Podcasts about Wireshark

Take a Network Break! We start with two critical vulnerabilities: one affecting cloud versions of Cisco ISE, and the other for HPE StoreOnce. In the news, Broadcom announces the Tomahawk 6 ASIC with 102.4Tbits of bandwidth, SentinelOne suffers a self-imposed network outage, and the Wireshark Foundation announces its first-ever professional certification for Wireshark. Cisco rebrands... Read more »

Take a Network Break! We start with two critical vulnerabilities: one affecting cloud versions of Cisco ISE, and the other for HPE StoreOnce. In the news, Broadcom announces the Tomahawk 6 ASIC with 102.4Tbits of bandwidth, SentinelOne suffers a self-imposed network outage, and the Wireshark Foundation announces its first-ever professional certification for Wireshark. Cisco rebrands... Read more »

Take a Network Break! We start with two critical vulnerabilities: one affecting cloud versions of Cisco ISE, and the other for HPE StoreOnce. In the news, Broadcom announces the Tomahawk 6 ASIC with 102.4Tbits of bandwidth, SentinelOne suffers a self-imposed network outage, and the Wireshark Foundation announces its first-ever professional certification for Wireshark. Cisco rebrands... Read more »

Hackeři zneužívají ChatGPT k vývoji malwaru, obcházení antivirů i tvorbě dezinformací napříč Ruskem, Čínou, Íránem i Severní Koreou. V nové epizodě rozebíráme, jak se umělá inteligence mění v nástroj kyberzločinu. Řešíme i falešnou aplikaci Salesforce, aktivně zneužívanou 0day zranitelnost v prohlížeči Chrome, kritickou chybu v cloudových instalacích Cisco ISE, pád Wiresharku po upraveném paketu a GDPR pokutu 45 milionů eur pro Vodafone v Německu za bezpečnostní a procesní selhání.Kapitoly:00:00 Vodafone dostal pokutu 45 milionů eur02:46 Hackeři trénují malware s ChatGPT05:09 Falešný Salesforce krade přístupy do cloudu06:27 0day v Chromu je aktivně zneužívaná07:35 Kritická chyba v Cisco ISE ohrožuje cloud08:52 Wireshark padá po upraveném paketu10:29 Meme of the weekOdkazy a zdroje:https://www.bfdi.bund.de/SharedDocs/Pressemitteilungen/EN/2025/06_Geldbuße-Vodafone.html?nn=355282https://thehackernews.com/2025/06/openai-bans-chatgpt-accounts-used-by.htmlhttps://cyberscoop.com/google-unc6040-salesforce-attacks/https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.htmlhttps://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.htmlhttps://cybersecuritynews.com/wireshark-vulnerability-enables-dos-attack/#IT #Novinky #bezpecnost #Česko

In this episode, I get to sit down with one of my heroes, Gerald Combs, who created and has maintained Wireshark for decades - one of the most critical projects to everything we do today in a connected world. We talk about a passion for problem solving, the magic of open-source, the old days of pre-standardized networking, and how so much of what society relies on is held together by a few very dedicated people.Donate to the Wireshark Foundation here: https://wiresharkfoundation.org/donate/Find the Wireshark Foundation Podcast on YouTube: @SharkBytesWireshark

This week's guest on Control Intelligence is Patrick Bunn, owner of Bunn Automation Consulting in Birmingham, Alabama. Bunn's career has included valuable experience with CMC Steel Alabama, Revere Control Systems, EC&S, Hargrove Controls & Automation and Enercon, as well as his volunteer work with younger people in technology, engineering and automation. He will be one of the presenters at OT SCADA CON this July in Houston, where he'll be discussing industrial network protocols and how to use Wireshark software for troubleshooting, as well as the OSI model, which he wrote a very popular on for Control Design. He will speak at the event on July 24 at 3 p.m.

SharkFest is the twice-yearly conference where Wireshark users and trainers gather to learn, share, and improve their packet and protocol analysis skills. The US version of SharkFest’25 is June 14 -19 in Richmond, VA. Gerald Combs of the Wireshark Foundation is here to tell us about why this live event needs to be on your... Read more »

SharkFest is the twice-yearly conference where Wireshark users and trainers gather to learn, share, and improve their packet and protocol analysis skills. The US version of SharkFest’25 is June 14 -19 in Richmond, VA. Gerald Combs of the Wireshark Foundation is here to tell us about why this live event needs to be on your... Read more »

Send us a textPreparing for a cloud network engineering interview at a tech giant? This episode delivers essential insights from someone who conducts these interviews. Kam Agahian, Senior Director of Cloud Engineering at Oracle, returns to continue our deep dive into what really matters when interviewing for these coveted positions.We begin by addressing listener questions about TCP/IP preparation, with Kam suggesting Wireshark packet analysis as a practical approach to master these foundational concepts. While acknowledging these topics can be dry, he emphasizes their critical importance as differentiators in the interview process.The conversation then shifts to the heart of cloud networking: connectivity between environments. Kam breaks down the two primary approaches – IPsec tunnels versus dedicated connections (like FastConnect, DirectConnect, ExpressRoute) – explaining when each makes sense and what you need to understand about them beyond simple definitions. The discussion includes encryption options, real-world implementation challenges, and how cloud service providers differ in their connectivity models.For routing, Kam explains how priorities have shifted from traditional networking interviews. While IGP protocols matter less at cloud boundaries, BGP knowledge remains crucial – but focused on practical applications rather than obscure features. "90-95% of BGP is done around a few topics – inbound and outbound traffic influence, convergence, and troubleshooting," he notes, advising candidates to understand both the "how" and "why" behind concepts like communities, attributes, and ECMP.Throughout the episode, both hosts emphasize a critical insight: cloud networking interviews aren't configuration tests. The most successful candidates demonstrate deep understanding of why technologies are appropriate for specific scenarios, how they've evolved, and the nuances of their implementation in cloud environments versus traditional networks. This thoughtful approach reveals the problem-solving abilities that tech giants value most in their cloud networking teams.Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/ Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj

No novo episódio do Camada 8, recebemos novamente o Gustavo Kalau, especialista em redes de computadores e instrutor de treinamentos técnicos. Desta vez, ele está de volta para falar sobre um tema que todo profissional de redes precisa dominar: troubleshooting.Kalau explica o que é troubleshooting e porque essa habilidade é tão importante para ajudar a identificar e resolver problemas na rede. Ele também compartilha ferramentas úteis (como ping, traceroute, MTR e Wireshark), dicas de como diferenciar se os problemas estão na camada física, na camada de redes ou na camada de aplicação, e ainda traz casos que ele viveu na prática, e muito mais!Dê o play e confira agora mesmo o novo episódio do quadro Roteamento de Ideias do Camada 8!#Camada8 #Troubleshooting #Traceroute #Ping #MTR #Wireshark #Internet #Infraestrutura #RedesParticipantes:Eduardo Barasal Morales (Host) - Coordenador da área de formação de sistemas autônomos do Ceptro.br no NIC.br https://www.linkedin.com/in/eduardo-barasal-morales Lucas Jorge da Silva (Host) - Analista de Projetos do Ceptro.br no NIC.br https://www.linkedin.com/in/lucasjorgeGustavo Kalau (Convidado) - Especialista em Redes de Computadores e instrutor de treinamentos técnicos para certificações na Gustavo Kalau Treinamento https://www.linkedin.com/in/gustavokalau/Links citados:IX Fórum Fortaleza: https://fortaleza.forum.ix.br/ Live Intra Rede: https://intrarede.nic.br/Curso BCOP Presencial: https://cursoseventos.nic.br/curso/curso-bcop/IX Fórum Regional Edição Sul: https://regional.forum.ix.br/Curso BCOP EaD: https://cursoseventos.nic.br/curso/curso-bcop-ead/Programa Acelera NET: https://cursoseventos.nic.br/curso/programa-acelera-net/NTP: https://ntp.br/Gustavo Kalau Treinamentos: https://gustavokalau.com.br/Fórum BCOP 2024: https://forumbcop.nic.br/Palestra: Dicas óbvias (ou não) para quem trabalha com redes de computadores: https://www.youtube.com/live/EWS_OVg8TTs?si=KmDTYCEaeH8NNBTv Agenda de cursos do Ceptro|NIC.br: https://ceptro.br/cursos-eventosRedes Sociais:https://www.youtube.com/nicbrvideos/https://www.twitter.com/comunicbr/https://www.telegram.me/nicbr/https://www.linkedin.com/company/nic-br/https://www.instagram.com/nicbr/https://www.facebook.com/nic.br/https://www.flickr.com/NICbr/Contato:Equipe Ceptro.brcursosceptro@nic.brDireção e áudio:Equipe Ceptro.brEquipe de Comunicação do NIC.brEdição YouProjectSonorização Rádiofobia Podcast e Multimídia: https://radiofobia.com.br/Veja também:https://nic.br/https://ceptro.br/

Today on the Tech Bytes podcast we get a look at the inner workings of the Wireshark Foundation. Many already know what Wireshark is and can do for you. It's a free, open-source, and widely used tool for packet and protocol analysis. But what does it take to keep Wireshark running, to update software and... Read more »

Today on the Tech Bytes podcast we get a look at the inner workings of the Wireshark Foundation. Many already know what Wireshark is and can do for you. It's a free, open-source, and widely used tool for packet and protocol analysis. But what does it take to keep Wireshark running, to update software and... Read more »

Welcome to episode 290 of The Cloud Pod – where the forecast is always cloudy! It's a full house this week – and a good thing too, since there's a lot of news! Justin, Jonathan, Ryan, and Matthew are all in the house to bring you news on DeepSeek, OpenVox, CloudWatch, and more.  Titles we almost went with this week: The cloud pod wonders if azure is still hung over from new years Stratoshark sends the Cloud pod to the stratosphere Cutting-Edge Chinese “Reasoning” Model Rivals OpenAI… and it’s FREE?! Wireshark turns 27, Cloud Pod Hosts feel old Operator: DeepSeek is here to kill OpenAI Time for a deepthink on buying all that Nvidia stock AWS Token Service finally goes cloud native The CloudPod wonders if OpenAI’s Operator can order its own $200 subscription A big thanks to this week's sponsor: We're sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You've come to the right place! Send us an email or hit us up on our slack channel for more info.  AI IS Going Great – Or How ML Makes All Its Money 01:29 Introducing the GenAI Platform: Simplifying AI Development for All  If you’re struggling to find that AI GPU capacity, Digital Ocean is pleased to announce their DigitalOcean GenAI Platform is now available to everyone. The platform aims to democratize AI development, empowering everyone – from solo developers to large teams – to leverage the transformative potential of generative AI.  On the Gen AI platform you can: Build Scalable AI Agents Seamlessly integrate with workflows Leverage guardrails Optimize Efficiency.  Some of the use cases they are highlighting are chatbots, e-commerce assistance, support automation, business insights, AI-Driven CRMs, Personalized Learning and interactive tools.  02:23 Jonathan – “Inference cost is really the big driver there. So once you once you build something that’s that’s done, but it’s nice to see somebody focusing on delivering it as a service rather than, you know, a $50 an hour compute for training models. This is right where they need to be.” 04:21 OpenAI: Introducing Operator We have thoughts about the name of this service… OpenAI is releasing the preview version of their agent that can use a web browser to perform tasks for you.  The new version is available to OpenAI pro users.  OpenAI says it’s currently a research preview, meaning it has limitations and will evolve based on your feedback.  Operator can handle various browser tasks such as filling out forms, ordering groceries, and even creating memes.  

Don't underestimate the value of packet analysis in your security strategy. And if you’re analyzing packets, the open-source Wireshark software is a go-to tool. On today's episode, we talk with Chris Greer, a Wireshark trainer and consultant specializing in packet analysis. Chris explains the critical role of packet analysis in cybersecurity, particularly in threat hunting... Read more »

Don't underestimate the value of packet analysis in your security strategy. And if you’re analyzing packets, the open-source Wireshark software is a go-to tool. On today's episode, we talk with Chris Greer, a Wireshark trainer and consultant specializing in packet analysis. Chris explains the critical role of packet analysis in cybersecurity, particularly in threat hunting... Read more »

Packet capture and packet analysis is incredibly useful for problem-solving and troubleshooting. Analyzing packets is also a difficult skill to master. With the incredible array of network troubleshooting tools at our disposal, including emerging networking models for artificial intelligence, do we still need to fuss around with Wireshark in 2025? Our guest Chris Greer says... Read more »

Packet capture and packet analysis is incredibly useful for problem-solving and troubleshooting. Analyzing packets is also a difficult skill to master. With the incredible array of network troubleshooting tools at our disposal, including emerging networking models for artificial intelligence, do we still need to fuss around with Wireshark in 2025? Our guest Chris Greer says... Read more »

Packet capture and packet analysis is incredibly useful for problem-solving and troubleshooting. Analyzing packets is also a difficult skill to master. With the incredible array of network troubleshooting tools at our disposal, including emerging networking models for artificial intelligence, do we still need to fuss around with Wireshark in 2025? Our guest Chris Greer says... Read more »

We introduce and explain Wireshark, one of the most powerful tools for network analysis and packet sniffing. Wireshark is widely used by network professionals and cybersecurity experts to capture and analyze network traffic, troubleshoot network issues, and ensure the security of data transmission.

In this Episode, we focus on understanding packets and protocols, key components of network communication, and their crucial role in network analysis with Wireshark. Wireshark is a powerful tool that allows you to capture and inspect network traffic, helping you monitor data flow and troubleshoot issues effectively. To make the most of Wireshark, it's essential to understand what packets are and how they carry data across networks.

  How is agentic AI reshaping cloud security and what does the future hold for this transformative technology? In today's episode of Tech Talks Daily, I sit down with Loris Degioanni, the founder and CTO of Sysdig, to explore how agentic AI is driving innovation in cloud security. As the creator of Sysdig and the CNCF runtime security tool Falco, Loris brings a wealth of expertise to the conversation, having also been a key contributor to the widely-used open-source network analyzer, Wireshark. We discuss how Sysdig has pioneered the first AI-powered cloud security tool using agentic AI. This groundbreaking approach enables AI agents to function as domain-specific experts, working collaboratively to provide rapid threat detection—reducing response times to under 10 minutes in cloud environments where speed is critical. Loris shares insights into the cultural and technological factors fueling the rise of agentic AI and its potential to revolutionize cybersecurity. The conversation also delves into the promises and pitfalls of agentic AI, such as its ability to handle complex tasks in a way that mimics human teams, alongside challenges like latency and cost. Loris highlights how open-source tools like Falco and Sysdig play a crucial role in advancing AI by making domain-specific knowledge publicly accessible, empowering the broader developer community to optimize AI capabilities. Looking ahead, we explore the future of AI in enterprise and cloud security, including predictions about how conversational interfaces and agentic AI architectures will redefine how businesses interact with and manage security tools. Whether you're curious about the evolution of AI in cybersecurity or interested in learning how Sysdig is leveraging this innovation to address today's challenges, this episode offers a fascinating glimpse into the intersection of technology and security. What are your thoughts on the role of agentic AI in shaping the future of cybersecurity? Join the discussion and share your perspective!

Packet analysis can be your friend for troubleshooting network problems. In this episode, hosts Ethan Banks and Holly Metlitzky explore packet analysis, They discuss tools such as Wireshark and Tcpdump, explain their functionalities, and talk about the importance of filtering data for effective analysis. Listeners are encouraged to engage with Wireshark and other tools  themselves.... Read more »

Packet analysis can be your friend for troubleshooting network problems. In this episode, hosts Ethan Banks and Holly Metlitzky explore packet analysis, They discuss tools such as Wireshark and Tcpdump, explain their functionalities, and talk about the importance of filtering data for effective analysis. Listeners are encouraged to engage with Wireshark and other tools  themselves.... Read more »

Guest: Gina D'Addamio, Threat Analyst, Canadian Cyber Threat Exchange [@CCTXCanada]On LinkedIn | https://www.linkedin.com/in/gina-daddamioOn Twitter | https://www.linkedin.com/in/gina-daddamio____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D'Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds.Gina D'Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing.Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case.Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX.The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S.Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry.Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person's overall ability to fit within the team and contribute to the organization's goals.This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D'Addamio's story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Gina D'Addamio, Threat Analyst, Canadian Cyber Threat Exchange [@CCTXCanada]On LinkedIn | https://www.linkedin.com/in/gina-daddamio____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D'Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds.Gina D'Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing.Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case.Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX.The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S.Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry.Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person's overall ability to fit within the team and contribute to the organization's goals.This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D'Addamio's story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

In part 2 of covering the best apps for web developers, Scott and Wes dive into must-have tools that will level up your workflow. From screenshot utilities to development tools and video production apps, this episode is packed with recommendations to boost your productivity and creativity. Show Notes 00:00 Welcome to Syntax! 01:44 Brought to you by Sentry.io. 02:30 Utilities. 02:48 BetterTouchTool. 09:31 Hyperkey. 11:46 Amethyst. 12:51 Klack. 13:47 Bottom (Btm). 14:54 Pearcleaner 16:40 App Cleaner. 17:35 Rocket Emoji. 20:27 Clippy. 23:37 Screenshots and Screen Recordings. 24:05 Dropshare. 25:29 OBS with Source Record. 29:20 Screen Studio. 30:58 Detail.co. 31:22 Cap. 32:08 Kap. 32:46 CleanShot X 34:15 Video and Production. 34:24 DaVinci Resolve. 37:46 Affinity Pro. 39:42 PrincipleForMac. 40:39 Inkscape. 41:34 Development tools. 41:38 DBngin. 43:12 TablePlus. 45:48 MongoDB Compass. 46:14 Proxyman. 47:00 Wireshark. 47:31 Polypane. 48:30 Setapp. 49:44 SVG Grabber. 51:42 Sick Picks & Shameless Plugs. Sick Picks Scott: Untold Sign Stealer. Wes: Magentiles Marble Run. Shameless Plugs Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

This week we dig back into home automation, we talk a bit about choosing cameras for a large camera system, and of course we answer your questions! -- During The Show -- 00:52 Intro Home automation Weekend of learning 03:48 Monitoring Remote Location (Cameras) - Rob Powerline adapters might work Ubiquiti Nano Beam Synology Surveillance Station (https://www.synology.com/en-global/surveillance) Frigate Do not put the NVR on the internet Privacy File server upload Home Assistant events 17:18 Camera Systems for Tribal Lands - William NDAA compliant cameras and NVRs ReoLink NVR banned ReoLink Cameras depends - bad idea NDAA compliant brands 360 Vision Technology (360 VTL) Avigilon Axis Communications BCD International Commend FLIR Geutebrück iryx JCI/Tyco Security Mobotix Pelco Rhombus Systems Seek Thermal Solink Vaion/Ava WatchGuard Main 3 NVR in use Exac Vision Avigilon Milestone NDAA conversation Noah's favorites Axis FLIR #### 25:09 Charlie Finds e-ink android - Charlie Boox Palma (https://shop.boox.com/products/palma) Why a camera? Nice for reading Lineage or Graphene will NOT work 27:57 ESPDevices for Light Switches - Avri Shelly's are ESP32 devices Devices can talk to each other 30:00 Beaming podcasts to Volumio and Roku - Tiny Pulse Audio Write in! 31:40 News Wire 4M Linux 46 - opensourcefeed.org (https://www.opensourcefeed.org/4mlinux-46-release/) Debain Bookwork 12.7 - debian.org (https://www.debian.org/News/2024/20240831) Porteus 1.6 - porteus.org (https://forum.porteus.org/viewtopic.php?t=11426) Rhino Linux 2nd Release - itsfoss.com (https://news.itsfoss.com/rhino-linux-2024-2-release/) GNU Screen 5 - theregister.com (https://www.theregister.com/2024/09/03/gnu_screen_5/) Wireshark 4.4 - wireshark.org (https://www.wireshark.org/docs/relnotes/wireshark-4.4.0) Bugzilla releases - bugzilla.org (https://www.bugzilla.org/blog/2024/09/03/release-of-bugzilla-5.2-5.0.4.1-and-4.4.14/) Armbian 24.8 - armbian.com (https://www.armbian.com/newsflash/armbian-24-8-yelt/) Elasticsearch and Kibana licensing - businesswire.com (https://www.businesswire.com/news/home/20240829537786/en/Elastic-Announces-Open-Source-License-for-Elasticsearch-and-Kibana-Source-Code) Xe2 Linux Support - wccftech.com (https://wccftech.com/intel-push-out-xe2-graphics-enablement-linux-6-12-kernel/) Cicada3301 - thehackernews.com (https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html) New Phi-3.5 AI Models - infoq.com (https://www.infoq.com/news/2024/08/microsoft-phi-3-5/) Open-Source, EU AI Act Compliant LLMs - techzine.eu (https://www.techzine.eu/blogs/privacy-compliance/123863/aleph-alphas-open-source-llms-fully-comply-with-the-ai-act/) View on Why AI Models Should be Open and Free for All - businessinsider.com (https://www.businessinsider.com/anima-anandkumar-ai-climate-change-open-source-caltech-nvidia-2024-8) 33:53 Hoptodesk Comparison to Team Viewer Hoptodesk (https://www.hoptodesk.com/) Free & Open Source Cross platform E2E Encryption Can self host the server Wayland is not officially supported 38:05 EmuDeck ArsTechnica (https://arstechnica.com/gaming/2024/08/emudeck-machines-pack-popular-emulation-suite-in-linux-powered-plug-and-play-pc/) Seeking funding Already been doing this on the steamdeck For retro games Drawing unwanted attention Powered by Bazzite 41:05 Home Automation Zwave Great for nerds/tinkering Not for professional installs RadioRA 2 Licensed dedicated frequency Central planning Never had a failure Designed to be integrated Orbit Panels and Shelly Pro Line Game changer 100% reliable People don't want a wall of dimmers Seeed Studio mmWave Sensor (https://wiki.seeedstudio.com/mmwave_human_detection_kit/) I don't like WiFi for automation Steve's experience -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/406) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Wireshark 4.4.0 rc 1 Custom Columns https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174 Github Repo Artifact Leak Tokens https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ BitLocker Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058 Solarwindws Hotfix https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 Ed Skoudis, Paul Maurer: The Code of Honor https://cybercodeofhonor.com/

Wireshark 4.4.0 rc 1 Custom Columns https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174 Github Repo Artifact Leak Tokens https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ BitLocker Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058 Solarwindws Hotfix https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 Ed Skoudis, Paul Maurer: The Code of Honor https://cybercodeofhonor.com/

Descubra as cinco principais ferramentas de segurança cibernética que todo profissional deve dominar! Este vídeo apresenta um guia prático sobre como utilizar o NMAP, Nessus, WireShark, Metasploit e Burp Suite para fortalecer sua defesa cibernética. Com demonstrações passo a passo, você aprenderá como essas ferramentas podem ajudar a identificar vulnerabilidades, monitorar redes e realizar testes de penetração eficazes. Não perca as dicas valiosas que facilitarão seu trabalho em segurança da informação. Quer aprofundar seus conhecimentos em segurança da informação e melhorar suas chances no mercado de trabalho? Baixe gratuitamente o ebook "Conquiste sua Vaga em Segurança da Informação" e obtenha dicas exclusivas sobre entrevistas, descoberta de empregos na área e estudos necessários para se destacar! Acesse https://blueteam-academy.com.br para fazer o download agora mesmo! Links para download das ferramentas mencionadas no vídeo: https://nmap.org/download.html https://www.tenable.com/products/nessus/nessus-professional https://www.wireshark.org/download.html https://www.metasploit.com/download https://portswigger.net/burp/communitydownload

We're back from Austin, with interviews and stories to share. Plus, it's Gentoo week and we take our first look at Fedora 40.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:

Loris Degioanni, CTO and founder of Sysdig, shares his open source story, from his work on Wireshark to pioneering cloud native security platforms with Sysdig and Falco. Sysdig is a universal system visibility tool with native support for containers, while Falco, now under the CNCF, provides real-time anomaly detection in containers and Kubernetes. We discuss the evolution of network security with the advent of containers and Kubernetes, highlighting the shift from packet-based to system call-based security through eBPF technology. He also underscores the importance of community collaboration in enhancing security measures and is optimistic about the role of open source in shaping the future of security. 00:00 Welcome and Introduction 01:34 The Evolution of Sysdig and Falco 02:37 Connecting the Dots: From Wireshark to Falco 04:37 eBPF Technology 09:18 Falco's Impact and Unexpected Uses 11:24 The Importance of Runtime Security Detection 13:11 Empowering Developers for Better Security 17:41 Excitement in the Open Source AI Ecosystem 21:04 Closing Thoughts and Future of Security   Guest: Loris Degioanni (he/him) is the Chief Technology Officer and founder of Sysdig. He is also the creator of the popular open source troubleshooting tool, sysdig, and the open source container security tool Falco. Prior to founding Sysdig, Loris co-created Wireshark, the open source network analyzer, which today has 20+ million users. Loris holds a PhD in computer engineering from Politecnico di Torino and lives in Davis, California.  

Summary In this episode, Andy and Adam discuss the concept of application allow listing and the controversy surrounding the removal of Wireshark from company computers. They also delve into the announcement by Apple that iMessage is moving to post-quantum level 3 encryption, making it one of the most secure messaging apps available. The hosts highlight the importance of communication and risk assessment in the field of information security. They also emphasize the need for organizations to have backup communication plans during incidents. The episode concludes with a discussion on the future of post-quantum encryption and its potential impact on the industry. Takeaways -Application allow listing allows organizations to control the software installed on company assets for security and productivity purposes. -InfoSec teams have the right to evaluate and remove applications with high vulnerabilities or CVEs, but there should be an exception process for legitimate business needs. -Apple's announcement of iMessage moving to post-quantum level 3 encryption highlights the importance of quantum-resistant encryption in the face of future threats. -iMessage's widespread use in the United States makes its security upgrades significant for communication privacy. -The implementation of post-quantum encryption at scale by Apple sets a precedent for the industry and may lead to broader adoption of quantum-resistant encryption methods. ------------------------------------------- Youtube Video Link: ⁠https://youtu.be/mN9DFPPDgYI⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Documentation: https://twitter.com/crisisofconsc/status/1758129747538702481 https://x.com/FrankMcG/status/1758948906740633946?s=20 https://security.apple.com/blog/imessage-pq3/ https://signal.org/blog/pqxdh/ ---------------------- Contact Us: Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Threads: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.threads.net/@bluesecuritypodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Linkedin: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Youtube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitch: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.twitch.tv/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Andy Jaw Mastodon: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://infosec.exchange/@ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Adam Brewer Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message

In this episode of Phoenix Cast, hosts John and Kyle discuss some recents events in the news - banning Wireshark, the alleged leak of hacking tools, and Kyle finishes by providing some perspective on how Google sunsets projects.  Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: Wireshark website (donate here): https://www.wireshark.org/ SharkFest:  https://sharkfest.wireshark.org/ Hacking tool leak: https://cybernews.com/news/github-leak-exposes-chinese-cyber-ops/ Lockbit:  https://www.bbc.com/news/technology-68344987  https://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/ https://www.reuters.com/technology/lockbit-hackers-swagger-display-after-police-leak-identities-online-2024-02-20/ Single, double, triple, quadruple extortion - https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-double-extortion-and-beyond-revil-clop-and-conti

Dive into the complexities of BACnet IP with Phil Zito in Episode 453 of the Smart Buildings Academy Podcast. This episode provides a thorough examination of BACnet IP, including BBMDS (BACnet Broadcast Management Devices), Bdts (BACnet Distribution Tables), and the use of Wireshark for network analysis. Designed for those with a foundational understanding of IT concepts, this session covers the essentials of BACnet IP communications, the functionality of virtual links, and practical insights into network configurations for building automation systems. Episode Highlights: Introduction to BACnet IP: Phil sets the stage for an in-depth exploration of BACnet IP, emphasizing the episode's technical depth and encouraging live audience interaction for clarity. Understanding BACnet IP: Key concepts such as BACnet IP addressing, the role of UDP (User Datagram Protocol), and the importance of the OSI model in understanding BACnet communications are explained. BBMDS and Bdts Explained: The function of BBMDS and Bdts in extending BACnet communication across different subnets is discussed, alongside the mechanisms that enable these processes. Wireshark Analysis: Phil demonstrates how to use Wireshark for analyzing BACnet IP traffic, providing insights into reading and interpreting the data for troubleshooting and system optimization. Practical Network Configuration: The episode covers network configuration strategies, including the management of broadcast domains and the scalability of network segments, to facilitate efficient BACnet IP integration. Join Phil for this technical deep dive into BACnet IP, offering valuable knowledge for professionals seeking to enhance their understanding of network communications within building automation systems. This episode is an essential listen for anyone involved in the design, implementation, or management of BAS, looking to deepen their expertise in BACnet IP.

Wireshark Updates https://isc.sans.edu/diary/Wireshark%20updates/30528 Android Updates https://source.android.com/docs/security/bulletin/2024-01-01 Ivanti Critical Vulnerability https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices Everything npm package https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/

Wireshark Updates https://isc.sans.edu/diary/Wireshark%20updates/30528 Android Updates https://source.android.com/docs/security/bulletin/2024-01-01 Ivanti Critical Vulnerability https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices Everything npm package https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/

Maya Kaczorowski, Chief Product Officer at Tailscale, joins Corey on Screaming in the Cloud to discuss what sets the Tailscale product approach apart, for users of their free tier all the way to enterprise. Maya shares insight on how she evaluates feature requests, and how Tailscale's unique architecture sets them apart from competitors. Maya and Corey discuss the importance of transparency when building trust in security, as well as Tailscale's approach to new feature roll-outs and change management.About MayaMaya is the Chief Product Officer at Tailscale, providing secure networking for the long tail. She was mostly recently at GitHub in software supply chain security, and previously at Google working on container security, encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises.Maya completed her Master's in mathematics focusing on cryptography and game theory. She is bilingual in English and French.Outside of work, Maya is passionate about ice cream, puzzling, running, and reading nonfiction.Links Referenced: Tailscale: https://tailscale.com/ Tailscale features: VS Code extension: https://marketplace.visualstudio.com/items?itemName=tailscale.vscode-tailscale  Tailscale SSH: https://tailscale.com/kb/1193/tailscale-ssh  Tailnet lock: https://tailscale.com/kb/1226/tailnet-lock  Auto updates: https://tailscale.com/kb/1067/update#auto-updates  ACL tests: https://tailscale.com/kb/1018/acls#tests  Kubernetes operator: https://tailscale.com/kb/1236/kubernetes-operator  Log streaming: https://tailscale.com/kb/1255/log-streaming  Tailscale Security Bulletins: https://tailscale.com/security-bulletins  Blog post “How Our Free Plan Stays Free:” https://tailscale.com/blog/free-plan  Tailscale on AWS Marketplace: https://aws.amazon.com/marketplace/pp/prodview-nd5zazsgvu6e6  TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn, and I am joined today on this promoted guest episode by my friends over at Tailscale. They have long been one of my favorite products just because it has dramatically changed the way that I interact with computers, which really should be enough to terrify anyone. My guest today is Maya Kaczorowski, Chief Product Officer at Tailscale. Maya, thanks for joining me.Maya: Thank you so much for having me.Corey: I have to say originally, I was a little surprised to—“Really? You're the CPO? I really thought I would have remembered that from the last time we hung out in person.” So, congratulations on the promotion.Maya: Thank you so much. Yeah, it's exciting.Corey: Being a product person is probably a great place to start with this because we've had a number of conversations, here and otherwise, around what Tailscale is and why it's awesome. I don't necessarily know that beating the drum of why it's so awesome is going to be covering new ground, but I'm sure we're going to come up for that during the conversation. Instead, I'd like to start by talking to you about just what a product person does in the context of building something that is incredibly central not just to critical path, but also has massive security ramifications as well, when positioning something that you're building for the enterprise. It's a very hard confluence of problems, and there are days I am astonished that enterprises can get things done based purely upon so much of the mitigation of what has to happen. Tell me about that. How do you even function given the tremendous vulnerability of the attack surface you're protecting?Maya: Yeah, I don't know if you—I feel like you're talking about the product, but also the sales cycle of talking [laugh] and working with enterprise customers.Corey: The product, the sales cycle, the marketing aspects of it, and—Maya: All of it.Corey: —it all ties together. It's different facets of frankly, the same problem.Maya: Yeah. I think that ultimately, this is about really understanding who the customer that is buying the product is. And I really mean that, like, buying the product, right? Because, like, look at something like Tailscale. We're typically used by engineers, or infrastructure teams in an organization, but the buyer might be the VP of Engineering, but it might be the CISO, or the CTO, or whatever, and they're going to have a set of requirements that's going to be very different from what the end-user has as a set of requirements, so even if you have something like bottom-up adoption, in our case, like, understanding and making sure we're checking all the boxes that somebody needs to actually bring us to work.Enterprises are incredibly demanding, and to your point, have long checklists of what they need as part of an RFP or that kind of thing. I find that some of the strictest requirements tend to be in security. So like, how—to your point—if we're such a critical part of your network, how are you sure that we're always available, or how are you sure that if we're compromised, you're not compromised, and providing a lot of, like, assurances and controls around making sure that that's not the case.Corey: I think that there's a challenge in that what enterprise means to different people can be wildly divergent. I originally came from the school of obnoxious engineering where oh, as an engineer, whenever I say something is enterprise grade, that's not a compliment. That means it's going to be slow and moribund. But that is a natural consequence of a company's growth after achieving success, where okay, now we have actual obligations to customers and risk mitigation that needs to be addressed. And how do you wind up doing that without completely hobbling yourself when it comes to accelerating feature velocity? It's a very delicate balancing act.Maya: Yeah, for sure. And I think you need to balance, to your point, kind of creating demand for the product—like, it's actually solving the problem that the customer has—versus checking boxes. Like, I think about them as features, or you know, feature requests versus feature blockers or deal blockers or adoption blockers. So, somebody wants to, say, connect to an AWS VPC, but then the person who has to make sure that that's actually rolled out properly also wants audit logs and SSH session recording and RBAC-based controls and lots of other things before they're comfortable deploying that in their environment. And I'm not even talking about the list of, you know, legal, kind of, TOS requirements that they would have for that kind of situation.I think there's a couple of things that you need to do to even signal that you're in that space. One of the things that I was—I was talking to a friend of mine the other day how it feels like five years ago, like, nobody had SOC 2 reports, or very few startups had SOC 2 reports. And it's probably because of the advent of some of these other companies in this space, but like, now you can kind of throw a dart, and you'll hit five startups that have SOC 2 reports, and the amount that you need to show that you're ready to sell to these companies has changed.Corey: I think that there's a definite broadening of the use case. And I've been trying to avoid it, but let's go diving right into it. I used to view Tailscale as, oh it's a VPN. The end. Then it became something more where it effectively became the mesh overlay where all of the various things that I have that speak Tailscale—which is frankly, a disturbing number of things that I'd previously considered to be appliances—all talk to one another over a dedicated network, and as a result, can do really neat things where I don't have to spend hours on end configuring weird firewall rules.It's more secure, it's a lot simpler, and it seems like every time I get that understanding down, you folks do something that causes me to yet again reevaluate where you stand. Most recently, I was doing something horrifying in front-end work, and in VS Code the Tailscale extension popped up. “Oh, it looks like you're running a local development server. Would you like to use Tailscale Funnel to make it available to the internet?” And my response to that is, “Good lord, no, I'm ashamed of it, but thanks for asking.” Every time I think I get it, I have to reevaluate where it stands in the ecosystem. What is Tailscale now? I feel like I should get the official description of what you are.Maya: Well, I sure hope I'm not the official description. I think the closest is a little bit of what you're saying: a mesh overlay network for your infrastructure, or a programmable network that lets you mesh together your users and services and services and services, no matter where they are, including across different infrastructure providers and, to your point, on a long list of devices you might have running. People are running Tailscale on self-driving cars, on robots, on satellites, on elevators, but they're also running Tailscale on Linux running in AWS or a MacBook they have sitting under their desk or whatever it happens to be. The phrase that I like to use for that is, like, infrastructure agnostic. We're just a building block.Your infrastructure can be whatever infrastructure you want. You can have the cheapest GPUs from this cloud, or you can use the Android phone to train the model that you have sitting on your desk. We just help you connect all that stuff together so you can build your own cloud whatever way you want. To your point, that's not really a VPN [laugh]. The word VPN doesn't quite do it justice. For the remote access to prod use case, so like a user, specifically, like, a developer infra team to a production network, that probably looks the most like a zero-trust solution, but we kind of blur a lot of the lines there for what we can do.Corey: Yeah, just looking at it, at the moment, I have a bunch of Raspberries Pi, perhaps, hanging out on my tailnet. I have currently 14 machines on there, I have my NAS downstairs, I have a couple of EC2 instances, a Google Cloud instance, somewhere, I finally shut down my old Oracle Cloud instance, my pfSense box speaks it natively. I have a Thinkst Canary hanging out on there to detect if anything starts going ridiculously weird, my phone, my iPad, and a few other things here and there. And they all just talk seamlessly over the same network. I can identify them via either IP address, if I'm old, or via DNS if I want to introduce problems that will surprise me at one point or another down the road.I mean, I even have an exit node I share with my brother's Tailscale account for reasons that most people would not expect, namely that he is an American who lives abroad. So, many weird services like banks or whatnot, “Oh, you can't log in to check your bank unless you're coming from US IP space.” He clicks a button, boom, now he doesn't get yelled at to check his own accounts. Which is probably not the primary use case you'd slap on your website, but it's one of those solving everyday things in somewhat weird ways.Maya: Oh, yeah. I worked at a bank maybe ten years ago, and they would block—this little bank on the east coast of the US—they would block connections from Hawaii because why would any of your customers ever be in Hawaii? And it was like, people travel and maybe you're—Corey: How can you be in Hawaii? You don't have a passport.Maya: [laugh]. People travel. They still need to do banking. Like, it doesn't change, yeah. The internet, we've built a lot of weird controls that are IP-based, that don't really make any sense, that aren't reflective. And like, that's true for individuals—like you're describing, people who travel and need to bank or whatever they need to do when they travel—and for corporations, right? Like the old concept—this is all back to the zero trust stuff—but like, the old concept that you were trusted just because you had an IP address that was in the corp IP range is just not true anymore, right? Somebody can walk into your office and connect to the Wi-Fi and a legitimate employee can be doing their job from home or from Starbucks, right? Those are acceptable ways to work nowadays.Corey: One other thing that I wanted to talk about is, I know that in previous discussions with you folks—sometimes on the podcast sometimes when I more or less corner someone a Tailscale at your developer conference—one of the things that you folks talk about is Tailscale SSH, which is effectively a drop-in replacement for the SSH binary on systems. Full disclosure, I don't use it, mostly because I'm grumpy and I'm old. I also like having some form of separation of duties where you're the network that ties it all together, but something else winds up acting as that authentication step. That said, if I were that interesting that someone wanted to come after me, there are easier ways to get in, so I'm mostly just doing this because I'm persnickety. Are you seeing significant adoption of Tailscale SSH?Maya: I think there's a couple of features that are missing in Tailscale SSH for it to be as adopted by people like you. The main one that I would say is—so right now if you use Tailscale SSH, it runs a binary on the host, you can use your Tailscale credentials, and your Tailscale private key, effectively, to SSH something else. So, you don't have to manage a separate set of SSH keys or certs or whatever it is you want to do to manage that in your network. Your identity provider identity is tied to Tailscale, and then when you connect to that device, we still need to have an identity on the host itself, like in Unix. Right now, that's not tied to Tailscale. You can adopt an identity of something else that's already on the host, but it's not, like, corey@machine.And I think that's the number one request that we're getting for Tailscale SSH, to be able to actually generate or tie to the individual users on the host for an identity that comes from, like, Google, or GitHub, or Okta, or something like that. I'm not hearing a lot of feedback on the security concerns that you're expressing. I think part of that is that we've done a lot of work around security in general so that you feel like if Tailscale were to be compromised, your network wouldn't need to be compromised. So, Tailscale itself is end-to-end encrypted using WireGuard. We only see your public keys; the private keys remain on the device.So, in some sense the, like, quote-unquote, “Worst” that we could do would be to add a node to your network and then start to generate traffic from that or, like, mess with the configuration of your network. These are questions that have come up. In terms of adding nodes to your network, we have a feature called tailnet lock that effectively lets you sign and verify that all the nodes on your network are supposed to be there. One of the other concerns that I've heard come up is, like, what if the binary was compromised. We develop in open-source so you can see that that's the case, but like, you know, there's certainly more stuff we could be doing there to prevent, for example, like a software supply chain security attack. Yeah.Corey: Yeah, but you also have taken significant architectural steps to ensure that you are not placed in a position of undue trust around a lot of these things. Most recently, you raised a Series B, that was $100 million, and the fact that you have not gone bankrupt in the year since that happened tells me that you are very clearly not routing all customer traffic through you folks, at least on one of the major cloud providers. And in fact, a little bit of playing a-slap-and-tickle with Wireshark affirm this, that the nodes talk to each other; they do not route their traffic through you folks, by design. So one, great for the budget, I have respect for that data transfer pattern, but also it means that you are in the position of being a global observer in a way that can be, in many cases, exploited.Maya: I think that's absolutely correct. So, it was 18 months ago or so that we raised our Series B. When you use Tailscale, your traffic connects peer-to-peer directly between nodes on your network. And that has a couple of nice properties, some of what you just described, which is that we don't see your traffic. I mean, one, because it's end-to-end encrypted, but even if we could capture it, and then—we're not in the way of capturing it, let alone decrypting it.Another nice property it has is just, like, latency, right? If your user is in the UK, and they're trying to access something in Scotland, it's not, you know, hair-pinning, bouncing all the way to the West Coast or something like that. It doesn't have to go through one of our servers to get there. Another nice property that comes with that is availability. So, if our network goes down, if our control plane goes down, you're temporarily not able to add nodes or change your configuration, but everything in your network can still connect to each other, so you're not dependent on us being online in order for your network to work.And this is actually coming up more and more in customer conversations where that's a differentiator for us versus a competitor. Different competitors, also. There's a customer case study on our website about somebody who was POC'ing us with a different option, and literally during the POC, the competitor had an outage, unfortunately for them, and we didn't, and they sort of looked at our model, our deployment model and went, “Huh, this really matters to us.” And not having an outage on our network with this solution seems like a better option.Corey: Yeah, when the network is down, the computers all turn into basically space heaters.Maya: [laugh]. Yeah, as long as they're not down because, I guess, unplugged or something. But yeah, [laugh] I completely agree. Yeah. But I think there's a couple of these kinds of, like, enterprise things that people are—we're starting to do a better job of explaining and meeting customers where they are, but it's also people are realizing actually does matter when you're deploying something at this scale that's such a key part of your network.So, we talked a bit about availability, we talked a bit about things like latency. On the security side, there's a lot that we've done around, like I said, tailnet lock or that type of thing, but it's like some of the basic security features. Like, when I joined Tailscale, probably the first thing I shipped in some sense as a PM was a change log. Here's the change log of everything that we're shipping as part of these releases so that you can have confidence that we're telling you what's going on in your network, when new features are coming out, and you can trust us to be part of your network, to be part of your infrastructure.Corey: I do want to further call out that you have a—how should I frame this—a typically active security notification page.Maya: [laugh].Corey: And I think it is easy to misconstrue that as look at how terrifyingly insecure this is? Having read through it, I would argue that it is not that you are surprisingly insecure, but rather that you are extraordinarily transparent about things that are relatively minor issues. And yes, they should get fixed, but, “Oh, that could be a problem if six other things happen to fall into place just the right way.” These are not security issues of the type, “Yeah, so it turns out that what we thought was encrypting actually wasn't and we're just expensive telnet.” No, there's none of that going on.It's all been relatively esoteric stuff, but you also address it very quickly. And that is odd, as someone who has watched too many enterprise-facing companies respond to third-party vulnerability reports with rather than fixing the problem, more or less trying to get them not to talk about it, or if they do, to talk about it only using approved language. I don't see any signs of that with what you've done there. Was that a challenging internal struggle for you to pull off?Maya: I think internally, it was recognizing that security was such an important part of our value proposition that we had to be transparent. But once we kind of got past that initial hump, we've been extremely transparent, as you say. We think we can build trust through transparency, and that's the most important thing in how we respond to security incidents. But code is going to have bugs. It's going to have security bugs. There's nothing you can do to prevent that from happening.What matters is how you—and like, you should. Like, you should try to catch them early in the development process and, you know, shift left and all that kind of stuff, but some things are always going to happen [laugh] and what matters in that case is how you respond to them. And having another, you know, an app update that just says “Bug fixes” doesn't help you figure out whether or not you should actually update, it doesn't actually help you trust us. And so, being as public and as transparent as possible about what's actually happening, and when we respond to security issues and how we respond to security issues is really, really important to us. We have a policy that talks about when we will publish a bulletin.You can subscribe to our bulletins. We'll proactively email anyone who has a security contact on file, or alternatively, another contact that we have if you haven't provided us a security contact when you're subject to an issue. I think by far and large, like, Tailscale has more security bulletins just because we're transparent about them. It's like, we probably have as many bugs as anybody else does. We're just lucky that people report them to us because they see us react to them so quickly, and then we're able to fix them, right? It's a net positive for everyone involved.Corey: It's one of those hard problems to solve for across the board, just because I've seen companies in the past get more or less brutalized by the tech press when they have been overly transparent. I remember that there was a Reuters article years ago about Slack, for example, because they would pull up their status history and say, “Oh, look at all of these issues here. You folks can't keep your website up.” But no, a lot of it was like, “Oh, file uploads for a small subset of our users is causing a problem,” and so on and so forth. These relatively minor issues that, in aggregate, are very hard to represent when you're using traffic light signaling.So, then you see people effectively going full-on AWS status page where there's a significant outage lasting over a day, last month, and what you see on this is if you go really looking for it is this yellow thing buried in his absolute sea of green lights, even though that was one of the more disruptive things to have happened this year. So, it's a consistent and constant balance, and I really have a lot of empathy no matter where you wind up landing on that?Maya: Yeah, I think that's—you're saying it's sort of about transparency or being able to find the right information. I completely agree. And it's also about building trust, right? If we set expectations as to how we will respond to these things then we consistently respond to them, people believe that we're going to keep doing that. And that is almost more important than, like, committing to doing that, if that makes any sense.I remember having a conversation many years ago with an eng manager I worked with, and we were debating what the SLO for a particular service should be. And he sort of made an interesting point. He's like, “It doesn't really matter what the SLO is. It matters what you actually do because then people are going to start expecting [laugh] what you actually do.” So, being able to point at this and say, “Yes, here's what we say and here's what we actually do in practice,” I think builds so much more trust in how we respond to these kinds of things and how seriously we take security.I think one of the other things that came out of the security work is we realized—and I think you talked to Avery, the CEO of Tailscale on a prior podcast about some of this stuff—but we realized that platforms are broken, and we don't have a great way of pushing automatic updates on a lot of platforms, right? You know, if you're using the macOS store, or the Android Play Store, or iOS or whatever, you can automatically update your client when there is a security issue. On other platforms, you're kind of stuck. And so, as a result of us wanting to make sure that the fleet is as updated as possible, we've actually built an auto-update feature that's available on all of our major clients now, so people can opt in to getting those updates as quickly as needed when there is a security issue. We want to expose people to as little risk as possible.Corey: I am not a Tailscale customer. And that bugs me because until I cross that chasm into transferring $1 every month from my bank account to yours, I'm just a whiny freeloader in many respects, which is not at all how you folks who never made me feel I want to be very clear on that. But I believe in paying for the services that empower me to do my job more effectively, and Tailscale absolutely qualifies.Maya: Yeah, understood, I think that you still provide value to us in ways that aren't your data, but then in ways that help our business. One of them is that people like you tend to bring Tailscale to work. They tend to have a good experience at home connecting to their Synology, helping their brother connect to his bank account, whatever it happens to be, and they go, “Oh.” Something kind of clicks, and then they see a problem at work that looks very similar, and then they bring it to work. That is our primary path of adoption.We are a bottom-up adoption, you know, product-led growth product [laugh]. So, we have a blog post called “How Our Free Plan Stays Free” that covers some of that. I think the second thing that I don't want to undersell that a user like you also does is, you have a problem, you hit an issue, and you write into support, and you find something that nobody else has found yet [laugh].Corey: I am very good at doing that entirely by accident.Maya: [laugh]. But that helps us because that means that we see a problem that needs to get fixed, and we can catch it way sooner than before it's deployed, you know, at scale, at a large bank, and you know, it's a critical, kind of, somebody's getting paged kind of issue, right? We have a couple of bugs like that where we need, you know, we need a couple of repros from a couple different people in a couple different situations before we can really figure out what's going on. And having a wide user base who is happy to talk to us really helps us.Corey: I would say it goes beyond that, too. I have—I see things in the world of Tailscale that started off as features that I requested. One of the more recent ones is, it is annoying to me to see on the Tailscale machines list everything I have joined to the tailnet with that silly little up arrow next to it of, “Oh, time to go back and update Tailscale to the latest,” because that usually comes with decent benefits. Great, I have to go through iteratively, or use Ansible, or something like that. Well, now there's a Tailscale update option where it will keep itself current on supported operating systems.For some unknown reason, you apparently can't self-update the application on iOS or macOS. Can't imagine why. But those things tend to self-update based upon how the OS works due to all the sandboxing challenges. The only challenge I've got now is a few things that are, more or less, embedded devices that are packaged by the maintainer of that embedded system, where I'm beholden to them. Only until I get annoyed enough to start building a CI/CD system to replace their package.Maya: I can't wait till you build that CI/CD system. That'll be fun.Corey: “We wrote this code last night. Straight to the bank with it.” Yeah, that sounds awesome.Maya: [laugh] You'd get a couple of term sheets for that, I'm sure.Corey: There are. I am curious, looping back to the start of our conversation, we talked about enterprise security requirements, but how do you address enterprise change management? I find that that's something an awful lot of companies get dreadfully wrong. Most recently and most noisily on my part is Slack, a service for which I paid thousands of dollars a year, decided to roll out a UI redesign that, more or less, got in the way of a tremendous number of customers and there was no way to stop it or revert it. And that made me a lot less likely to build critical-flow business processes that depended upon Slack behaving a certain way.Just, “Oh, we decided to change everything in the user interface today just for funsies.” If Microsoft pulled that with Excel, by lunchtime they'd have reverted it because an entire universe of business users would have marched on Redmond to burn them out otherwise. That carries significant cost for businesses. Yet I still see Tailscale shipping features just as fast as you ever have. How do you square that circle?Maya: Yeah. I think there's two different kinds of change management really, which is, like—because if you think about it, it's like, an enterprise needs a way to roll out a product or a feature internally and then separately, we need a way to roll out new things to customers, right? And so, I think on the Tailscale side, we have a change log that tells you about everything that's changing, including new features, and including changes to the client. We update that religiously. Like, it's a big deal, if something doesn't make it the day that it's supposed to make it. We get very kind of concerned internally about that.A couple of things that were—that are in that space, right, we just talked about auto-updates to make it really easy for you to maintain what's actually rolled out in your infrastructure, but more importantly, for us to push changes with a new client release. Like, for example, in the case of a security incident, we want to be able to publish a version and get it rolled out to the fleet as quickly as possible. Some of the things that we don't have here, but although I hear requests for is the ability to, like, gradually roll out features to a customer. So like, “Can we change the configuration for 10% of our network and see if anything breaks before rolling back, right before rolling forward.” That's a very traditional kind of infra change management thing, but not something I've ever seen in, sort of, the networking security space to this degree, and something that I'm hearing a lot of customers ask for.In terms of other, like, internal controls that a customer might have, we have a feature called ACL Tests. So, if you're going to change the configuration of who can access what in your network, you can actually write tests. Like, your permission file is written in HuJSON and you can write a set of things like, Corey should be able to access prod. Corey should not be able to access test, or whatever it happens to be—actually, let's flip those around—and when you have a policy change that doesn't pass those tests, you actually get told right away so you're not rolling that out and accidentally breaking a large part of your network. So, we built several things into the product to do it. In terms of how we notify customers, like I said, that the primary method that we have right now is something like a change log, as well as, like, security bulletins for security updates.Corey: Yeah, it's one of the challenges, on some level, of the problem of oh, I'm going to set up a service, and then I'm going to go sail around the world, and when I come back in a year or two—depending on how long I spent stranded on an island somewhere—now I get to figure out what has changed. And to your credit, you have to affirmatively enable all of the features that you have shipped, but you've gone from, “Oh, it's a mesh network where everything can talk to each other,” to, “I can use an exit node from that thing. Oh, now I can seamlessly transfer files from one node to another with tail drop,” to, “Oh, Tailscale Funnel. Now, I can expose my horrifying developer environment to the internet.” I used that one year to give a talk at a conference, just because why not?Maya: [crosstalk 00:27:35].Corey: Everything evolves to become [unintelligible 00:27:37] email on Microsoft Outlook, or tries to be Microsoft Excel? Oh, no, no. I want you to be building Microsoft PowerPoint for me. And we eventually get there, but that is incredibly powerful functionality, but also terrifying when you think you have a handle on what's going on in a large-scale environment, and suddenly, oh, there's a whole new vector we need to think about. Which is why your—the thought and consideration you put into that is so apparent and so, frankly, welcome.Maya: Yeah, you actually kind of made a statement there that I completely missed, which is correct, which is, we don't turn features on by default. They are opt-in features. We will roll out features by default after they've kind of baked for an incredibly long period of time and with, like, a lot of fanfare and warning. So, the example that I'll give is, we have a DNS feature that was probably available for maybe 18 months before we turned it on by default for new tailnets. So didn't even turn it on for existing folks. It's called Magic DNS.We don't want to touch your configuration or your network. We know people will freak out when that happens. Knowing, to your point, that you can leave something for a year and come back, and it's going to be the same is really important. For everyone, but for an enterprise customer as well. Actually, one other thing to mention there. We have a bunch of really old versions of clients that are running in production, and we want them to keep working, so we try to be as backward compatible as possible.I think the… I think we still have clients from 2019 that are running and connecting to corp that nobody's updated. And like, it'd be great if they would update them, but like, who knows what situation they're in and if they can connect to them, and all that kind of stuff, but they still work. And the point is that you can have set it up four years ago, and it should still work, and you should still be able to connect to it, and leave it alone and come back to it in a year from now, and it should still work and [laugh] still connect without anything changing. That's a very hard guarantee to be able to make.Corey: And yet, somehow you've been able to do that, just from the perspective of not—I've never yet seen you folks make a security-oriented decision that I'm looking at and rolling my eyes and amazed that you didn't make the decision the other way. There are a lot of companies that while intending very well have done, frankly, very dumb things. I've been keeping an eye on you folks for a long time, and I would have caught that in public. I just haven't seen anything like that. It's kind of amazing.Last year, I finally took the extraordinary step of disabling SSH access anywhere except the tailnet to a number of my things. It lets my logs fill up a lot less, and you've built to that level of utility-like reliability over the series of longtime experimentation. I have yet to regret having Tailscale in the mix, which is, frankly, not something I can say about almost any product.Maya: Yeah. I'm very proud to hear that. And like, maintaining that trust—back to a lot of the conversation about security and reliability and stuff—is incredibly important to us, and we put a lot of effort into it.Corey: I really appreciate your taking the time to talk to me about how things continue to evolve over there. Anything that's new and exciting that might have gotten missed? Like, what has come out in, I guess, the last six months or so that are relevant to the business and might be useful for people looking to use it themselves?Maya: I was hoping you're going to ask me what came out in the last, you know, 20 minutes while we were talking, and the answer is probably nothing, but you never know. But [laugh]—Corey: With you folks, I wouldn't doubt it. Like, “Oh, yeah, by the way, we had to do a brand treatment redo refresh,” or something on the website? Why not? It now uses telepathy just because.Maya: It could, that'd be pretty cool. No, I mean, lots has gone on in the last six months. I think some of the things that might be more interesting to your listeners, we're now in the AWS Marketplace, so if you want to purchase Tailscale through AWS Marketplace, you can. We have a Kubernetes operator that we've released, which lets you both ingress and egress from a Kubernetes cluster to things that are elsewhere in the world on other infrastructure, and also access the Kubernetes control plane and the API server via Tailscale. I mentioned auto-updates. You mentioned the VS Code extension. That's amazing, the fact that you can kind of connect directly from within VS Code to things on your tailnet. That's a lot of the exciting stuff that we've been doing. And there's boring stuff, you know, like audit log streaming, and that kind of stuff. But it's good.Corey: Yeah, that stuff is super boring until suddenly, it's very, very exciting. And those are not generally good days.Maya: [laugh]. Yeah, agreed. It's important, but boring. But important.Corey: [laugh]. Well, thank you so much for taking the time to talk through all the stuff that you folks are up to. If people want to learn more, where's the best place for them to go to get started?Maya: tailscale.com is the best place to go. You can download Tailscale from there, get access to our documentation, all that kind of stuff.Corey: Yeah, I also just want to highlight that you can buy my attention but never my opinion on things and my opinion on Tailscale remains stratospherically high, so thank you for not making me look like a fool, by like, “Yes. And now we're pivoting to something horrifying is a business model and your data.” Thank you for not doing exactly that.Maya: Yeah, we'll keep doing that. No, no, blockchains in our future.Corey: [laugh]. Maya Kaczorowski, Chief Product Officer at Tailscale. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. This episode has been brought to us by our friends at Tailscale. If you enjoyed this episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry, insulting comment that will never actually make it back to us because someone screwed up a firewall rule somewhere on their legacy connection.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

This episode includes interviews with 5 first time attendees of SharkFest. These were filmed at SharkFest'23 EUROPE that happened Oct 30-Nov 3 in Brussels, Belgium. Visit ⁠⁠https://sharkfest.wireshark.org⁠⁠ and ⁠⁠https://wireshark.org⁠⁠ for more SharkFest and Wireshark. --- Support this podcast: https://podcasters.spotify.com/pod/show/sharkbytes/support

This week Simon Quigley, the release manager for Lubuntu joins Ask Noah to talk about the 24.04 release! We give you some gift ideas for the geek in your life, and of course we answers your questions. -- During The Show -- 00:55 Gratitude Gratitude is good for your health Reduces stress Can be measured in as small as a few weeks Noah's thank full for Friends willing to help For profit companies contributing to open source Developers who donate their time As we get older, gratefulness grows Steve's thankful for Ability to learn from open source code Hardware that "just won't die" 09:00 Geek Gift Recommendations MokerLink Switch (https://www.amazon.com/MokerLink-Managed-Ethernet-Auto-Negotiation-Bandwidth/dp/B0C53H61LN) Seagate 20TB HDD (Amazon) (https://www.amazon.com/Seagate-ST18000NM000J-Internal-Surveillance-Supported/dp/B09MWKXR2T) Seagate 20TB (Newegg) (https://www.newegg.com/seagate-exos-x20-st20000nm007d-20tb/p/N82E16822185011?Item=N82E16822185011) Seagate Iornwolf BackBlaze Drive Review (https://www.backblaze.com/blog/backblaze-drive-stats-for-q3-2023/) Thank You Home Assistant Shelly Devices (https://www.shelly.com/en-us/products/shop#unfiltered) 19:11 Nothing/SunBird App ARS Technica (https://arstechnica.com/gadgets/2023/11/nothings-imessage-app-was-a-security-catastrophe-taken-down-in-24-hours/) Company claimed to have "hacked" iMessage Many blogs and sites cried fowl Got it pulled from app stores Dumpster fire Reuploaded the app under SunBird name Service must be audit-able Plenty of options for E2EE Lowest common denominator Beeper iMessage solution E2EE is probably good for the world 25:13 Lubuntu Release Simon Quigley - Release Manager for Lubuntu Calamares System Installer Light weight & Full install Optional programs Why the Calamares Installer? Customize Menu Welcome Screen? Installer and updates How the installer implements Snaps How did you land on these applications Element (Snap) virt-manager Thunderbird Krita (Snap) What would you tell the next generation? What did your start look like? 42:53 News Wire Oracle Linux 9.3 - Oracle (https://blogs.oracle.com/linux/post/oracle-linux-9-update-3) Rocky Linux 9.3 - 9 to 5 Linux (https://9to5linux.com/rocky-linux-9-3-brings-back-cloud-and-container-images-for-powerpc-64-bit) Endeaver OS Adopts KDE - Debugpoint News (https://debugpointnews.com/endeavouros-galileo/) Wireshark 4.2.0 - Help Net Security (https://www.helpnetsecurity.com/2023/11/17/wireshark-4-2-0-open-source-packet-analysis/) Handbrake 1.7 - GitHub (https://github.com/HandBrake/HandBrake/releases/tag/1.7.0) Calibre 7.0 - Calibre (https://calibre-ebook.com/whats-new) Distrobox - GitHub (https://github.com/89luca89/distrobox/releases/tag/1.6.0) Firefox 120.0 - Mozilla (https://www.mozilla.org/en-US/firefox/120.0/releasenotes/) Olimex Drone Swarm - Hackster.io (https://www.hackster.io/news/olimex-shows-off-an-open-hardware-linux-based-autonomous-drone-swarm-88ed4bfbd390) Collabora NVK - Collabora (https://www.collabora.com/news-and-blog/news-and-events/nvk-reaches-vulkan-conformance.html) TikTok Edge Accelerator - The News Stack (https://thenewstack.io/tiktok-to-open-source-cloud-neutralizing-edge-accelerator/) TETRA Going Open Source - Bank Info Security (https://www.bankinfosecurity.com/european-telecom-body-to-open-source-radio-encryption-system-a-23599) IPStorm Shut Down - PC Mag (https://www.pcmag.com/news/fbi-shuts-down-ipstorm-malware-that-targeted-windows-mac-linux) Open Se Cura - Mark Tech Post (https://www.marktechpost.com/2023/11/17/meet-googles-project-open-se-cura-an-open-source-framework-to-accelerate-the-development-of-secure-scalable-transparent-and-efficient-ai-systems/) Kyutai - Tech Crunch (https://techcrunch.com/2023/11/17/kyutai-is-an-french-ai-research-lab-with-a-330-million-budget-that-will-make-everything-open-source/) 45:00 Nat Reflection - Sebastian All the same thing NAT Reflection Most strait forward Least "hacky" Local DNS Caching issues 2 sources of truth Put the server on a different subnet Netgate NAT Reflection Doc (https://docs.netgate.com/pfsense/en/latest/nat/reflection.html) 52:00 Hikvision Follow Up - William Thank You Glen! IE Tab Extension requires internet connection Sold Hikvision Bought used axis camera on Ebay - Just worked! -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/364) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Simon Quigley.

Alex Lawrence, Field CISO at Sysdig, joins Corey on Screaming in the Cloud to discuss how he went from studying bioluminescence and mycology to working in tech, and his stance on why open source is the future of cloud security. Alex draws an interesting parallel between the creative culture at companies like Pixar and the iterative and collaborative culture of open-source software development, and explains why iteration speed is crucial in cloud security. Corey and Alex also discuss the pros and cons of having so many specialized tools that tackle specific functions in cloud security, and the different postures companies take towards their cloud security practices. About AlexAlex Lawrence is a Field CISO at Sysdig. Alex has an extensive history working in the datacenter as well as with the world of DevOps. Prior to moving into a solutions role, Alex spent a majority of his time working in the world of OSS on identity, authentication, user management and security. Alex's educational background has nothing to do with his day-to-day career; however, if you'd like to have a spirited conversation on bioluminescence or fungus, he'd be happy to oblige.Links Referenced: Sysdig: https://sysdig.com/ sysdig.com/opensource: https://sysdig.com/opensource falco.org: https://falco.org TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted guest episode is brought to us by our friends over at Sysdig, and they have brought to me Alexander Lawrence, who's a principal security architect over at Sysdig. Alexander, thank you for joining me.Alex: Hey, thanks for having me, Corey.Corey: So, we all have fascinating origin stories. Invariably you talk to someone, no one in tech emerged fully-formed from the forehead of some God. Most of us wound up starting off doing this as a hobby, late at night, sitting in the dark, rarely emerging. You, on the other hand, studied mycology, so watching the rest of us sit in the dark and growing mushrooms was basically how you started, is my understanding of your origin story. Accurate, not accurate at all, or something in between?Alex: Yeah, decently accurate. So, I was in school during the wonderful tech bubble burst, right, high school era, and I always told everybody, there's no way I'm going to go into technology. There's tons of people out there looking for a job. Why would I do that? And let's face it, everybody expected me to, so being an angsty teenager, I couldn't have that. So, I went into college looking into whatever I thought was interesting, and it turned out I had a predilection to go towards fungus and plants.Corey: Then you realized some of them glow and that wound up being too bright for you, so all right, we're done with this; time to move into tech?Alex: [laugh]. Strangely enough, my thesis, my capstone, was on the coevolution of bioluminescence across aquatic and terrestrial organisms. And so, did a lot of focused work on specifically bioluminescent fungus and bioluminescing fish, like Photoblepharon palpebratus and things like that.Corey: When I talk to people who are trying to figure out, okay, I don't like what's going on in my career, I want to do something different, and their assumption is, oh, I have to start over at square one. It's no, find the job that's halfway between what you're doing now and what you want to be doing, and make lateral moves rather than starting over five years in or whatnot. But I have to wonder, how on earth did you go from A to B in this context?Alex: Yeah, so I had always done tech. My first job really was in tech at the school districts that I went to in high school. And so, I went into college doing tech. I volunteered at the ELCA and other organizations doing tech, and so it basically funded my college career. And by the time I finished up through grad school, I realized my life was going to be writing papers so that other people could do the research that I was coming up with, and I thought that sounded like a pretty miserable life.And so, it became a hobby, and the thing I had done throughout my entire college career was technology, and so that became my new career and vocation. So, I was kind of doing both, and then ended up landing in tech for the job market.Corey: And you've effectively moved through the industry to the point where you're now in security architecture over at Sysdig, which, when I first saw Sysdig launch many years ago, it was, this is an interesting tool. I can see observability stories, I can see understanding what's going on at a deep level. I liked it as a learning tool, frankly. And it makes sense, with the benefit of hindsight, that oh, yeah, I suppose it does make some sense that there are security implications thereof. But one of the things that you've said that I really want to dig into that I'm honestly in full support of because it'll irritate just the absolute worst kinds of people is—one of the core beliefs that you espouse is that security when it comes to cloud is inherently open-source-based or at least derived. I don't want to misstate your position on this. How do you view it?Alex: Yeah. Yeah, so basically, the stance I have here is that the future of security in cloud is open-source. And the reason I say that is that it's a bunch of open standards that have basically produced a lot of the technologies that we're using in that stack, right, your web servers, your automation tooling, all of your different components are built on open stacks, and people are looking to other open tools to augment those things. And the reality is, is that the security environment that we're in is changing drastically in the cloud as opposed to what it was like in the on-premises world. On-prem was great—it still is great; a lot of folks still use it and thrive on it—but as we look at the way software is built and the way we interface with infrastructure, the cloud has changed that dramatically.Basically, things are a lot faster than they used to be. The model we have to use in order to make sure our security is good has dramatically changed, right, and all that comes down to speed and how quickly things evolve. I tend to take a position that one single brain—one entity, so to speak—can't keep up with that rapid evolution of things. Like, a good example is Log4j, right? When Log4j hit this last year, that was a pretty broad attack that affected a lot of people. You saw open tooling out there, like Falco and others, they had a policy to detect and help triage that within a couple of hours of it hitting the internet. Other proprietary tooling, it took much longer than two hours.Corey: Part of me wonders what the root cause behind that delay is because it's not that the engineers working at these companies are somehow worse than folks in the open communities. In some cases, they're the same people. It feels like it's almost corporate process ossification of, “Okay, we built a thing. Now, we need to make sure it goes through branding and legal and marketing and we need to bring in 16 other teams to make this work.” Whereas in the open-source world, it feels like there's much more of a, “I push the deploy button and it's up. The end.” There is no step two.Alex: [laugh]. Yeah, so there is certainly a certain element of that. And I think it's just the way different paradigms work. There's a fantastic book out there called Creativity, Inc., and it's basically a book about how Pixar manages itself, right? How do they deal with creating movies? How do they deal with doing what they do, well?And really, what it comes down to is fostering a culture of creativity. And that typically revolves around being able to fail fast, take risks, see if it sticks, see if it works. And it's not that corporate entities don't do that. They certainly do, but again, if you think about the way the open-source world works, people are submitting, you know, PRs, pull requests, they're putting out different solutions, different fixes to problems, and the ones that end up solving it the best are often the ones that end up coming to the top, right? And so, it's just—the way you iterate is much more akin to that kind of creativity-based mindset that I think you get out of traditional organizations and corporations.Corey: There's also, I think—I don't know if this is necessarily the exact point, but it feels like it's at least aligned with it—where there was for a long time—by which I mean, pretty much 40 years at this point—a debate between open disclosure and telling people of things that you have found in vendors products versus closed disclosure; you only wind—or whatever the term is where you tell the vendor, give them time to fix it, and it gets out the door. But we've seen again and again and again, where researchers find something, report it, and then it sits there, in some cases for years, but then when it goes public and the company looks bad as a result, they scramble to fix it. I wish it were not this way, but it seems that in some cases, public shaming is the only thing that works to get companies to secure their stuff.Alex: Yeah, and I don't know if it's public shaming, per se, that does it, or it's just priorities, or it's just, you know, however it might go, there's always been this notion of, “Okay, we found a breach. Let's disclose appropriately, you know, between two entities, give time to remediate.” Because there is a potential risk that if you disclose publicly that it can be abused and used in very malicious ways—and we certainly don't want that—but there also is a certain level of onus once the disclosure happens privately that we got to go and take care of those things. And so, it's a balancing act.I don't know what the right solution is. I mean, if I did, I think everybody would benefit from things like that, but we just don't know the proper answer. The workflow is complex, it is difficult, and I think doing our due diligence to make sure that we disclose appropriately is the right path to go down. When we get those disclosures we need to take them seriously is when it comes down to.Corey: What I find interesting is your premise that the future of cloud security is open-source. Like, I could make a strong argument that today, we definitely have an open-source culture around cloud security and need to, but you're talking about that shifting along the fourth dimension. What's the change? What do you see evolving?Alex: Yeah, I think for me, it's about the collaboration. I think there are segments of industries that communicate with each other very, very well, and I think there's others who do a decent job, you know, behind closed doors, and I think there's others, again, that don't communicate at all. So, all of my background predominantly has been in higher-ed, K-12, academia, and I find that a lot of those organizations do an extremely good job of partnering together, working together to move towards, kind of, a greater good, a greater goal. An example of that would be a group out in the Pacific Northwest called NWACC—the NorthWest Academic Computing Consortium. And so, it's every university in the Northwest all come together to have CIO Summits, to have Security Summits, to trade knowledge, to work together, basically, to have a better overall security posture.And they do it pretty much out in the open and collaborating with each other, even though they are also direct competitors, right? They all want the same students. It's a little bit of a different way of thinking, and they've been doing it for years. And I'm finding that to be a trend that's happening more and more outside of just academia. And so, when I say the future is open, if you think about the tooling academia typically uses, it is very open-source-oriented, it is very collaborative.There's no specifications on things like eduPerson to be able to go and define what a user looks like. There's things like, you know, CAS and Shibboleth to do account authorization and things like that. They all collaborate on tooling in that regard. We're seeing more of that in the commercial space as well. And so, when I say the future of security in cloud is open-source, it's models like this that I think are becoming more and more effective, right?It's not just the larger entities talking to each other. It's everybody talking with each other, everybody collaborating with each other, and having an overall better security posture. The reality is, is that the folks we're defending ourselves against, they already are communicating, they already are using that model to work together to take down who they view as their targets: us, right? We need to do the same to be able to keep up. We need to be able to have those conversations openly, work together openly, and be able to set that security posture across that kind of overall space.Corey: There's definitely a concern that if okay, you have all these companies and community collaborating around security aspects in public, that well won't the bad actors be able to see what they're looking at and how they're approaching it and, in some cases, move faster than they can or, in other cases, effectively wind up polluting the conversation by claiming to be good actors when they're not. And there's so many different ways that this can manifest. It feels like fear is always the thing that stops people from going down this path, but there is some instance of validity to that I would imagine.Alex: Yeah, no. And I think that certainly is true, right? People are afraid to let go of, quote-unquote, “The keys to their kingdom,” their security posture, their things like that. And it makes sense, right? There's certain things that you would want to not necessarily talk about openly, like, specifically, you know, what Diffie–Hellman key exchange you're using or something like that, but there are ways to have these conversations about risks and posture and tooling and, you know, ways you approach it that help everybody else out, right?If someone finds a particularly novel way to do a detection with some sort of piece of tooling, they probably should be sharing that, right? Let's not keep it to ourselves. Traditionally, just because you know the tool doesn't necessarily mean that you're going to have a way in. Certainly, you know, it can give you a path or a vector to go after, but if we can at least have open standards about how we implement and how we can go about some of these different concepts, we can all gain from that, so to speak.Corey: Part of me wonders if the existing things that the large companies are collaborating on lead to a culture that specifically pushes back against this. A classic example from my misspent youth is that an awful lot of the anti-abuse departments at these large companies are in constant communication. Because if you work at Microsoft, or Google or Amazon, your adversary, as you see it, in the Trust and Safety Group is not those other companies. It's bad actors attempting to commit fraud. So, when you start seeing particular bad actors emerging from certain parts of the network, sharing that makes everything better because there's an understanding there that it's not, “Oh, Microsoft has bad security this week,” or, “Google will wind up approving fraudulent accounts that start spamming everyone.”Because the takeaway by theby the customers is not that this one company is bad; it's oh, the cloud isn't safe. We shouldn't use cloud. And that leads to worse outcomes for basically everyone. But they're als—one of the most carefully guarded secrets at all these companies is how they do fraud prevention and spam detection because if adversaries find that out, working around them becomes a heck of a lot easier. I don't know, for example, how AWS determines whether a massive account overage in a free-tier account is considered to be a bad actor or someone who made a legitimate mistake. I can guess, but the actual signal that they use is something that they would never in a million years tell me. They probably won't even tell each other specifics of that.Alex: Certainly, and I'm not advocating that they let all of the details out, per se, but I think it would be good to be able to have more of an open posture in terms of, like, you know what tooling do they use? How do they accomplish that feat? Like, are they looking at a particular metric? How do they basically handle that posture going forward? Like, what can I do to replicate a similar concept?I don't need to know all the details, but would be nice if they embrace, you know, open tooling, like say a Trivy or a Falco or whatever the thing is, right, they're using to do this process and then contribute back to that project to make it better for everybody. When you kind of keep that stuff closed-source, that's when you start running into that issue where, you know, they have that, quote-unquote, “Advantage,” that other folks aren't getting. Maybe there's something we can do better in the community, and if we can all be better, it's better for everybody.Corey: There's a constant customer pain in the fact that every cloud provider, for example, has its own security perspective—the way that identity is managed, the way that security boundaries exist, the way that telemetry from these things winds up getting represented—where a number of companies that are looking at doing things that have to work across cloud for a variety of reasons—some good, some not so good—have decided that, okay, we're just going to basically treat all these providers as, more or less, dumb pipes and dumb infrastructure. Great, we're just going to run Kubernetes on all these things, and then once it's inside of our cluster, then we'll build our own security overlay around all of these things. They shouldn't have to do that. There should be a unified set of approaches to these things. At least, I wish there were.Alex: Yeah, and I think that's where you see a lot of the open standards evolving. A lot of the different CNCF projects out there are basically built on that concept. Like, okay, we've got Kubernetes. We've got a particular pipeline, we've got a particular type of implementation of a security measure or whatever it might be. And so, there's a lot of projects built around how do we standardize those things and make them work cross-functionally, regardless of where they're running.It's actually one of the things I quite like about Kubernetes: it makes it be a little more abstract for the developers or the infrastructure folks. At one point in time, you had your on-premises stuff and you built your stuff towards how your on-prem looked. Then you went to the cloud and started building yourself to look like what that cloud look like. And then another cloud showed up and you had to go use that one. Got to go refactor your application to now work in that cloud.Kubernetes has basically become, like, this gigantic API ball to interface with the clouds, and you don't have to build an application four different ways anymore. You can build it one way and it can work on-prem, it can work in Google, Azure, IBM, Oracle, you know, whoever, Amazon, whatever it needs to be. And then that also enables us to have a standard set of tools. So, we can use things like, you know, Rego or we can use things like Falco or we can use things that allow us to build tooling to secure those things the same way everywhere we go. And the benefit of most of those tools is that they're also configured, you know, via some level of codification, and so we can have a repository that contains our posture: apply that posture to that cluster, apply it to the other cluster in the other environment. It allows us to automate these things, go quicker, build the posture at the very beginning, along with that application.Corey: One of the problems I feel as a customer is that so many of these companies have a model for interacting with security issues that's frankly obnoxious. I am exhausted by the amount of chest-thumping, you'll see on keynote stages, all of the theme, “We're the best at security.” And whenever a vulnerability researcher reports something of a wide variety of different levels of severity, it always feels like the first concern from the company is not fix the issue, but rather, control the messaging around it.Whenever there's an issue, it's very clear that they will lean on people to rephrase things, not use certain words. It's, I don't know if the words used to describe this cross-tenant vulnerability are the biggest problem you should be focusing on right now. Yes, I understand that you can walk and chew gum at the same time as a big company, but it almost feels like the researchers are first screaming into a void, and then they're finally getting attention, but from all the people they don't want to get the attention from. It feels like this is not a welcoming environment for folks to report these things in good faith.Alex: [sigh]. Yeah, it's not. And I don't know what the solution is to that particular problem. I have opinions about why that exists. I won't go into those here, but it's cumbersome. It's difficult. I don't envy a lot of those research organizations.They're fantastic people coming up with great findings, they find really interesting stuff that comes out, but when you have to report and do that due diligence, that portion is not that fun. And then doing, you know, the fallout component, right: okay, now we have this thing we have to report, we have to go do something to fix it, you're right. I mean, people do often get really spun up on the verbiage or the implications and not just go fix the problem. And so again, if you have ways to mitigate that are more standards-based, that aren't specific to a particular cloud, like, you can use an open-source tool to mitigate, that can be quite the advantage.Corey: One of the challenges that I see across a wide swath of tooling and approaches to it have been that when I was trying to get some stuff to analyze CloudTrail logs in my own environment, I was really facing a bimodal distribution of options. On one end of the spectrum, it's a bunch of crappy stuff—or good stuff; hard to say—but it's all coming off of GitHub, open-source, build it yourself, et cetera. Good luck. And that's okay, awesome, but there's business value here and I'm thrilled to pay experts to make this problem go away.The other end of the spectrum is commercial security tooling, and it is almost impossible in my experience to find anything that costs less than $1,000 a month to start providing insight from a security perspective. Now, I understand the market forces that drive this. Truly I do, and I'm sympathetic to them. It is just as easy to sell $50,000 worth of software as it is five to an awful lot of companies, so yeah, go where the money is. But it also means that the small end of the market as hobbyists, as startups are just getting started, there is a price barrier to engaging in the quote-unquote, “Proper way,” to do security.So, the posture suffers. We'll bolt security on later when it becomes important is the philosophy, and we've all seen how well that plays out in the fullness of time. How do you square that circle? I think the answer has to be open-source improving to the point where it's not just random scripts, but renowned projects.Alex: Correct, yeah, and I'd agree with that. And so, we're kind of in this interesting phase. So, if you think about, like, raw Linux applications, right, Linux, always is the tenant that you build an application to do one thing, does that one thing really, really, really well. And then you ended up with this thing called, like, you know, the Cacti monitoring stack. And so, you ended up having, like, 600 tools you strung together to get this one monitoring function done.We're kind of in a similar spot in a lot of ways right now, in the open-source security world where, like, if you want to do scanning, you can do, like, Clair or you can do Trivy or you have a couple different choices, right? If you want to do posture, you've got things like Qbench that are out there. If you want to go do runtime security stuff, you've got something like Falco. So, you've got all these tools to string together, right, to give you all of these different components. And if you want, you can build it yourself, and you can run it yourself and it can be very fun and effective.But at some point in your life, you probably don't want to be care-and-feeding your child that you built, right? It's 18 years later now, and you want to go back to having your life, and so you end up buying a tool, right? That's why Gartner made this whole CNAP category, right? It's this humongous category of products that are putting all of these different components together into one gigantic package. And the whole goal there is just to make lives a little bit easier because running all the tools yourself, it's fun, I love it, I did it myself for a long time, but eventually, you know, you want to try to work on some other stuff, too.Corey: At one point, I wound up running the numbers of all of the first-party security offerings that AWS offered, and for most use cases of significant scale, the cost for those security services was more than the cost of the theoretical breach that they'd be guarding against. And I think that there's a very dangerous incentive that arises when you start turning security observability into your own platform as a profit center. Because it's, well, we could make a lot of money if we don't actually fix the root issue and just sell tools to address and mitigate some of it—not that I think that's the intentional direction that these companies are taking these things and I don't want to ascribe malice to them, but you can feel that start to be the trend that some decisions get pushed in.Alex: Yeah, I mean, everything comes down to data, right? It has to be stored somewhere, processed somewhere, analyzed somewhere. That always has a cost with it. And so, that's always this notion of the shared security model, right? We have to have someone have ownership over that data, and most of the time, that's the end-user, right? It's their data, it's their responsibility.And so, these offerings become things that they have that you can tie into to work within the ecosystem, work within their infrastructure to get that value out of your data, right? You know, where is the security model going? Where do I have issues? Where do I have misconfigurations? But again, someone has to pay for that processing time. And so, that ends up having a pretty extreme cost to it.And so, it ends up being a hard problem to solve. And it gets even harder if you're multi-cloud, right? You can't necessarily use the tooling of AWS inside of Azure or inside of Google. And other products are trying to do that, right? They're trying to be able to let you integrate their security center with other clouds as well.And it's kind of created this really interesting dichotomy where you almost have frenemies, right, where you've got, you know, a big Azure customer who's also a big AWS customer. Well, they want to go use Defender on all of their infrastructure, and Microsoft is trying to do their best to allow you to do that. Conversely, not all clouds operate in that same capacity. And you're correct, they all come at extremely different costs, they have different price models, they have different ways of going about it. And it becomes really difficult to figure out what is the best path forward.Generally, my stance is anything is better than nothing, right? So, if your only choice is using Defender to do all your stuff and it cost you an arm or leg, unfortunate, but great; at least you got something. If the path is, you know, go use this random open-source thing, great. Go do that. Early on, when I'd been at—was at Sysdig about five years ago, my big message was, you know, I don't care what you do. At least scan your containers. If you're doing nothing else in life, use Clair; scan the darn things. Don't do nothing.That's not really a problem these days, thankfully, but now we're more to a world where it's like, well, okay, you've got your containers, you've got your applications running in production. You've scanned them, that's great, but you're doing nothing at runtime. You're doing nothing in your posture world, right? Do something about it. So, maybe that is buy the enterprise tool from the cloud you're working in, buy it from some other vendor, use the open-source tool, do something.Thankfully, we live in a world where there are plenty of open tools out there we can adopt and leverage. You used the example of CloudTrail earlier. I don't know if you saw it, but there was a really, really cool talk at SharkFest last year from Gerald Combs where they leveraged Wireshark to be able to read CloudTrail logs. Which I thought was awesome.Corey: That feels more than a little bit ridiculous, just because it's—I mean I guess you could extract the JSON object across the wire then reassemble it. But, yeah, I need to think on that one.Alex: Yeah. So, it's actually really cool. They took the plugins from Falco that exist and they rewired Wireshark to leverage those plugins to read the JSON data from the CloudTrail and then wired it into the Wireshark interface to be able to do a visual inspect of CloudTrail logs. So, just like you could do, like, a follow this IP with a PCAP, you could do the same concept inside of your cloud log. So, if you look up Logray, you'll find it on the internet out there. You'll see demos of Gerald showing it off. It was a pretty darn cool way to use a visualization, let's be honest, most security professionals already know how to use in a more modern infrastructure.Corey: One last topic that I want to go into with you before we call this an episode is something that's been bugging me more and more over the years—and it annoyed me a lot when I had to deal with this stuff as a SOC 2 control owner and it's gotten exponentially worse every time I've had to deal with it ever since—and that is the seeming view of compliance and security as being one and the same, to the point where in one of my accounts that I secured rather well, I thought, I installed security hub and finally jumped through all those hoops and paid the taxes and the rest and then waited 24 hours to gather some data, then 24 hours to gather more. Awesome. Applied the AWS-approved a foundational security benchmark to it and it started shrieking its bloody head off about all of the things that were insecure and not configured properly. One of them, okay, great, it complained that the ‘Block all S3 Public Access' setting was not turned on for the account. So, I turned that on. Great.Now, it's still complaining that I have not gone through and also enabled the ‘Block Public Access Setting' on each and every S3 bucket within it. That is not improving your security posture in any meaningful way. That is box-checking so that someone in a compliance role can check that off and move on to the next thing on the clipboard. Now, originally, they started off being good-intentioned, but the result is I'm besieged by these things that don't actually matter and that means I'm not going to have time to focus on the things that actually do. Please tell me I'm wrong on some of this.Alex: [laugh].Corey: I really need to hear that.Alex: I can't. Unfortunately, I agree with you that a lot of that seems erroneous. But let's be honest, auditors have a job for a reason.Corey: Oh, I'm not besmirching the role of the auditor. Far from it. The problem I run into is that it's the Human Nessus report that dumps out, “Here's the 700 things to go fix in your environment,” as opposed to, “Here's the five things you can do right now that will meaningfully improve your security posture.”Alex: Yeah. And so, I think that's a place we see a lot of vendors moving, and I think that is the right path forward. Because we are in a world where we generate reports that are miles and miles long, we throw them over a wall to somebody, and that person says, “Are you crazy?” Like, “You want me to go do what with my time?” Like, “No. I can't. No. This is way too much.”And so, if we can narrow these things down to what matters the most today, and then what can we get rid of tomorrow, that makes life better for everybody. There are certainly ways to accomplish that across a lot of different dimensions, be that vulnerability management, or configuration management stuff, runtime stuff, and that is certainly the way we should approach it. Unfortunately, not all frameworks allow us to look at it that way.Corey: I mean, even AWS's thing here is yelling at me for a number of services not having encryption-at-rest turned on, like CloudTrail logs, or SNS topics. It's okay, let's be very clear what that is defending against: someone stealing drives out of a data center and taking them off to view the data. Is that something that I need to worry about in a public cloud provider context? Not unless I'm the CIA or something pretty close to that. I mean, if you can get my data out of an AWS data center and survive, congratulations, I kind of feel like you've earned it at this point. But that obscures things I need to be doing that I'm not.Alex: Back in the day, I had a customer who used to have—they had storage arrays and their storage arrays' logins were the default login that they came with the array. They never changed it. You just logged in with admin and no password. And I was like, “You know, you should probably fix that.” And he sent a message back saying, “Yeah, you know, maybe I should, but my feeling is that if it got that far into my infrastructure where they can get to that interface, I'm already screwed, so it doesn't really matter to me if I set that admin password or not.”Corey: Yeah, there is a defense-in-depth argument to be made. I am not disputing that, but the Cisco world is melting down right now because of a bunch of very severe vulnerabilities that have been disclosed. But everything to exploit these things always requires, well you need access to the management interface. Back when I was a network administrator at Chapman University in 2006, even then, I knew, “Well, we certainly don't want to put the management interfaces on the same VLAN that's passing traffic.”So, is it good that there's an unpatched vulnerability there? No, but Shodan, the security vulnerability search engine shows over 80,000 instances that are affected on the public internet. It would never have occurred to me to put the management interface of important network gear on the public internet. That just is… I don't understand that.Alex: Yeah.Corey: So, on some level, I think the lesson here is that there's always someone who has something else to focus on at a given moment, and… where it's a spectrum: no one is fully secure, but ideally, you don't want to be the lowest of low-hanging fruit.Alex: Right, right. I mean, if you were fully secure, you'd just turn it off, but unfortunately, we can't do that. We have to have it be accessible because that's our jobs. And so, if we're having it be accessible, we got to do the best we can. And I think that is a good point, right? Not being the worst should be your goal, at the very, very least.Doing bare minimums, looking at those checks, deciding if they're relevant for you or not, just because it says the configuration is required, you know, is it required in your use case? Is it required for your requirements? Like, you know, are you a FedRAMP customer? Okay, yeah, it's probably a requirement because, you know, it's FedRAMP. They're going to tell you got to do it. But is it your dev environment? Is it your demo stuff? You know, where does it exist, right? There's certain areas where it makes sense to deal with it and certain areas where it makes sense to take care of it.Corey: I really want to thank you for taking the time to talk me through your thoughts on all this. If people want to learn more, where's the best place for them to find you?Alex: Yeah, so they can either go to sysdig.com/opensource. A bunch of open-source resources there. They can go to falco.org, read about the stuff on that site, as well. Lots of different ways to kind of go and get yourself educated on stuff in this space.Corey: And we will, of course, put links to that into the show notes. Thank you so much for being so generous with your time. I appreciate it.Alex: Yeah, thanks for having me. I appreciate it.Corey: Alexander Lawrence, principal security architect at Sysdig. I'm Cloud Economist Corey Quinn, and this episode has been brought to us by our friends, also at Sysdig. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an insulting comment that I will then read later when I pick it off the wire using Wireshark.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Join us in this episode for a panel discussion on the future of packet capture from SharkFest'23 EUROPE that happened Oct 30-Nov 3 in Brussels, Belgium. Moderated by Wireshark core developer Roland Knall, the panel features Betty Dubois, Stephen Donnelly (CTO of Endace), Chris Bloom (Omnipeek and LiveWire Expert @ LiveAction), Laurent Schirck (CTO of Profitap), Nathanael Weill (Director of Data Science @ AUDELA), and Ross Bagurdes (Data Network Engineer and Technical Author). Visit ⁠https://sharkfest.wireshark.org⁠ and ⁠https://wireshark.org⁠ for more SharkFest and Wireshark. --- Support this podcast: https://podcasters.spotify.com/pod/show/sharkbytes/support

Take a Network Break! This week we discuss Intel walking away from the NUC PC, Microsoft rebranding Azure AD and launching an SSE offering, and Microsoft Exchange Online getting hacked. We also cover the EU's conditional approval of Broadcom's VMware acquisition, why Wireshark needs your help, and more IT news.

Take a Network Break! This week we discuss Intel walking away from the NUC PC, Microsoft rebranding Azure AD and launching an SSE offering, and Microsoft Exchange Online getting hacked. We also cover the EU's conditional approval of Broadcom's VMware acquisition, why Wireshark needs your help, and more IT news. The post Network Break 438: Intel Abandons NUC; EU Blesses Broadcom/VMware Union; Microsoft Joins SSE Race appeared first on Packet Pushers.

Take a Network Break! This week we discuss Intel walking away from the NUC PC, Microsoft rebranding Azure AD and launching an SSE offering, and Microsoft Exchange Online getting hacked. We also cover the EU's conditional approval of Broadcom's VMware acquisition, why Wireshark needs your help, and more IT news.

Take a Network Break! This week we discuss Intel walking away from the NUC PC, Microsoft rebranding Azure AD and launching an SSE offering, and Microsoft Exchange Online getting hacked. We also cover the EU's conditional approval of Broadcom's VMware acquisition, why Wireshark needs your help, and more IT news. The post Network Break 438: Intel Abandons NUC; EU Blesses Broadcom/VMware Union; Microsoft Joins SSE Race appeared first on Packet Pushers.

Take a Network Break! This week we discuss Intel walking away from the NUC PC, Microsoft rebranding Azure AD and launching an SSE offering, and Microsoft Exchange Online getting hacked. We also cover the EU's conditional approval of Broadcom's VMware acquisition, why Wireshark needs your help, and more IT news.

Take a Network Break! This week we discuss Intel walking away from the NUC PC, Microsoft rebranding Azure AD and launching an SSE offering, and Microsoft Exchange Online getting hacked. We also cover the EU's conditional approval of Broadcom's VMware acquisition, why Wireshark needs your help, and more IT news. The post Network Break 438: Intel Abandons NUC; EU Blesses Broadcom/VMware Union; Microsoft Joins SSE Race appeared first on Packet Pushers.