top 1% of projects. It feels like a simple idea, but it's not when you start to think about it. What problems does 2FA solve? How common are these attacks? What are the second and third order effects of mandating 2FA? This episode should have something for everyone on all sides of this discussion to violently disagree with. Show Notes PyPI announcement NPM expired domains Morten Linderud Tweet Congratulations: We Now Have Opinions on Your Open Source Contributions

Paul's Security Weekly
ASW #203 - Farshad Abasi

Paul's Security Weekly

Play Episode Listen Later Jul 15, 2022 69:56


This week in the AppSec News: Apple introduces Lockdown Mode, PyPI hits 2FA trouble, cataloging cloud vulns, practical attacks on ML, NIST's post-quantum algorithms, & more!   Appsec starts with the premise that we need to build secure code, but it also has to be able to recommend effective practices and tools that help developers. This also means appsec teams need to work with developers to create criteria for security solutions, whether it's training or scanners, in order to make sure their investments of time and money lead to more secure apps. Segment Resources: https://forwardsecurity.com/2022/04/24/embedding-security-into-software-during-development/ https://forwardsecurity.com/2022/03/15/application-security-for-busy-tech-execs/ https://forwardsecurity.com/2022/03/09/sast-sca-dast-iast-rasp-what-they-are-and-how-you-can-automate-application-security/   Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw203

Phoenix Cast
PyPI

Phoenix Cast

Play Episode Listen Later Jul 15, 2022 36:31


In this episode of Phoenix Cast, hosts John and Kyle talk through PyPI announcing they were rolling out 2FA for critical repos and some of the fallout as a result of this decision. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: Snark: https://www.merriam-webster.com/dictionary/snark PyPI article: https://www.bleepingcomputer.com/news/security/pypi-mandates-2fa-for-critical-projects-developer-pushes-back/?fbclid=IwAR1miz9zGORelshF19IwWZ_GdGClAMCOdvXlDBfXiVwVzWKuHYcwZCkHKPE&fs=e&s=cl Ethical hacking gone wrong: https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/

Brakeing Down Security Podcast
PYPI enables 2FA, some devs have a problem with this

Brakeing Down Security Podcast

Play Episode Listen Later Jul 14, 2022 56:22


Full #twitch VOD here (prime sub or paid sub required):  https://www.twitch.tv/videos/1528342722 https://github.com/untitaker/python-atomicwrites https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html Twitch streams (175+ hours of content!): Https://twitch.tv/brakesec www.brakeingsecurity.com Twitter: @infosystir @boettcherpwned @brakesec @bryanbrake

Risky Business
Risky Business #671 -- The case for an American-owned NSO Group

Risky Business

Play Episode Listen Later Jul 13, 2022 Very Popular


On this week's show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week's security news, including: Why an American defence contractor acquiring NSO Group would be a nonproliferation win A look at Microsoft's botched macro measures iPhone's Lockdown Mode Ukraine goes big on Yubikeys Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash Much, much more This week's show is sponsored by Proofpoint. Ryan Kalember, Proofpoint's Executive Vice President of Cybersecurity Strategy, joins us in this week's sponsor interview to talk about changes he's observed in the criminal ecosystem. Links to everything that we discussed are below and you can follow Patrick or Dmitri>Dmitri on Twitter if that's your thing. Show notes L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects' in 2FA drive | The Daily Swig Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary' - The Record by Recorded Future Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA North Korea is targeting hospitals with ransomware, U.S. agencies warn Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future Chinese Hackers Targeting Russian Government and Telcos DeFi Hacker Returns $8m Millions in Cryptocurrency Stolen in Phishing Attacks