Podcasts about zero day exploits

  • 41PODCASTS
  • 44EPISODES
  • 37mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • May 15, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about zero day exploits

Latest podcast episodes about zero day exploits

Percepticon.de
48 WTF sind chinesische Cyber-Operationen und Chinas Cyberstrategie?

Percepticon.de

Play Episode Listen Later May 15, 2025 43:12


IIn dieser Podcastfolge beleuchte ich die vielschichtige Welt chinesischer Cyberangriffe und erkläre, wie Chinas Cyberstrategie gezielt Wirtschaft, Politik und Militär im In- und Ausland beeinflusst. Du erfährst, wie Wirtschaftsspionage und technologische Wissensübertragung zentrale Ziele sind – gestützt durch nationale Programme wie „Made in China 2025“ und ambitionierte Fünfjahrespläne. Wir sprechen über die Rolle der Volksbefreiungsarmee (PLA) und neu geschaffener Cyber-Einheiten, die mit modernsten Methoden kritische Infrastrukturen angreifen. Anhand realer Beispiele wie den Operationen APT1, Volt Typhoon und Salt Typhoon zeige ich, wie chinesische Hackergruppen mit ausgefeilten Techniken westliche Unternehmen und Regierungen infiltrieren. Außerdem analysiere ich aktuelle Trends: Von gezielten, schwer erkennbaren Angriffen über den Einsatz von Zero-Day-Exploits bis hin zu Outsourcing an private Dienstleister. Du erfährst, wie China mit strengen Gesetzen und zentralisierter Kontrolle seine Cyberfähigkeiten stetig ausbaut – und warum gerade Deutschland dringend handeln muss, um sich vor chinesischen Cyberangriffen zu schützen. Shownotes Jon Lindsay et. Al., China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain, https://www.jonrlindsay.com/china-and-cybersecurity APT1 Exposing One of China's Cyber Espionage Units, https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf The 14th Five-Year Plan of the People's Republic of China—Fostering High-Quality Development, https://www.adb.org/publications/14th-five-year-plan-high-quality-development-prc China's Massive Belt and Road Initiative, https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative “Here to stay” – Chinese state-affiliated hacking for strategic goals, https://merics.org/en/report/here-stay-chinese-state-affiliated-hacking-strategic-goals China's New Data Security Law Will Provide It Early Notice Of Exploitable Zero Days, https://breakingdefense.com/2021/09/chinas-new-data-security-law-will-provide-it-early-notice-of-exploitable-zero-days/#:~:text=WASHINGTON%3A%20China's%20new%20Data%20Security,technologies%20used%20by%20the%20Defense China's Expanding Cyber Playbook, https://dgap.org/en/research/publications/chinas-expanding-cyber-playbook U.S. Hunts Chinese Malware That Could Disrupt American Military Operations, https://www.nytimes.com/2023/07/29/us/politics/china-malware-us-military-bases-taiwan.html China is turning to private firms for offensive cyber operations, https://www.defenseone.com/threats/2024/06/china-turning-private-firms-offensive-cyber-operations/397767/ China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon' Cyberattack, https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 Top U.S. Cybersecurity Official: China Attacks on American Infrastructure ‘Tip of the Iceberg', https://www.thecipherbrief.com/top-u-s-cybersecurity-official-china-attacks-on-american-infrastructure-tip-of-the-iceberg Jen Easterly on Linkedin: https://www.linkedin.com/posts/jen-easterly_follow-up-chinas-cyber-program-presents-activity-7292191131293892612-uhFW China has debuted its new landing barges – what does this mean for Taiwan? https://www.theguardian.com/world/2025/mar/20/china-landing-barges-shuqiao-ships-what-does-this-mean-for-taiwan BSI Hafnium Warnung, https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-197772-1132.pdf?__blob=publicationFile&v=8 Timecodes 1:00 1) Übersicht über Chinas offensiver Cyber-Strategie 02:00 Wirtschaftsspionage  04:03 APT 1 07:20 Snowden Leaks 08:03 Militärische Cyberwarfarestrategie: Meisterschaft des ersten Schlages 10:58 Überwachung 12:11 2) Chinas Cybersicherheitsarchitektur 13:30 Volksbefreiungsarmee, PLA 17:11 Cyber Milizen & Civil & Military Fusion 18:10 Ministerium für Staatssicherheit 19:08 iSoon

Cyber Security with Bob G
3 Red Flags to Watch Out for in Zero-Day Exploits

Cyber Security with Bob G

Play Episode Listen Later May 5, 2025 7:40


Video - https://youtu.be/mSmieK2QyasThey strike before anyone sees them coming—undetectable, unstoppable, and often invisible until it's too late. These are the most dangerous cyber threats you've probably never heard of. Discover what to look for, how to defend yourself, and why ignoring these red flags could be a digital disaster waiting to happen.I used ChatGPT-4o, ScreenPal, and Pictory.ai to put this information together.If you're interested in trying Pictory.ai please use the following link. https://pictory.ai?ref=t015o

Today in Health IT
2 Minute Drill: VMware Zero-Day Exploits, Black Basta, and Concerningly Realistic Voice AI with Drex DeFord

Today in Health IT

Play Episode Listen Later Mar 7, 2025 3:35 Transcription Available


Broadcom reports three actively exploited zero-day vulnerabilities affecting VMware ESXi, Workstation, and Fusion products that require immediate patching. Leaked chat logs from the Black Basta ransomware group reveal internal conflicts, operational tactics, and efforts to circumvent cybersecurity tools. Lastly, A demonstration of Sesame's new voice AI technology shows concerningly realistic capabilities that could potentially lead users to inadvertently share private information.Remember, Stay a Little Paranoid Subscribe: This Week Health Twitter: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

En Liten Podd Om It
ELPOIT #489 - Han utvecklar Java

En Liten Podd Om It

Play Episode Listen Later Jan 30, 2025 84:56


Om Shownotes ser konstiga ut (exempelvis om alla länkar saknas. Det ska finnas MASSOR med länkar) så finns de på webben här också: https://www.enlitenpoddomit.se    Avsnitt 489 spelades in den 28 januari och därför så handlar dagens avsnitt om: INTRO: - Alla har haft en vecka... Björn har gjort rent ett avlopp och spillt "lite" vatten. David har varit på en säkerhetskonferens för utvecklare i Norge, och haft tur med resor. Johan har också varit i Norge, har inte haft lika mycket tur med sin resa, I Norge har han vartit domare i ett hackaton, och behöver kalibrera om sin 3D skrivare, och lagt in manualer i en LLM    - BONUSLÖNK: konferensen som David varit på https://ndc-security.com/    - BONUSLÖNK: TV-serien Prime Target - https://tv.apple.com/se/show/prime-target/umc.cmc.5hje8i3v25dzow2olljxetnus    - BONUSLÖNK: Grejjen som Johan var på: https://www.arcticclouddeveloperchallenge.net/  FEEDBACK AND BACKLOG: - Uppdatering på Customer VPN   https://9to5google.com/2025/01/28/google-play-verified-vpn-badge/  - Present till David. Men i övrigt inget att prata om   https://appleinsider.com/articles/25/01/27/severance-title-sequence-has-more-drama-and-plot-clues-than-most-shows  ALLMÄNT NYTT - Amatörastronom hittar en "ny asteroid"   https://science.slashdot.org/story/25/01/25/2026244/report-of-newly-discovered-asteroid-turns-out-to-be-a-tesla-roadster    https://eu.usatoday.com/story/news/nation/2025/01/24/tesla-roadster-asteroid-space-orbit/77928327007/    https://minorplanetcenter.net/mpec/K25/K25A49.html  - Appropå förvirrande standarder   https://9to5google.com/2025/01/28/qi2-smartphone-cases-certified-database/  - Har ni testat DeepSeek?   https://www.pbs.org/newshour/science/what-is-deepseek-heres-a-quick-guide-to-the-chinese-ai-company    https://9to5google.com/2025/01/28/qi2-smartphone-cases-certified-database/    https://www.reuters.com/technology/tech-stock-selloff-deepens-deepseek-triggers-ai-rethink-2025-01-28/    https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/    https://stratechery.com/2025/deepseek-faq/  - Amazon får en konkurrent   https://news.slashdot.org/story/25/01/28/1345201/bookshop-takes-on-amazon-with-e-book-platform-for-independent-stores    - BONUSLÖNK: https://bookshop.org/  - Detaljer är viktigt.   https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/   MICROSOFT - Nya Windows 11 24H2-funktioner   https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-preview-brings-new-taskbar-features/  - Vet du vad en "Scareware blocker" är?    https://www.thurrott.com/cloud/web-browsers/microsoft-edge/316412/microsoft-previews-edge-scareware-blocker  APPLE - Uppdateringar för att täppa till Zero-Day Exploits som används aktivt.   (iOS och iPadOS 18.3, macOS 15.3, WatchOS 11.3, tvOS 18.3, Safari 18.3)   https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html  - Gifter (PFAS) i Apples klockarmband   https://www.pennlive.com/life/2025/01/apples-new-lawsuit-has-people-worried-wow-thats-very-bad.html  - Vikbara saker är fan sjukt coolt!   https://appleinsider.com/articles/20/12/03/articulated-hinge-structures-for-foldable-iphone-detailed-in-new-research  GOOGLE: - Samsung har haf sitt unpacked event   Släpper stuff   https://www.zdnet.com/article/samsung-unpacked-2025-recap-5-biggest-product-announcements-that-you-mightve-missed/    https://www.androidauthority.com/samsung-project-moohan-hands-on-demo-3520699/  - Kamerafunktion i Galaxy S25 som du inte kan använda    https://www.androidauthority.com/samsung-cool-new-camera-mode-ocean-mode-3520334/  - Pixel och Galaxy telefoner får ID koll   https://swedroid.se/pixel-och-galaxy-far-ny-identitetskontroll-for-att-oka-sakerheten/  TIPS: - Zoomit i PowerToys    https://learn.microsoft.com/en-us/windows/powertoys/  PRYLLISTA - Björn: Ett Exoskelet!!! https://humaninmotion.com/  - David: Ray Kurzweil, "Singularity is Nearer", https://www.adlibris.com/se/e-bok/singularity-is-nearer-9781529937503  - Johan: En portable skärm https://www.elgiganten.se/product/datorer-kontor/skarmar-tillbehor/datorskarm/asus-zenscreen-mb16acv-156-portabel-bildskarm-svart/387714 EGNA LÄNKAR - En Liten Podd Om IT på webben,      http://enlitenpoddomit.se/ - En Liten Podd Om IT på Facebook,      https://www.facebook.com/EnLitenPoddOmIt/  - En Liten Podd Om IT på Youtube,      https://www.youtube.com/enlitenpoddomit  - Ge oss gärna en recension    - https://podcasts.apple.com/se/podcast/en-liten-podd-om-it/id946204577?mt=2#see-all/reviews      - https://www.podchaser.com/podcasts/en-liten-podd-om-it-158069  LÄNKAR TILL VART MAN HITTAR PODDEN FÖR ATT LYSSNA: - Apple Podcaster (iTunes), https://itunes.apple.com/se/podcast/en-liten-podd-om-it/id946204577  - Overcast, https://overcast.fm/itunes946204577/en-liten-podd-om-it  - Acast, https://www.acast.com/enlitenpoddomit  - Spotify, https://open.spotify.com/show/2e8wX1O4FbD6M2ocJdXBW7?si=HFFErR8YRlKrELsUD--Ujg%20  - Stitcher, https://www.stitcher.com/podcast/the-nerd-herd/en-liten-podd-om-it  - YouTube, https://www.youtube.com/enlitenpoddomit  LÄNK TILL DISCORD DÄR MAN HITTAR LIVE STREAM + CHATT - http://discord.enlitenpoddomit.se  (Och glöm inte att maila bjorn@enlitenpoddomit.se  om du vill ha klistermärken, skicka med en postadress bara. :) 

Paul's Security Weekly
Terms & Acronyms - SWN Vault

Paul's Security Weekly

Play Episode Listen Later Nov 26, 2024 34:40


Check out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White. Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain. Show Notes: https://securityweekly.com/vault-swn-21

Paul's Security Weekly TV
Terms & Acronyms - SWN Vault

Paul's Security Weekly TV

Play Episode Listen Later Nov 26, 2024 34:40


Check out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White. Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain. Show Notes: https://securityweekly.com/vault-swn-21

Hack Naked News (Audio)
Terms & Acronyms - SWN Vault

Hack Naked News (Audio)

Play Episode Listen Later Nov 26, 2024 34:40


Check out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White. Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain. Show Notes: https://securityweekly.com/vault-swn-21

Hack Naked News (Video)
Terms & Acronyms - SWN Vault

Hack Naked News (Video)

Play Episode Listen Later Nov 26, 2024 34:40


Check out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White. Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain. Show Notes: https://securityweekly.com/vault-swn-21

Cyber Security with Bob G
Zero-Day Exploits

Cyber Security with Bob G

Play Episode Listen Later Jun 16, 2024 8:17


Video - https://youtu.be/XnjRKzMhvZo By understanding these threats and implementing robust security measures, individuals and organizations can better protect themselves against these invisible adversaries. I used Copilot/GPT-4o and Pictory.ai to put this masterpiece together. If you're interested in trying Pictory.ai please use the following link. https://pictory.ai?ref=t015o --- Support this podcast: https://podcasters.spotify.com/pod/show/norbert-gostischa/support

video pictory zero day exploits
The Cyber Riddler
Zero-Day Exploits

The Cyber Riddler

Play Episode Listen Later Jun 4, 2024 11:33


In this episode of The Cyber Riddler podcast, we venture into the shadowy world of zero-day exploits, one of the most well known threats in the cybersecurity world . Zero-day exploits represent vulnerabilities that can be targeted before they are even known to exist, making them a significant concern for both organizations and individuals. We explore the lifecycle of a zero-day exploit, from discovery and weaponization to delivery and exploitation. Through notable case studies, we illustrate the profound impact these exploits can have. Additionally, we discuss the challenges faced by incident responders in dealing with unknown threats and the strategies that can be employed to defend against them. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

zero day exploits
Cyber Briefing
March 01, 2024 - Cyber Briefing

Cyber Briefing

Play Episode Listen Later Mar 1, 2024 10:13


Business of Tech
Tue Nov-7-2023: Remote Work Reigns Supreme, Rise in Zero-Day Exploits, Improving Focus and Productivity

Business of Tech

Play Episode Listen Later Nov 7, 2023 12:01


In this episode of "The Business of Tech," Dave Sobel discusses the latest trends and news in the tech industry. He starts by highlighting the growing popularity of remote work, with workers prioritizing flexibility over pay amidst the cost-of-living crisis. He then delves into the rise in zero-day exploits and the heightened cyber threats faced by federal networks. Dave also mentions the FCC's contemplation of a major broadband speed upgrade and the adoption of VPN security badges by Bitwarden. The episode concludes with a sponsorship message from Gazinta Mobius, a company that offers accounting automation solutions. The episode highlights a new survey revealing that workers are willing to take a pay cut in exchange for the ability to work remotely, with remote work being highly valued by workers. The data also suggests that workers feel more productive when working from home.Four things to know today00:00 Remote Work Reigns Supreme: Workers Prioritize Flexibility Over Pay Amid Cost-of-Living Crisis03:20 Rise in Zero-Day Exploits: Federal Networks Face Heightened Cyber Threats05:44 FCC Contemplates Major Broadband Speed Upgrade: Aiming for 100 Mbps Download and 20 Mbps Upload08:16 VPN Security Badges and Bitwarden embraces passkeySupporters: https://gozynta.com/paymentshttps://rfcode.com/mspradio/ CODE MSPRADIO for 30% off at checkoutLooking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Support the show on Patreon: https://patreon.com/mspradio/Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.comFollow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftech

Einundzwanzig - Der Bitcoin Podcast

Graphene OS Special - Blockzeit 802654 - von und mit Quillie, Dennis, Ben & Tobo Übersicht an Privacy Mobile Apps von TrustBTC Graphene OS vs CalyxOS Vergleich Graphene OS Features Graphene OS Usage Guide Google Pixel End of Life Daten Obtanium App Store My Phone is Anonymus Now Video Google Pixel Hardware Security Features Android Verified Boot Buch über Zero Day Exploits (bis auf politischen Teil gut) Outro: Privacy Blues von AlpineHodl Sponsoren und Freunde BitBox02 Bitcoin-only Edition - 5% Rabatt für die Einundzwanzig Community mit Code “einundzwanzig” — 10% für 10 BitBoxes mit Code “einundzwanzig10”. Einundzwanzig Merch bei Copiaro. Stack Deine Sats mit ⁠⁠Pocket Bitcoin⁠⁠. Bei ShopinBit kannst du über 800.000 Produkte mit Bitcoin kaufen. Weitere Links Besuche unsere Website und diskutiere mit, in unserer Telegram-Community. Verfolge die neusten Schlagzeilen im Newsfeed. Die Community-Tutorials auf YouTube. Lass uns einen Shoutout da.

Hacker And The Fed
Chinese Malware, a Year in Review of Zero-day Exploits, a Ransomware Study, and Listener Questions

Hacker And The Fed

Play Episode Listen Later Aug 10, 2023 78:53


This week on Hacker And The Fed the US hunts Chinese malware that could disrupt American Military operations, a year in review of zero-day exploits, a study finds no evidence that ransomware victims with cyber insurance pay up more often, there's fighting words between Tenable CEO and Microsoft, and we answer listener questions from a listener in Greece, Holland, and a new minted NSA hacker. Links from the episode: U.S. Hunts Chinese Malware That Could Disrupt American Military Operations https://dnyuz.com/2023/07/29/u-s-hunts-chinese-malware-that-could-disrupt-american-military-operations/   The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html   No evidence ransomware victims with cyber insurance pay up more often https://therecord.media/ransomware-cyber-insurance-payments-uk-report   Tenable CEO accuses Microsoft of negligence in addressing security flaw https://cyberscoop.com/tenable-microsoft-negligence-security-flaw/ https://twitter.com/MalwareJake/status/1686869818912202755 https://www.wired.com/2002/01/bill-gates-trustworthy-computing/   SMS Traffic Pumping Fraud https://support.twilio.com/hc/en-us/articles/8360406023067-SMS-Traffic-Pumping-Fraud   New acoustic attack steals data from keystrokes with 95% accuracy https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/   Get your Hacker and the Fed merchandise at hackerandthefed.com

You Own the Experience Podcast
Cybersecurity Must Dos for your Company with David Rubin

You Own the Experience Podcast

Play Episode Listen Later Jun 27, 2023 23:54


In this week's episode, LJ and Rob sit down with David Rubin of CubeX Group to review his cybersecurity must-dos.  The overall theme is cybersecurity is complex, and we need to be as prepared as possible to be ready when things happen because they do.  We cover tips to handle:  1. Zero Day Exploits 2. Email Phishing  3. Attachments  4. Encryption 5. RAAS - ransomware as a service  Honorable mention: Man in the Middle Attacks  Again cybersecurity is hard; educate your team, be prepared, and use tools to help.  Thanks to our sponsors Kyloe Partners & Leap Consulting Solutions.  Please rate, review, share the episode, and follow us wherever you tune in.  You can also subscribe to our newsletter at yoepodcast.beehiiv.com

It's 5:05! Daily cybersecurity and open source briefing
Episode #166 - Fake Proof of Concept for Zero Day Exploits, The Third SQL Vulnerability Related to Moveit Clop Ransomware Campaign Disclosed, Barracuda hack is the Chinese

It's 5:05! Daily cybersecurity and open source briefing

Play Episode Listen Later Jun 19, 2023 6:43


It's 5:05 on Monday, June 19th, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Olimpiu Pop in Transylvania, Romania, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri. Let's get to it. Fake Proof of Concept for Zero Day Exploits used to Deliver Malware

hITCast
Zero Day Exploits | 5 Minuten IT

hITCast

Play Episode Listen Later Apr 5, 2023 4:51


Was sind Zero Day Exploits? Welche Auswirkungen hat ein Zero Day Angriff auf mein Unternehmen? Wie kann man sich vor eine Zero Day Exploit schützen? All diese Fragen beantworten wir in dieser Folge. ---------- Alle 14 Tage neues IT-Wissen erlangen und das in nur 5 Minuten - Das ist das Prinzip von "5 Minuten IT". Immer im Wechsel mit unseren regulären hITCast Folgen gibt es 5 Minuten IT Wissen für Entscheider. Für zusätzliche Informationen einfach jetzt einen Termin buchen und mit einem Experten sprechen: www.hagel-it.de/termin

The Cyber Ranch Podcast
Fighting the Increase in Cyber Attacks with Leon Ravenna

The Cyber Ranch Podcast

Play Episode Listen Later Sep 7, 2022 39:23


Leon Ravenna, CISO & CIO at KAR Global, former VP of Security & Compliance at Interactive Intelligence joins Allan this week to talk about the increases in cybersecurity threats and risks - increases in breadth and depth of various attacks and increases in our own problems in dealing with those attacks. It has implications for all of us, as we have not necessarily seen an increase in the right defensive capabilities to maintain parity. COVID and work-from-home have not helped either... Questions covered this show: 1. You mentioned firewall attacks, social engineering, HR/interview/job fraud.  Of course there is ransomware.  What else is on the rise? 2. How much has COVID and work-from-home impacted the landscape? 3. What are the vendors doing wrong about this landscape? 4. What are they doing right? 5. So what are the real solutions to these problems? Let's break it down, starting with ransomware, my personal favorite.    -Firewall attacks    -HR/Interview/Job Fraud    -Phishing    -Insider Threat (another one possibly impacted by work-from-home and COVID)    -Credential Stuffing    -Zero Day Exploits    -1,000 Day Exploits 6. If everything is on the rise, and if spending in cybersecurity is steadily on the rise (it is a rapidly growing industry), then why aren't we solving the problems? 7. If you could change any one thing in cybersecurity, what would that thing be? ------------- Links: Keep up with Leon Ravenna on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast

covid-19 fighting cyberattacks phishing firewalls ravenna insider threats zero day exploits hacker valley studio interactive intelligence
IT-säkerhetspodden
#176 - Zero day exploits i gråzonen

IT-säkerhetspodden

Play Episode Listen Later Aug 28, 2022 21:48


Sårbarheter som upptäcks före tillverkaren kallas för zero-day exploits. Goda medborgare rapporterar sårbarheten till företaget i fråga medan elakartade typer nyttjar det i en attack. Men det finns faktiskt en gråzon också.   Och det är just denna typ av gråzon som Mattias Jadesköld och Erik Zalitis tar sig en närmare titt på. Det blir helt enkelt en resa kring Zero-day exploits och några säkerhetsföretag som har tjänat pengar på dessa på ett högst tveksamt vis.   Vilka är dessa som samlar på 0days? Hur hittas dem? Vilka är de som avslöjar dessa? Det och en hel del annat i IT-säkerhetspodden som är tillbaka efter ett långt sommarlov.

men vilka goda zonen zero day exploits
The Irish Tech News Podcast
Zero Day Exploits with Maddie Stone, Security Researcher on Google Project Zero

The Irish Tech News Podcast

Play Episode Listen Later Jul 8, 2022 26:10


The Forum of Incident Response and Security Teams (FIRST) took place for the time in Ireland. FIRST's 34th Annual Conference, entitled ‘Neart Le Chéile: Strength Together' took place in the Convention Centre, Dublin, from June 26 to July 1, 2022. One of the speakers was Maddie Stone a security researcher on Google Project Zero. Ronan talks to Maddie about what Google Project Zero does and more. Maddie talks about what Google Project Zero does, their most interesting find, where they decide were they will go next, members of the team having their own expertise, flaws in products, only fixing bugs that are exploitable, and what they consider are security bugs. Maddie also talks about why the OS you use is not important to attackers, the dark web, and her FIRST talk, and the serious vulnerabilities they found so far this year. More about Maddie: Maddie Stone is a Security Researcher on Google Project Zero where she focuses on 0-day exploits used in-the-wild. Previously, she was a reverse engineer and team lead on the Android Security team, focusing predominantly on pre-installed and off-Google Play malware. Maddie also spent many years deep in the circuitry and firmware of embedded devices. Maddie has previously spoken at conferences including Black Hat USA, REcon, OffensiveCon, and others. She holds a Bachelors of Science, with a double major in Computer Science and Russian, and a Masters of Science in Computer Science from Johns Hopkins University.

Geez Louise
Derek and Aaron talking about zero day exploits.

Geez Louise

Play Episode Listen Later Feb 19, 2022 40:19


We dive semi deep into 0-day exploits and some of the ways people are spying and hacking our information and exactly what information is being hacked. Listen if you want to know more --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/aaron-stuart407/support

zero day exploits
PEBCAK Podcast: Information Security News by Some All Around Good People
Episode 33 - Credit Bureaus Need to Go, Zero Day Exploits for VPN in High Demand, Microsoft Stops World's Largest DDoS Attack, Deep Fake Voice Causes $35 Million Loss, Costa Rica Recap

PEBCAK Podcast: Information Security News by Some All Around Good People

Play Episode Listen Later Nov 8, 2021


Welcome to this week's episode of the PEBCAK Podcast! We've got three amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”

apolut: Tagesdosis
Julian Assange im persönlichen Visier von Mike Pompeo | Von Bernhard Loyen

apolut: Tagesdosis

Play Episode Listen Later Sep 30, 2021 14:42


"Entführung, Ermordung und eine Schießerei in London: Einblicke in die geheimen Kriegspläne der CIA gegen WikiLeaks."Ein Kommentar von Bernhard Loyen.Am 26. September 2021 veröffentlichte Edward Snowden zwei Tweets, deren inhaltliche Bedeutungen langsam an Fahrt aufnehmen.In einem ersten Tweet schrieb er: Unterbrechen Sie Ihre Arbeit und lesen Sie dies. Die CIA entwickelte Pläne, um einen preisgekrönten Journalisten, dessen Arbeit ihnen nicht gefiel, zu töten oder zu entführen - bevor sie ihn eines Verbrechens anklagten. Das Verfahren gegen Julian Assange muss eingestellt und verurteilt werden (1).Zwanzig Minuten später präzisierte er in einem weiteren Tweet wie folgt: Wenn Sie Journalist sind, ob in den USA oder anderswo, müssen Sie verstehen, dass die ganze Welt sich auf ein Paradigma zubewegt, in dem die Kriminalisierung des Journalismus zur Routine wird, wenn Sie bei dieser Geschichte die Augen verschließen. Sie müssen in dieser Sache Ihre Stimme erheben. Lesen Sie die Quelle (2).Die Quelle lautet yahoo!news. Nicht wirklich als Informationsplattform auf dem Radar von politisch interessierten Bürgern vorzufinden. Es irritiert daher etwas, dass keiner der Artikel in den letzten drei Tagen im deutschsprachigen Raum, die sich auf den Beitrag von yahoo!news beriefen, darauf verwies, dass ohne den Hinweis von Snowden diese investigative Recherche wohl kaum breitere Aufmerksamkeit ausserhalb der USA erfahren hätte.Die Recherche der drei Journalisten Zach Dorfman, Sean D. Naylor and Michael Isikoff, die laut yahoo!news auf der Grundlage von Gesprächen mit mehr als 30 ehemaligen US-Beamten basieren, von denen acht Einzelheiten zu den Vorschlägen der CIA zur Entführung von Assange beschrieben, liest sich wie das berühmte, etwas zu sehr ambitionierte Hollywood-Drehbuch.Hauptdarsteller - Mike Pompeo. Pompeo war von 2018 bis 2021 Außenminister der Vereinigten Staaten unter Präsident Donald Trump. Zuvor war er von 2017 bis 2018 Direktor der Central Intelligence Agency, CIA. Im April diesen Jahres gab der Sender Fox News bekannt, dass Mike Pompeo zukünftig als contributor, also Mitwirkender begrüßt werden könnte. Die CEO des Senders, Suzanne Scott, ließ mitteilen: "Mike Pompeo ist eine der anerkanntesten und respektiertesten Stimmen Amerikas zu Fragen der Außenpolitik und der nationalen Sicherheit. Ich freue mich auf seine Beiträge auf unseren verschiedenen Plattformen, um seine besondere Perspektive mit unseren Millionen von Zuschauern zu teilen" (3).Diese Dame schwärmt von einer Person, der folgendes Zitat aus dem April 2019 zugeordnet werden darf: „Ich war CIA-Direktor. Wir haben gelogen, wir haben betrogen, wir haben gestohlen. Wir hatten ganze Ausbildungskurse darin. Wir hatten dazu ganze Trainingskurse. Das erinnert an die Glorie des amerikanischen Experiments“ (4). Dabei hat er geschmunzelt.Die Enthüllungen von yahoo!news haben es in sich. Der Artikel auf der Nachrichten-Website ist überschrieben mit: Entführung, Ermordung und eine Schießerei in London: Einblicke in die geheimen Kriegspläne der CIA gegen WikiLeaks (5). Demnach plante die CIA im Jahre 2017 die Entführung des WikiLeaks-Gründers. Den Beamten der Trump-Regierung war dies jedoch eindeutig zu heikel und so diskutierte man zumindest über die Rechtmäßigkeit und Praktikabilität einer solchen Operation.Warum ließ der frischgekürte CIA- Chef Pompeo diese Szenarien entwickeln? Wikileaks, also Julian Assange in der Außenwahrnehmung, veröffentlichte im März 2017 die sogenannten Vault 7 - Dokumente, Zitat: Diese umfängliche und detaillierte Sammlung an Dokumenten zeigt das Cyber-Waffenarsenal und die Hacking-Operationen der CIA gegen Smartphones und andere Computer, vor allem mit dem Betriebssystem Windows, bis hin zu Fahrzeugen. Die konkreten Ziele der digitalen CIA-Waffen in Nord- und Südamerika und Europa sowie die Namen der Staatshacker waren zwar überwiegend geschwärzt. Aber einige teure Zero-Day-Exploits, die von der CIA oder von Partnergeheimdiensten gekauft oder entwickelt worden waren, überließ WikiLeaks im Rahmen von „Vault 7“ der interessierten Öffentlichkeit (6).Ein Affront der Superlative gegen diese mächtige Institution. Die Behörde bezeichnete die Veröffentlichung damals als: “den größten Datenverlust in der Geschichte der CIA“.Wie empfindlich sie Pompeo trafen, zeigt das folgende Zitat aus dem yahoo!news Artikel: Pompeo, der offenbar den Zorn des Präsidenten fürchtete, zögerte zunächst, den Präsidenten über Vault 7 zu informieren, so ein ehemaliger hoher Beamter der Trump-Administration. "Sagen Sie es ihm nicht, er muss es nicht wissen", sagte Pompeo zu einem Informanten, bevor er darauf hingewiesen wurde, dass die Informationen zu kritisch seien und der Präsident informiert werden müsse, so der ehemalige Beamte.Die Pompeo-Pläne gingen damals sogar noch weiter. Zitat der Recherche: "Einige hochrangige Beamte innerhalb der CIA und der Trump-Administration diskutierten sogar über die Ermordung von Assange und gingen so weit, "Skizzen" oder "Optionen" für seine Ermordung anzufordern. Diskussionen über die Entführung oder Tötung von Assange fanden "auf höchster Ebene" der Trump-Administration statt, sagte ein ehemaliger hochrangiger Beamter der Spionageabwehr. "Es schien keine Grenzen zu geben.“Pompeo und andere Spitzenbeamte der Behörde "waren völlig von der Realität abgekoppelt, weil sie sich so sehr für Vault 7 schämten", sagte ein ehemaliger nationaler Sicherheitsbeamter von Trump" (5).Wörtlich: “They were seeing blood.“, bedeutet, CIA-Kräfte sahen nicht nur rot, sie waren anscheinend wirklich Willens Assange körperlich Schaden zuzufügen, bis hin zur blutigen Ermordung.Die CIA lehnte eine Stellungnahme laut yahoo!news ab. Pompeo schwieg zu den Bitten des Nachrichten-Portals um einen Kommentar. Am 27. September gab er jedoch ein Live-Interview, in dem er zu den Vorwürfen befragt wurde... hier weiterlesen: https://apolut.net/julian-assange-im-persoenliche-visier-von-mike-pompeo-von-bernhard-loyenUnterstütze apolut:IBAN: DE40 8506 0000 1010 7380 26BIC: GENODEF1PR2Verwendungszweck: apolutKontoinhaber: apolut GmbHVolksbank Pirna eG_Patreon: https://www.patreon.com/apolutflattr: https://flattr.com/@apolutTipeee: https://de.tipeee.com/apolutInstagram: https://www.instagram.com/apolut_netFacebook: https://www.facebook.com/apolutTwitter: https://twitter.com/apolut_netOdysee: https://odysee.com/@apolut:a Our GDPR privacy policy was updated on August 8, 2022. Visit acast.com/privacy for more information.

The Insecurity Brief
Tech Giants Respond to Zero-Day Exploits Emergency Update for Google And Apple

The Insecurity Brief

Play Episode Listen Later Sep 16, 2021 19:37


Trip and Honey discuss tech like no one else Join our community!! Subscribe to the Insecurity Brief podcast now on every platform we can findFollow us on Twitter @HoneyBeez0x @trip_elixlinksIsraeli malware companyNSO GROUPhttps://en.wikipedia.org/wiki/NSO_GroupOur Website:https://www.tripelix.com/insecurity/tech-giants-respond-to-zero-day-exploits-emergency-update-for-google-and-apple/Youtube : https://youtu.be/KSuBbSQBTsIItunes: https://podcasts.apple.com/us/podcast/tech-giants-respond-to-zero-day-exploits-emergency/id1583788677?i=1000535504275Spoify:https://open.spotify.com/episode/0f6fDRLZpvXiFvss83ngRUSoundcloud:https://soundcloud.com/user-841713900/insecurity-bried-ep4-tech-giants-respond-to-zero-day-exploits-emergency-updateTrip's books https://www.tripelix.com/merchHoney's books https://beedefense.net#windows #hack #zeroday #apple #google #malware #update #ddost Private Israeli spyware used to hack cellphones of journalists, activists worldwide NSO Group's Pegasus spyware, licensed to governments around the globe, can infect phones without a click https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/ Update now! Chrome fix patches in-the-wild zero-day The Microsoft Browser Vulnerability Research team has found and reported a vulnerability in the audio component of Google Chrome. Google has fixed this high-severity vulnerabilityhttps://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/update-now-chrome-fix-patches-in-the-wild-zero-day/ About the security content of iOS 14.8 and iPadOS 14.8 For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.https://support.apple.com/en-us/HT212807 New Mēris botnet breaks DDoS record with 21.8 million RPS attack A new distributed denial-of-service (DDoS) botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second.https://www.bleepingcomputer.com/news/security/new-m-ris-botnet-breaks-ddos-record-with-218-million-rps-attack/ Microsoft fixes bug letting hackers take over Azure containers Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malici

Better Life
Zero Day Exploits

Better Life

Play Episode Listen Later Jul 23, 2021 19:21


In this episode, I will be discussing Zero Day Exploits, how they work and how you can protect yourself --- Send in a voice message: https://anchor.fm/techsmartdaily/message

zero day exploits
The Future is not Set
Zero Day Exploits

The Future is not Set

Play Episode Listen Later Jun 17, 2021 51:37


Welcome to the first podcast co-hosted by Dave Keeshan and Jonathan Byrne. Starting from the topic of Zero Day exploits Dave and Jon discuss how some of the decisions made by the likes of the NSA make in a backroom affect the day to day life of you an me. Will you ever look a trust the same way again? Meanwhile Jonathan begins to learn the art of podcasting.

starting nsa zero day zero day exploits
Inside Outside Innovation
Ep. 254 - Alistair Croll and Emily Ross, Co-authors of Just Evil Enough on Getting Noticed & Subversive Go-to Market Strategies

Inside Outside Innovation

Play Episode Listen Later Jun 8, 2021 36:50


On this week's episode of Inside Outside Innovation, we sit down with Alistair Croll and Emily Ross, co-authors of the upcoming book Just Evil Enough. We talk about the changing role of marketing and how companies can subvert systems, undermine industry norms, and get platforms to behave in unexpected ways that tilt the scales to generate attention and demand. Let's get started.Inside Outside Innovation is the podcast to help you rethink, reset, and remix yourself and your organization. Each week, we'll bring you the latest innovators, entrepreneurs, and pioneering businesses, as well as the tools, tactics, and trends you'll need to thrive as a new innovator.Interview Transcript with Alistair Croll and Emily Ross, Co-authors of Just Evil EnoughBrian Ardinger: Welcome to another episode of Inside Outside Innovation. I'm your host, Brian Ardinger, and as always, we have some amazing guests. Today we have Alistair Croll and Emily Ross authors of the new book, Just Evil Enough, which is a book about getting noticed in this noisy environment and subversive go-to market strategies. Welcome to the show guys. Alistair Croll: Thanks for having us. Emily Ross: Thanks a million. Brian Ardinger: Well, I'm super excited to have you on this call to give our audience a little bit of a sneak preview of the upcoming book. But first let me give a little bit of background. So, Emily Ross, you are a founder of a tech marketing consultancy company called Ink Vine based in Ireland. So we appreciate you coming across the pond to give us some insights on what's going on. And Alistair and I go back a long time back in the days of Lean Startup. And he's the coauthor of Lean Analytics. We brought him back to Nebraska about six or seven years ago, I guess it was, when I was working with Nmotion to help with our startup teams in that. So thank you for both being on the show. The title of the book, Just Evil Enough. How'd  you come up with that  and what's it all about? Alistair Croll: So I'll tell you a quick story. We ran an accelerator in Montreal called Year One Labs. And one of the companies in Year One Labs was a company called Local Mind. And Local Mind was a platform for asking people questions, asking strangers questions about an area.It was later acquired by Airbnb and Lenny Rachitsky,  the CEO ran supply-side growth there. And he's now the author of one of the most prominent newsletters for startup growth marketing, Lenny's Newsletter. And in the early days they were doing what every startup does, which is building lots of stuff. But because we were very Lean Startup focused, we have them ask what the biggest risk was.And it turns out the biggest risk was that whether people would answer questions from strangers. So they ran a very quick study, which we talk about in Lean Analytics. And they found that 94% of people on Twitter would answer a question from a stranger. But this happened because I had been asking Lenny, are you being evil enough?And they were like, we're not evil. And I said, yeah, but just a little evil, because it turns out that people answer questions, but people on the platform won't ask questions. The real risk is the supply of questions. And so they actually built a system that would ask fake questions of new users. So they get in the habit of asking questions. Now you can debate the means versus the end, but what we have found ever since that time is that almost every startup that's successful has some little dirty secret in their background, where they were able to take advantage of an emerging technology or subvert the way a platform is supposed to work and turn it to their advantage.And so the basic idea behind Just Evil Enough is that almost all the time, the problem isn't whether or not you can build something it's whether anyone will care. So your job should be creating attention you can turn into profitable demand. Emily Ross: I think the subversive word is really, really important because we want to clearly differentiate between nefarious, which is downright evil and subversive, which allows you to think a little bit differently.And it's very hard for people who've been conditioned to think a certain way, to try and think differently.  So the book is about trying to teach people how to think subversively, and to show examples and frameworks in order to do that. And I remember working at a platform years ago and one of the engineers said, right, I'm going to put this button on the website to test if people will click it.And my instant reaction was, but it doesn't go anywhere. That's a terrible idea. They're going to have an awful experience and that's bad for them. And he's like, no, but I don't want to build something unless I know they're going to need it. So I'm just going to put that button there and yeah, I'm going to burn a few thousand clicks and they're gonna have a terrible experience. I don't care. I'll learn something. And he was prepared to be disagreeable in order to learn something different and to save an awful lot of time and money. And it was funny. It was like, okay. I need to think a little bit differently about how we're treating users sometimes. Alistair Croll: Yeah, we did a similar thing at Gradient. We had a reporting feature. Gradient was a startup that I launched in 2001. Eventually got acquired by BMC, their TrueSight product line. And we were about to launch reports in the product. And so we created our reports tab, and the reports tab went to a survey page. It says, we're going to do reports soon, what would you like to see?And people put in their email address and the report they'd like to see. And of course we were building a generic reporting tool. So what we did is we then generated like the top 20 requested reports. Made them defaults and then mailed those people saying we loved your feedback. Thank you so much. We've built the report you're looking for. Forget about the fact that 40 other people ask for the same report. Every one of them felt like they were a unique and special snowflake. And so we were exploiting the asymmetry between what we knew, which was 20 people asked for it and what they knew, which was, Hey, look at this, I'm special. You listened to me. And the customers loved it. Right? Is that evil? Well, it meant that we were able to build the default reports people wanted, which made the product better, but it's a little subversive. Brian Ardinger: Well, I think part of that learning is the fact that I think a lot of people think that they need to build the entire thing, because that's what shows the value. But, you know, again, you have to incrementally de-risk some of these new startup ideas. And so how do you do that with building just enough to get the learning that you need so that you can move it to the next level and build it out if you need to? Alistair Croll: Well, I would say that the problem's not minimum viable product, it's minimum viable attention.Emily Ross: Yeah. And actually, if you think about, and this is the one thing that the book, I suppose, hammers home, is that getting your go-to market strategy right, is as important, if not more important than getting your product right. Because if you can't capture attention and turn it into profitable demand, then no one's going to know about your product. And it's all about various different approaches that you can use to figure out how to do that. And  asymmetry being just one of about 10, I think that we cover. Brian Ardinger: So, is it a form of customer discovery almost so rather than the traditional customer discovery interviews there, you're looking for different ways to engage with a marketplace, engage with a customer to get that understanding of what their demand is and where they want to go from there?Emily Ross: Well, it's really interesting. Some of the examples in the book are not business examples. There's a lot of historical stuff in there, right back from Machiavelli,  all the way through to The Godfather. There's businesses, oh, tell the Genghis Khan story. I love that one. Alistair Croll: So I mean, the idea behind a lot of this is that if you know something to be true, that other people discount, you can take advantage of that. And there are many times where people knew they could do something better, but didn't Genghis Kahn, for example, knew that women could be very effective rulers. This was something that was not widely held. And so he would conquer a city, marry one of his many, many daughters off to the leader of that city. Send that leader off to war, he'd promptly get killed. Now you have a blood relative in charge of that city. Was that evil? Well, Genghis Khan did a lot of nasty things, but he did have a decent amount of respect for women's ability to run cities, which was something nobody else was factoring in. And this was an unfair advantage. Right. And I think, I mean, we're getting a little ahead of it. One of the things that Emily talks about a lot, is the idea that you need to know the norms of your system in order to subvert them. So do you want to talk a little about the water stuff? Emily? Emily Ross: Yeah so normative versus formative is like super interesting. So there's a story of by two fish and they're swimming along, and a much older fish is swimming the opposite direction. And this is from... Alistair Croll: it's a commencement address, right?Emily Ross: That's it, the older fish says, Oh how's the water? And the fish swim on a little bit and they turned to each other and go, what the hell is water? So, you have to be able to recognize the fact that you're swimming in the medium. And the best way to do that is to use external viewpoints to help recognize what you're swimming in or downing  in.I also use a log jam metaphor, which works as well. And this is a one I use all the time for teaching for problem solving, but it's really, really applicable as well too, to recognizing the difference between normative and formative. So when these to say a logs down the river, to ship them to the log yard, And they would occasionally get tangled up and a team of river pigs used to have to surround the problem really quickly because it's obviously getting worse and worse all the time, and figure out which was the one key log that you could extract to unlock the whole problem.And the only way they could do it really, really well, was through diversity of thought, opinion, and perspective. By surrounding the problem, by sharing ideas, by looking at it from lots of different perspectives. And that's why diversity in your teams, that's why diversity of perspectives is so important so that you can actually recognize what you're swimming in, whether it's water or something, a little bit stinkier. And also getting the sense of looking at it from outside, what you're used to. So ideas from different verticals, from different walks of life. That's going to help you think subversively. Alistair Croll: And that's kind of the supervillain stuff. I mean, Brian, I'll give you an example, that's a concrete example from when I came to visit you .One of your startups was making a rotary sprinkler solution.So to recap, rotary sprinklers, when they're lateral to a strong wind, get blown over and this costs a lot of money to fix. And so they built a thing that could measure the weather and the incoming winds and rotate the sprinkler downwind kind of like a wind sock, so it wouldn't fall over. And they're having a hard time selling. And what the startup revealed to me at the time when we were meeting, was that there's this weird existing system between farmers, farm subsidies, insurance, salespeople, and the makers of those sprinklers.They don't really mind when it gets knocked over because everyone makes some money and then they use that money to go on a fishing trip. If you don't know that you're in that water, all your efforts to sell are going to fail. You've got to recognize that and then go, huh? Maybe this is something I can sell through the maker of the sprinklers, or like maybe I can, you can subvert that system.Maybe you have to create an awareness campaign that farm subsidies being wasted and they could be spent on something else. But if you don't know that strategy, you can't subvert it. And that word subvert just means find another version. By definition, the hardest problems we face are the ones for which we don't have an obvious solution, because the normal approaches don't work.Which means you've got to find an unusual approach and that's normally called hacking, right? Hacking is getting something to work in a way it wasn't intended. Whether you're using a Pringle can to focus wifi signals, or you're getting a computer system to throw an error, so you can own a system. The problem with hacking is that in startups, hacking has a horrible polar reputation. Growth hacking is a bag of cheap tricks.Brian Ardinger: Talk about some of the examples in the book that maybe some people have heard of or can get a visual around. I know you've mentioned in past talks and that I've seen around this is like things like Peloton or Burger King.  Can you give examples from that? Emily Ross: I would quite like to talk about one of the ones that I had the hardest time with is about being disagreeable. And we talked about it slightly there in terms of doing things that you wouldn't necessarily think of as being quite right. But as a woman, I have been raised to be polite, to be agreeable. And actually, if you look at some of the most innovative, interesting entrepreneurs in history, quite a lot of them have been profoundly disagreeable.They've been prepared to be unliked or unloved. And this is something, a behavior that you can adopt or think about as a means to finding new ideas, or it means of finding new ways of doing things. One of the examples that we talked sports a little bit earlier, but Wilt Chamberlain was arguably one of the best basketball players of all time. He has on more than one occasion scored over a hundred points in a single game. But he had a problem. He couldn't shoot free throws to save his life. Back in college, he had a really high score, but over his career, it went down and down and down and he had a career low of like, I think 26% success rate.He was a star player. He got fouled a lot. So this was a really big problem for him. So he went to see Rick Barry. Rick Barry was the guy who could not miss. He actually had a career average of 89.3% and he got better and better as his career progressed in the last two years of his career, he had a 94% success rate from free throws. But he actually threw in a really interesting way. He threw underhand, which is actually kind of a cool word for the, Just Evil Enough book, because he shot underhand. But he was the best at shooting. But this was called the Granny Style. This is, you know, if you throw like a girl, you throw under hand. He didn't care. His father had drummed it into him from a very young age, how to shoot underhand, overhand, underhand, overhand, and he could just nail it every single time.So Chamberlain went to see Barry learned to shoot underhand and his performance doubled. He went from a career low, to a career high, in that same game where he scored a hundred points. So it turns out it's a much better approach. However, Chamberlain didn't have the guts to keep shooting underhand because he cared too much about what people thought. His career best was 61% from the line in 1961, he sank 28 of 32 free throws against the New York Knicks.So after a while, though, he reverted to shooting the way he knew, and his percentages  plunged. And he admitted that he felt like a sissy. He worried too much about what other people thought. And unlike Barry who was rational, Chamberlain was being agreeable and wrong. Barry meanwhile said he could be as selfish as he wanted to without hurting his team. So being a little bit disagreeable or asking yourself what you're prepared to do is a really good first start. Alistair Croll: Just to chime in quickly, we've all heard of growth hacking right? Growth hacking is these little tricks that get people to click a button or move down a funnel or whatever. The problem with any of these known tricks is that they're known.  Andrew Chen talks about the law of shitty click-through rates, which is simply the idea that as you find a vulnerability, if you will, a way to change the market, it becomes widely known immediately.So the first click-through ad on Hot Wired had an average of 44% click-through rate. Some people say it was as high as 70% for a banner ad. What's that at now? Emily? Brian Ardinger: Well, industry averages will tell you, or they'll tell you it's 0.1%. But in my opinion, it's closer to 0.02%, if you're lucky. Alistair Croll: So that's a huge decline. Same thing happened with email and so on. And so there are these known hacks that are the sort of marketing equivalent of a script kitty, who's running an attack on WordPress. And if you haven't patched your site, you'll be selling Viagra off your website. What you should be doing is trying to find the marketing equivalent of a zero day exploit.So in security a zero day, is an attack that nobody knows about yet. And they're incredibly valuable. Two of them were used to retard the Iranian nuclear program and damaged centrifuges. The marketing equivalent of a zero day exploit, we call this zero day marketing, is finding a new way to get a platform to behave in an unintended manner, with which you can create attention you can turn into profitable demand. And there's some amazing examples of like Farmville, for example. When Farmville's app would send you a message saying, Hey, Brian, Alistair's cows need some grain. And you'd click on it. Now you're a user. Well, they got to 30 million users before Facebook went, Whoa, we maybe don't want apps posting to people's friend feeds.There are so many examples of this, and we can tell you those examples. But the point is you can't use those examples because they've already been done. Right? What you have to do is devote much more of your time to inventing your own zero day marketing exploits. Brian Ardinger: So from that perspective, is it a series of experiments that you just have to run? You, you come up with some ideas and you run them like that, or is this, talk me through the process of how you get better at it? Emily Ross: One of the examples that I like to share, if you see it often enough, you begin to understand how you can apply the thinking. It's a model and you just try and apply it to your own environment. So if we take the information asymmetry, and example, the idea of subverting, one thing for another. Or a bait and switch. The idea of you're selling one thing, but actually getting another and Tupperware parties did this, you know, you think you're going for dinner and you end up getting guilt ridden into buying a load of plastic.But when I was working in a comparison platform, we subverted the PR channel for the generation of white hat backlinks. So PR is generally around building brand and brand awareness. But one of the side effects of PR was the generation of backlinks. So this is back in like maybe 2013. So what we did was we mined data. We attached big data trends to celebrities, pushed out, press releases to high value domains, and pretty much one in five hit would generate a backlink. When we started. We had about 1400 high quality backlinks. And we were generating about 60,000 non-brand organic visits to site per day. And after three years of pushing out two releases a month, month in, month out, we had over four and a half thousand unique domain backlinks and almost 200,000 non-brand organic visits per day.And this was a platform that turned traffic into money. I won't tell you how, but what we did for example, was we mined hair transplant trends and prices. And one example of the many, many crazy pushes we did was the Jude Law index of baldness. So here's a scale up from Colin Farrell all the way up to Dr. Evil,  of how bald are you? And you find yourself on the index and you see, Oh, this is how much it would cost for me to have hair transplants. It was a price comparison website for private health clinics. And this was a fun, interesting way to attract attention and turn it into traffic to the sites. But actually it wasn't really about traffic. It was always about the backlinks. So one in five hits generate a backlink, but again, it was channel burnout. It was a zero day exploit because you know, over the course of the three years, the number of backlinks that were being generated, went from maybe one in five to one in 10, because the platforms themselves started to recognize the value that they were accidentally giving away.So naturally you get published in a paper. If there's an online version of it, they print it online and they put a backlink out. It was a side effect of the real, a pure PR. And channel burn happened, those backlinks are no longer as readily available as they were. But it worked for about three years, four years. It was a fun time. Brian Ardinger:  You have to have a continuous funnel  yourself of new things that you need to explore it. Emily Ross: Exactly.  Exactly. So that was a, we had a good run, but it's about thinking about, well, what is the channel? What is the platform? So PR was the channel and we used it in a way. It wasn't intended to be used for our benefits. And so what are your channels? How can you use them differently? And that's a really great question to ask of yourself, no matter what you're doing. Alistair Croll: One of the things we often do is. What has changed in a technology platform. So for example, Travis Kalanick has this new startup Cloud Kitchens. What has changed in restaurants? Well, first of all, there's a huge abundance of restaurants that I could order from. Far more than I would know about. So I'm already overwhelmed with selection when I go to order food, because we're all at home, in a pandemic, ordering food. And second of all, The fact that the storefront is virtual, it means one kitchen can have many restaurant front ends. And so Cloud Kitchens will set you up with brands and their brands have games like Fucking Good Pizza, My Pasta, Dirty Little Vegan Bitch, Don't Grill My Cheese. None of these tell you about food, but when you're overwhelmed, and you have that sort of paradox of choice, you go, no, I'll just order it from that one. That sounds fine. Right? That's only possible because that brand is part of an experiment. You're ordering from an experiment. And they're constantly testing, which ones get more attention and then the restaurant can deliver all of those things that might be the same kitchen. And so Cloud Kitchens has taken advantage of an exploit within the traditional model of food ordering. So it's looking at, you know, what technology changes or combinations of technology, makes something possible that wasn't possible before that you can then subvert to your ends. Brian Ardinger: How do you go from not just creating a gimmick or how do you, I guess also approach being wrong, like trying these things and, and being wrong?Emily Ross: Growth hacking is gimmicks. Growth Hacking is doing something that maybe it's a publicity stunt or, I mean, one of the examples that we use in the book is pairing two things unexpectedly together. That's a great way to draw attention and Heineken did this really well in the UK just last week, where they put out a mobile hairdressing units and bar, so you could get a free haircut and a pint together.So this generated publicity and it's nice, but it's gimmicky, right? Is that really going to move their needle? You know, for the year? Possibly not. It's a nice story. So, but if you look at governments have been doing this for years and they've done it so well, there's a really good example in the book, which I won't go into now about how the government shamed people into stopping spitting in the twenties, as they tried to fight TB. Instead of just saying it's bad to spit, they actually made people feel bad, and socially, and vulgar  by spitting because before that it was perfectly normal.And if you look at the Chinese government, they use Fapiao.  Fapiao  are receipts. And they use Fapiao  as a lottery to fight corruption. So this is really interesting. In China, corruption can be rampant. Merchants will give their customers a discount, if the customer doesn't ask for a receipt.So the merchant doesn't have to report the income and like just pockets to the savings. The government used an incentive to combat this called Fapiao, which is a receipt  from the merchant. And there's a couple of hacks in here that are super clever. So the merchants have to buy the receipts beforehand and then hand them out to customers in return for payment.So the first one is the merchant has to pay tax before the transaction. That's really smart. And then customers demand their Fapiao, because there's a scratch and win lottery element. And then the government runs the lottery and customers can scratch off the panel to see if they've won anything. And so the second hack there is create demand for a receipt by making it a game.And then of course the government can also adjust the prize amount of each lottery to create just the right amount of incentive. So they're literally able to alter the rewards of the game to like tilt the Nash equilibrium, which is just like super smart. So you can do this at a macro level and absolutely get away with it.Alistair Croll: I want to just make sure we address your question about gimmicks. One of the big differences between a Zero Day Exploit and traditional Growth Hacking is that it's not known. But another is that it is intrinsic to your business model. The haircuts aren't intrinsic to Heineken's beer, but when Dropbox launched, they were the first to pioneer this, both of us get something. I invite you, we both get storage. That's built into the product, right. That's intrinsic to the system itself. And I think what it means is that you're factoring in Zero Day Exploits, marketing exploits, to your business model and your product roadmap. Not just to your marketing campaigns. I mean, Genghis Khan's  a good example, right?It wasn't just a tactic. It was a fundamental change in how he thought that societies could be ruled. So the real lesson here is, I'll give you one more example. There's a company that makes software called Energage  and they make workplace surveys. So they would sell to an enterprise and the enterprise would survey their employees and do  360 stuff. And so on. But the way they go to market is they launched this thing called the top workplaces project in concert with the Washington Post, the Denver Post, the Dallas Morning News and so on. And they run this survey and they say to these newspapers, Hey everybody, here's the survey. We'll take care of it.So now you go do it. And like, Whoa, isn't this great. My company is one of the best workplaces. I'll buy an ad in the newspaper. Everything's wonderful. And then Energage can go back and go, Hey, congratulations on being the third best workplace in Nebraska. Too bad about the other results. And you go what other results? Well, you know, we got more data than that, would you like to see it? Okay. And now you have a new customer, right? It's intrinsic to the business model, right. Rather than just being a little trick or hack. Brian Ardinger: That's an interesting point. And it also goes to the point where you see a lot of these examples in startups, because you can build it early on into the business model and that. How does this play out for a large existing company that wants to try to use some of these tactics?Emily Ross: So big companies really need to think about reframing and they also need to give themselves permission to think in ways they're not used to. One of the exercises I like to recommend is called a pre-mortem. And you basically give them permission to imagine the worst possible outcome. You invite them to invent the worst, worst, worst thing that could possibly happen and then work backwards from there.And it's amazing what happens in an environment like that, because that group think is real. That tribal behaviors of wanting to be agreeable and wanting everyone to pull together is very much a systematic thing that you see in large organizations. So giving them permission to think disagreeably.  Giving them methods to reframe where they are, what they do. These are all great frameworks for them to try and think subversively. Alistair Croll: First of all, I think that it's really important. I mean, I would consider a marketing department, have a Red Team. Have a second group, hmm, that has the same product and resources, but their job is to put the first group out of business. What do you do? Right. That's just hypothetical. You're going to think better. We Red Team on security. We Red Team on PR. Why don't we read team on go-to-market strategies.  And the second thing is, if you look at great brands that changed how people discussed a product or a service, they found a frame of reference that favored them. For decades we used to talk about electric cars. We would talk about sustainability and range. Pretty boring stuff, right? Lots of hippies sitting around going let's save the planet and look at my Prius. Elon Musk put one of them on a race track against supercar and beat it. And all of a sudden the conversation on electric cars was performance. He'd reframed the discussion about electric vehicles to performance, right?When Gmail first launched, your inbox on Hotmail or Yahoo mail had 10 mgs. That's like one photo, right? We don't remember that. My daughter doesn't believe this. When Gmail came along, Google knew that they did not have strength in folders and archiving and hierarchy and export, but they were good at with search and storage.So they said, Hey, email's not about your ability to manage your folders and your inbox and organization and management. It's about abundance storage. And they reinforced that so much that they actually had a counter showing you how much storage you get. Salesforce, when it first launched, was a web based CRM, but web-based CRMs had very few features compared to Siebel and Vantive and Clarify, companies that you don't see anymore.So they said no CRM is about not needing IT. In fact, their logo was no software. They had us the word software with a slash through it, despite the fact that they own their own programming language called Apex. Right? And so each of these companies found a way to reframe things, even like Listerine. Listerine was this clinical health thing. And then along comes scope and says, Hey, you know what? Mouthwash is actually about being attractive and sexy, not about clinical health. One action that a lot of big brands should take is to step back and say, what is a new frame that favors us and disadvantages our competition. And then what is it about that frame of reference that we can do to prove it that will then allow the customer to find a different way of valuing the product?Emily Ross: I would also chime in there and talk about generally large marketing teams will have, they'll have done their marketing degrees and their MBAs or masters on they'll turn out the four P's from, you know, the 1960s or the seven P's of service. And like there's too much P. Just stop peeing. Guys just stopped doing it.Right. Chuck, all of that in the bin and start thinking about creating attention. And it's as simple and as complicated as that. We talk about human motivation and Alistair  I think coined laid, made, paid, afraid. I tidy that up a bit to the piratey AARG. Which is appeal, authority, risk, and greed. So think about your customers. Think about your competitors. Think about the marketplace through the lens of human behavior and whether you're selling radiator bits or cars or Cola, people have all those very basic triggers. They want to be liked that's appeal. They want power that's authority. They want to feel safe. That's the risk lens.And then greed, you know, people want the things that they want. So. We're just human meat bags, right? We're just walking bags of meat with emotions. We have very simple motivations at the end of the day. And in a B2B setting for a big organization, the AARG framework is a really useful function. Like, so throw out the P. Think about AARG.And if you're trying to convince people to act, you need to appeal to base emotions more than you do plain reason, because most people really aren't very rational. There's also really a good examples of the seven deadly sins. If you look at the big, big enterprises, I think Chris Pack said this on Twitter.I thought it was really, really good. Uber and Amazon are slough. Instagram and Tik Tok are pride. Door Dash is gluttony. Tinder is lust. Pinterest is envy. Twitter is rath. And Bitcoin is greed. So think about the fundamentals. Just think about the basics. We haven't changed all that much. Alistair Croll: But I think the biggest thing here is that big brands haven't realized that the biggest risk they face is that someone else will subvert attention that they could otherwise be getting and turned into their profitable demand. And so if you don't do that, you're going to get eaten alive. If we can get the world to realize that the biggest risk is not whether you will build something, but whether anyone will care, we've already given people a huge headstart.Brian Ardinger: Well, and the fact that the world is changing so fast on the fact that you can go from company like Airbnb in 12 years to being, you know, one of the most recognizable brands, you know, overnight effectively from what used to be to build a business. New technologies, new marketplaces, new access to talent. All of that is just accelerating the opportunities to be disrupted. Alistair Croll: We used to have a new platform come along. You know, we had writing that took a few thousand years. Then we got to radio. It took a few hundred years. And then we got to television that took a decade, the rate of introduction of new platforms. And therefore, if you're thinking like a hacker new attack surfaces, Is incredible, right? The Cloud Kitchens example happened because of the pandemic and the rise of Uber Eats and Door Dash, and so on. The pace at which new exploit opportunities appear is very, very fast. And as a result, there are far more opportunities to subvert the status quo or the norms of your industry with one of these new platforms.So we're trying to get people to be much more opportunistic. And part of what we do, like I said I can't tell you do this thing, because if I tell you, then it's already been done. What we can do is we can say, here are some ways to think about it. You know, is there an innovation that happens? Can you reframe things? Can you do a substitution where people think they're getting one thing and they're actually getting another. Can you appeal to the foibles of human psychology? Emily Ross: Don't be afraid to be disagreeable. Alistair Croll: It's weird because in the past I've written books that are very technical. There is a right answer. And Emily's written lots of articles on like how to do stuff. This is a more subjective thing and candidly more uncomfortable for us as writers, because we want to make sure that there are applicable lessons, but it's almost like, you know, teaching someone Zen. I can tell you what it is, but you're going to have to go sit on a rock and figure it out for yourself.But once you start thinking this way, everything becomes a subversive opportunity. And once you have that subversive lens, you're not being evil, you're just being just evil enough. Opportunities are everywhere. Emily Ross: And actually, if you think about it, just coming back to your very first question, which is a nice cyclicity.  The title of the book is exactly what we set out to do, which is we got your attention and we're turning it into demand. So the book title is a really, really simple and effective way to showcase the thinking. And I think if you take one thing away from it, it's change what you spend your time on. So building a subversive go-to market strategy is just as important as thinking about your product. And if you get the balance, right, you're going to be unstoppable. Brian Ardinger: Well, and you've also from the book perspective, the book's not out yet, but you're doing things to grab attention differently than a lot of, I mean, I get pitched every other day by a book author trying to get their book noticed and that. But I know that you've been doing some things as far as live online course that's leading up to the book. And you have a interesting little survey. I don't, if we got to talking about any of the things that you're doing from a attention perspective to, about the book. Emily Ross: Well one of the things I love, this was so much fun, is that you can't just order the book. You can't just pre-order it. You have to take a quiz so that we can decide if you're evil enough. So you take the quiz and if you're not evil enough, we think, you know, you're not going to be able to handle the book. And if you're too evil, then this book could just perhaps be too powerful. So we have gamified the experience of the pre-order function, which was a lot of fun. And we've done a ton of tons of things, just mostly because we'd like to mess around, but that's just one of the things we've done so far. Alistair Croll: It's also great that Emily has like a whole team of web developers that stand up.  Emily's business is actually, she's like the SWAT team or the MI6 for some very advanced tech brands, who can't really explain what they do well. And Emily figures out how to do that. So she has a team of people to build stuff. So a good example of that is we wanted to do a survey to see whether people would take our cohort based course, which we're going to be running with Maven, the founders of  Alt MBA and UDemy,   set up this new, online cohort based course program. But we wanted to get people to take the survey. So we told them one lucky winner will get a free workshop or talk from us for their organization, which is usually something we charged a lot of money for. But we also wanted to make sure they shared the survey, which is a paradox because I want the greatest odds of winning. So I'm not going to tell my friends, right?So we made two surveys. One was Team Orange, one was Team Black. And we say, we'll choose the winner from the survey that has the most responses. That's a bit subversive. Right. And we found some funny things about people getting kind of tribal and like I'm Team Black and so on. We even did things to tweak the survey questions a little bit between the two.So we ran like six or seven social experiments in the survey. But would you buy a book from people who weren't thinking subversively? I mean, I wouldn't buy a book on subversiveness for someone who went through normal tactics. For More InformationBrian Ardinger: Absolutely. Well, I appreciate you both coming on Inside Outside Innovation to share some of this subversiveness and hopefully get more folks to be Just Evil Enough. People want to find out more about yourself or the book itself, what's the best way to do that. Emily Ross: Just Evil Enough.com and I'll actually, I landed Alistair in it on a talk we did last week because we were live Tweeting. They wouldn't let us take live questions. So we just got everyone to jump on Twitter and ask us questions there.And I promised everyone lives that if they hashtag Just Evil Enough that Alistair would read out whatever they wrote. And they all said smart, intelligent things. And I was like, I can't believe none of you are like trying to flog a course or a book or promote something. Like he will have to say anything you like. So people should...Alistair Croll: I think one guy had me mention his podcast, but there's a good example where like, Oh, you think you're getting free promotion in this thing we're recording, but you're actually following the Just Evil Enough account. Emily Ross: But yes, Just Evil Enough.com is where you can take the quiz. You can hear about the cohort class. You can, pre-order the book and there's an Evil Enough Twitter account too. You can check that out. Brian Ardinger: Well Emily, it was great to meet you for the first time here and Alistair. Always good to catch up with what's going on in your world. So appreciate you both for being on here and looking forward to the conversation in the future.Alistair Croll: Thanks so much for having us. Emily Ross: Thanks Brian.Brian Ardinger: That's it for another episode of Inside Outside Innovation. If you want to learn more about our team, our content, our services, check out InsideOutside.io or follow us on Twitter @theIOpodcast or @Ardinger. Until next time, go out and innovate.FREE INNOVATION NEWSLETTER & TOOLSGet the latest episodes of the Inside Outside Innovation podcast, in addition to thought leadership in the form of blogs, innovation resources, videos, and invitations to exclusive events. SUBSCRIBE HEREYou can also search every Inside Outside Innovation Podcast by Topic and Company.  For more innovations resources, check out IO's Innovation Article Database, Innovation Tools Database, Innovation Book Database, and Innovation Video Database.  

Inside Outside
Ep. 254 - Alistair Croll and Emily Ross, Co-authors of Just Evil Enough on Getting Noticed & Subversive Go-to Market Strategies

Inside Outside

Play Episode Listen Later Jun 8, 2021 36:50


On this week's episode of Inside Outside Innovation, we sit down with Alistair Croll and Emily Ross, co-authors of the upcoming book Just Evil Enough. We talk about the changing role of marketing and how companies can subvert systems, undermine industry norms, and get platforms to behave in unexpected ways that tilt the scales to generate attention and demand. Let's get started.Inside Outside Innovation is the podcast to help you rethink, reset, and remix yourself and your organization. Each week, we'll bring you the latest innovators, entrepreneurs, and pioneering businesses, as well as the tools, tactics, and trends you'll need to thrive as a new innovator.Interview Transcript with Alistair Croll and Emily Ross, Co-authors of Just Evil EnoughBrian Ardinger: Welcome to another episode of Inside Outside Innovation. I'm your host, Brian Ardinger, and as always, we have some amazing guests. Today we have Alistair Croll and Emily Ross authors of the new book, Just Evil Enough, which is a book about getting noticed in this noisy environment and subversive go-to market strategies. Welcome to the show guys. Alistair Croll: Thanks for having us. Emily Ross: Thanks a million. Brian Ardinger: Well, I'm super excited to have you on this call to give our audience a little bit of a sneak preview of the upcoming book. But first let me give a little bit of background. So, Emily Ross, you are a founder of a tech marketing consultancy company called Ink Vine based in Ireland. So we appreciate you coming across the pond to give us some insights on what's going on. And Alistair and I go back a long time back in the days of Lean Startup. And he's the coauthor of Lean Analytics. We brought him back to Nebraska about six or seven years ago, I guess it was, when I was working with Nmotion to help with our startup teams in that. So thank you for both being on the show. The title of the book, Just Evil Enough. How'd  you come up with that  and what's it all about? Alistair Croll: So I'll tell you a quick story. We ran an accelerator in Montreal called Year One Labs. And one of the companies in Year One Labs was a company called Local Mind. And Local Mind was a platform for asking people questions, asking strangers questions about an area.It was later acquired by Airbnb and Lenny Rachitsky,  the CEO ran supply-side growth there. And he's now the author of one of the most prominent newsletters for startup growth marketing, Lenny's Newsletter. And in the early days they were doing what every startup does, which is building lots of stuff. But because we were very Lean Startup focused, we have them ask what the biggest risk was.And it turns out the biggest risk was that whether people would answer questions from strangers. So they ran a very quick study, which we talk about in Lean Analytics. And they found that 94% of people on Twitter would answer a question from a stranger. But this happened because I had been asking Lenny, are you being evil enough?And they were like, we're not evil. And I said, yeah, but just a little evil, because it turns out that people answer questions, but people on the platform won't ask questions. The real risk is the supply of questions. And so they actually built a system that would ask fake questions of new users. So they get in the habit of asking questions. Now you can debate the means versus the end, but what we have found ever since that time is that almost every startup that's successful has some little dirty secret in their background, where they were able to take advantage of an emerging technology or subvert the way a platform is supposed to work and turn it to their advantage.And so the basic idea behind Just Evil Enough is that almost all the time, the problem isn't whether or not you can build something it's whether anyone will care. So your job should be creating attention you can turn into profitable demand. Emily Ross: I think the subversive word is really, really important because we want to clearly differentiate between nefarious, which is downright evil and subversive, which allows you to think a little bit differently.And it's very hard for people who've been conditioned to think a certain way, to try and think differently.  So the book is about trying to teach people how to think subversively, and to show examples and frameworks in order to do that. And I remember working at a platform years ago and one of the engineers said, right, I'm going to put this button on the website to test if people will click it.And my instant reaction was, but it doesn't go anywhere. That's a terrible idea. They're going to have an awful experience and that's bad for them. And he's like, no, but I don't want to build something unless I know they're going to need it. So I'm just going to put that button there and yeah, I'm going to burn a few thousand clicks and they're gonna have a terrible experience. I don't care. I'll learn something. And he was prepared to be disagreeable in order to learn something different and to save an awful lot of time and money. And it was funny. It was like, okay. I need to think a little bit differently about how we're treating users sometimes. Alistair Croll: Yeah, we did a similar thing at Gradient. We had a reporting feature. Gradient was a startup that I launched in 2001. Eventually got acquired by BMC, their TrueSight product line. And we were about to launch reports in the product. And so we created our reports tab, and the reports tab went to a survey page. It says, we're going to do reports soon, what would you like to see?And people put in their email address and the report they'd like to see. And of course we were building a generic reporting tool. So what we did is we then generated like the top 20 requested reports. Made them defaults and then mailed those people saying we loved your feedback. Thank you so much. We've built the report you're looking for. Forget about the fact that 40 other people ask for the same report. Every one of them felt like they were a unique and special snowflake. And so we were exploiting the asymmetry between what we knew, which was 20 people asked for it and what they knew, which was, Hey, look at this, I'm special. You listened to me. And the customers loved it. Right? Is that evil? Well, it meant that we were able to build the default reports people wanted, which made the product better, but it's a little subversive. Brian Ardinger: Well, I think part of that learning is the fact that I think a lot of people think that they need to build the entire thing, because that's what shows the value. But, you know, again, you have to incrementally de-risk some of these new startup ideas. And so how do you do that with building just enough to get the learning that you need so that you can move it to the next level and build it out if you need to? Alistair Croll: Well, I would say that the problem's not minimum viable product, it's minimum viable attention.Emily Ross: Yeah. And actually, if you think about, and this is the one thing that the book, I suppose, hammers home, is that getting your go-to market strategy right, is as important, if not more important than getting your product right. Because if you can't capture attention and turn it into profitable demand, then no one's going to know about your product. And it's all about various different approaches that you can use to figure out how to do that. And  asymmetry being just one of about 10, I think that we cover. Brian Ardinger: So, is it a form of customer discovery almost so rather than the traditional customer discovery interviews there, you're looking for different ways to engage with a marketplace, engage with a customer to get that understanding of what their demand is and where they want to go from there?Emily Ross: Well, it's really interesting. Some of the examples in the book are not business examples. There's a lot of historical stuff in there, right back from Machiavelli,  all the way through to The Godfather. There's businesses, oh, tell the Genghis Khan story. I love that one. Alistair Croll: So I mean, the idea behind a lot of this is that if you know something to be true, that other people discount, you can take advantage of that. And there are many times where people knew they could do something better, but didn't Genghis Kahn, for example, knew that women could be very effective rulers. This was something that was not widely held. And so he would conquer a city, marry one of his many, many daughters off to the leader of that city. Send that leader off to war, he'd promptly get killed. Now you have a blood relative in charge of that city. Was that evil? Well, Genghis Khan did a lot of nasty things, but he did have a decent amount of respect for women's ability to run cities, which was something nobody else was factoring in. And this was an unfair advantage. Right. And I think, I mean, we're getting a little ahead of it. One of the things that Emily talks about a lot, is the idea that you need to know the norms of your system in order to subvert them. So do you want to talk a little about the water stuff? Emily? Emily Ross: Yeah so normative versus formative is like super interesting. So there's a story of by two fish and they're swimming along, and a much older fish is swimming the opposite direction. And this is from... Alistair Croll: it's a commencement address, right?Emily Ross: That's it, the older fish says, Oh how's the water? And the fish swim on a little bit and they turned to each other and go, what the hell is water? So, you have to be able to recognize the fact that you're swimming in the medium. And the best way to do that is to use external viewpoints to help recognize what you're swimming in or downing  in.I also use a log jam metaphor, which works as well. And this is a one I use all the time for teaching for problem solving, but it's really, really applicable as well too, to recognizing the difference between normative and formative. So when these to say a logs down the river, to ship them to the log yard, And they would occasionally get tangled up and a team of river pigs used to have to surround the problem really quickly because it's obviously getting worse and worse all the time, and figure out which was the one key log that you could extract to unlock the whole problem.And the only way they could do it really, really well, was through diversity of thought, opinion, and perspective. By surrounding the problem, by sharing ideas, by looking at it from lots of different perspectives. And that's why diversity in your teams, that's why diversity of perspectives is so important so that you can actually recognize what you're swimming in, whether it's water or something, a little bit stinkier. And also getting the sense of looking at it from outside, what you're used to. So ideas from different verticals, from different walks of life. That's going to help you think subversively. Alistair Croll: And that's kind of the supervillain stuff. I mean, Brian, I'll give you an example, that's a concrete example from when I came to visit you .One of your startups was making a rotary sprinkler solution.So to recap, rotary sprinklers, when they're lateral to a strong wind, get blown over and this costs a lot of money to fix. And so they built a thing that could measure the weather and the incoming winds and rotate the sprinkler downwind kind of like a wind sock, so it wouldn't fall over. And they're having a hard time selling. And what the startup revealed to me at the time when we were meeting, was that there's this weird existing system between farmers, farm subsidies, insurance, salespeople, and the makers of those sprinklers.They don't really mind when it gets knocked over because everyone makes some money and then they use that money to go on a fishing trip. If you don't know that you're in that water, all your efforts to sell are going to fail. You've got to recognize that and then go, huh? Maybe this is something I can sell through the maker of the sprinklers, or like maybe I can, you can subvert that system.Maybe you have to create an awareness campaign that farm subsidies being wasted and they could be spent on something else. But if you don't know that strategy, you can't subvert it. And that word subvert just means find another version. By definition, the hardest problems we face are the ones for which we don't have an obvious solution, because the normal approaches don't work.Which means you've got to find an unusual approach and that's normally called hacking, right? Hacking is getting something to work in a way it wasn't intended. Whether you're using a Pringle can to focus wifi signals, or you're getting a computer system to throw an error, so you can own a system. The problem with hacking is that in startups, hacking has a horrible polar reputation. Growth hacking is a bag of cheap tricks.Brian Ardinger: Talk about some of the examples in the book that maybe some people have heard of or can get a visual around. I know you've mentioned in past talks and that I've seen around this is like things like Peloton or Burger King.  Can you give examples from that? Emily Ross: I would quite like to talk about one of the ones that I had the hardest time with is about being disagreeable. And we talked about it slightly there in terms of doing things that you wouldn't necessarily think of as being quite right. But as a woman, I have been raised to be polite, to be agreeable. And actually, if you look at some of the most innovative, interesting entrepreneurs in history, quite a lot of them have been profoundly disagreeable.They've been prepared to be unliked or unloved. And this is something, a behavior that you can adopt or think about as a means to finding new ideas, or it means of finding new ways of doing things. One of the examples that we talked sports a little bit earlier, but Wilt Chamberlain was arguably one of the best basketball players of all time. He has on more than one occasion scored over a hundred points in a single game. But he had a problem. He couldn't shoot free throws to save his life. Back in college, he had a really high score, but over his career, it went down and down and down and he had a career low of like, I think 26% success rate.He was a star player. He got fouled a lot. So this was a really big problem for him. So he went to see Rick Barry. Rick Barry was the guy who could not miss. He actually had a career average of 89.3% and he got better and better as his career progressed in the last two years of his career, he had a 94% success rate from free throws. But he actually threw in a really interesting way. He threw underhand, which is actually kind of a cool word for the, Just Evil Enough book, because he shot underhand. But he was the best at shooting. But this was called the Granny Style. This is, you know, if you throw like a girl, you throw under hand. He didn't care. His father had drummed it into him from a very young age, how to shoot underhand, overhand, underhand, overhand, and he could just nail it every single time.So Chamberlain went to see Barry learned to shoot underhand and his performance doubled. He went from a career low, to a career high, in that same game where he scored a hundred points. So it turns out it's a much better approach. However, Chamberlain didn't have the guts to keep shooting underhand because he cared too much about what people thought. His career best was 61% from the line in 1961, he sank 28 of 32 free throws against the New York Knicks.So after a while, though, he reverted to shooting the way he knew, and his percentages  plunged. And he admitted that he felt like a sissy. He worried too much about what other people thought. And unlike Barry who was rational, Chamberlain was being agreeable and wrong. Barry meanwhile said he could be as selfish as he wanted to without hurting his team. So being a little bit disagreeable or asking yourself what you're prepared to do is a really good first start. Alistair Croll: Just to chime in quickly, we've all heard of growth hacking right? Growth hacking is these little tricks that get people to click a button or move down a funnel or whatever. The problem with any of these known tricks is that they're known.  Andrew Chen talks about the law of shitty click-through rates, which is simply the idea that as you find a vulnerability, if you will, a way to change the market, it becomes widely known immediately.So the first click-through ad on Hot Wired had an average of 44% click-through rate. Some people say it was as high as 70% for a banner ad. What's that at now? Emily? Brian Ardinger: Well, industry averages will tell you, or they'll tell you it's 0.1%. But in my opinion, it's closer to 0.02%, if you're lucky. Alistair Croll: So that's a huge decline. Same thing happened with email and so on. And so there are these known hacks that are the sort of marketing equivalent of a script kitty, who's running an attack on WordPress. And if you haven't patched your site, you'll be selling Viagra off your website. What you should be doing is trying to find the marketing equivalent of a zero day exploit.So in security a zero day, is an attack that nobody knows about yet. And they're incredibly valuable. Two of them were used to retard the Iranian nuclear program and damaged centrifuges. The marketing equivalent of a zero day exploit, we call this zero day marketing, is finding a new way to get a platform to behave in an unintended manner, with which you can create attention you can turn into profitable demand. And there's some amazing examples of like Farmville, for example. When Farmville's app would send you a message saying, Hey, Brian, Alistair's cows need some grain. And you'd click on it. Now you're a user. Well, they got to 30 million users before Facebook went, Whoa, we maybe don't want apps posting to people's friend feeds.There are so many examples of this, and we can tell you those examples. But the point is you can't use those examples because they've already been done. Right? What you have to do is devote much more of your time to inventing your own zero day marketing exploits. Brian Ardinger: So from that perspective, is it a series of experiments that you just have to run? You, you come up with some ideas and you run them like that, or is this, talk me through the process of how you get better at it? Emily Ross: One of the examples that I like to share, if you see it often enough, you begin to understand how you can apply the thinking. It's a model and you just try and apply it to your own environment. So if we take the information asymmetry, and example, the idea of subverting, one thing for another. Or a bait and switch. The idea of you're selling one thing, but actually getting another and Tupperware parties did this, you know, you think you're going for dinner and you end up getting guilt ridden into buying a load of plastic.But when I was working in a comparison platform, we subverted the PR channel for the generation of white hat backlinks. So PR is generally around building brand and brand awareness. But one of the side effects of PR was the generation of backlinks. So this is back in like maybe 2013. So what we did was we mined data. We attached big data trends to celebrities, pushed out, press releases to high value domains, and pretty much one in five hit would generate a backlink. When we started. We had about 1400 high quality backlinks. And we were generating about 60,000 non-brand organic visits to site per day. And after three years of pushing out two releases a month, month in, month out, we had over four and a half thousand unique domain backlinks and almost 200,000 non-brand organic visits per day.And this was a platform that turned traffic into money. I won't tell you how, but what we did for example, was we mined hair transplant trends and prices. And one example of the many, many crazy pushes we did was the Jude Law index of baldness. So here's a scale up from Colin Farrell all the way up to Dr. Evil,  of how bald are you? And you find yourself on the index and you see, Oh, this is how much it would cost for me to have hair transplants. It was a price comparison website for private health clinics. And this was a fun, interesting way to attract attention and turn it into traffic to the sites. But actually it wasn't really about traffic. It was always about the backlinks. So one in five hits generate a backlink, but again, it was channel burnout. It was a zero day exploit because you know, over the course of the three years, the number of backlinks that were being generated, went from maybe one in five to one in 10, because the platforms themselves started to recognize the value that they were accidentally giving away.So naturally you get published in a paper. If there's an online version of it, they print it online and they put a backlink out. It was a side effect of the real, a pure PR. And channel burn happened, those backlinks are no longer as readily available as they were. But it worked for about three years, four years. It was a fun time. Brian Ardinger:  You have to have a continuous funnel  yourself of new things that you need to explore it. Emily Ross: Exactly.  Exactly. So that was a, we had a good run, but it's about thinking about, well, what is the channel? What is the platform? So PR was the channel and we used it in a way. It wasn't intended to be used for our benefits. And so what are your channels? How can you use them differently? And that's a really great question to ask of yourself, no matter what you're doing. Alistair Croll: One of the things we often do is. What has changed in a technology platform. So for example, Travis Kalanick has this new startup Cloud Kitchens. What has changed in restaurants? Well, first of all, there's a huge abundance of restaurants that I could order from. Far more than I would know about. So I'm already overwhelmed with selection when I go to order food, because we're all at home, in a pandemic, ordering food. And second of all, The fact that the storefront is virtual, it means one kitchen can have many restaurant front ends. And so Cloud Kitchens will set you up with brands and their brands have games like Fucking Good Pizza, My Pasta, Dirty Little Vegan Bitch, Don't Grill My Cheese. None of these tell you about food, but when you're overwhelmed, and you have that sort of paradox of choice, you go, no, I'll just order it from that one. That sounds fine. Right? That's only possible because that brand is part of an experiment. You're ordering from an experiment. And they're constantly testing, which ones get more attention and then the restaurant can deliver all of those things that might be the same kitchen. And so Cloud Kitchens has taken advantage of an exploit within the traditional model of food ordering. So it's looking at, you know, what technology changes or combinations of technology, makes something possible that wasn't possible before that you can then subvert to your ends. Brian Ardinger: How do you go from not just creating a gimmick or how do you, I guess also approach being wrong, like trying these things and, and being wrong?Emily Ross: Growth hacking is gimmicks. Growth Hacking is doing something that maybe it's a publicity stunt or, I mean, one of the examples that we use in the book is pairing two things unexpectedly together. That's a great way to draw attention and Heineken did this really well in the UK just last week, where they put out a mobile hairdressing units and bar, so you could get a free haircut and a pint together.So this generated publicity and it's nice, but it's gimmicky, right? Is that really going to move their needle? You know, for the year? Possibly not. It's a nice story. So, but if you look at governments have been doing this for years and they've done it so well, there's a really good example in the book, which I won't go into now about how the government shamed people into stopping spitting in the twenties, as they tried to fight TB. Instead of just saying it's bad to spit, they actually made people feel bad, and socially, and vulgar  by spitting because before that it was perfectly normal.And if you look at the Chinese government, they use Fapiao.  Fapiao  are receipts. And they use Fapiao  as a lottery to fight corruption. So this is really interesting. In China, corruption can be rampant. Merchants will give their customers a discount, if the customer doesn't ask for a receipt.So the merchant doesn't have to report the income and like just pockets to the savings. The government used an incentive to combat this called Fapiao, which is a receipt  from the merchant. And there's a couple of hacks in here that are super clever. So the merchants have to buy the receipts beforehand and then hand them out to customers in return for payment.So the first one is the merchant has to pay tax before the transaction. That's really smart. And then customers demand their Fapiao, because there's a scratch and win lottery element. And then the government runs the lottery and customers can scratch off the panel to see if they've won anything. And so the second hack there is create demand for a receipt by making it a game.And then of course the government can also adjust the prize amount of each lottery to create just the right amount of incentive. So they're literally able to alter the rewards of the game to like tilt the Nash equilibrium, which is just like super smart. So you can do this at a macro level and absolutely get away with it.Alistair Croll: I want to just make sure we address your question about gimmicks. One of the big differences between a Zero Day Exploit and traditional Growth Hacking is that it's not known. But another is that it is intrinsic to your business model. The haircuts aren't intrinsic to Heineken's beer, but when Dropbox launched, they were the first to pioneer this, both of us get something. I invite you, we both get storage. That's built into the product, right. That's intrinsic to the system itself. And I think what it means is that you're factoring in Zero Day Exploits, marketing exploits, to your business model and your product roadmap. Not just to your marketing campaigns. I mean, Genghis Khan's  a good example, right?It wasn't just a tactic. It was a fundamental change in how he thought that societies could be ruled. So the real lesson here is, I'll give you one more example. There's a company that makes software called Energage  and they make workplace surveys. So they would sell to an enterprise and the enterprise would survey their employees and do  360 stuff. And so on. But the way they go to market is they launched this thing called the top workplaces project in concert with the Washington Post, the Denver Post, the Dallas Morning News and so on. And they run this survey and they say to these newspapers, Hey everybody, here's the survey. We'll take care of it.So now you go do it. And like, Whoa, isn't this great. My company is one of the best workplaces. I'll buy an ad in the newspaper. Everything's wonderful. And then Energage can go back and go, Hey, congratulations on being the third best workplace in Nebraska. Too bad about the other results. And you go what other results? Well, you know, we got more data than that, would you like to see it? Okay. And now you have a new customer, right? It's intrinsic to the business model, right. Rather than just being a little trick or hack. Brian Ardinger: That's an interesting point. And it also goes to the point where you see a lot of these examples in startups, because you can build it early on into the business model and that. How does this play out for a large existing company that wants to try to use some of these tactics?Emily Ross: So big companies really need to think about reframing and they also need to give themselves permission to think in ways they're not used to. One of the exercises I like to recommend is called a pre-mortem. And you basically give them permission to imagine the worst possible outcome. You invite them to invent the worst, worst, worst thing that could possibly happen and then work backwards from there.And it's amazing what happens in an environment like that, because that group think is real. That tribal behaviors of wanting to be agreeable and wanting everyone to pull together is very much a systematic thing that you see in large organizations. So giving them permission to think disagreeably.  Giving them methods to reframe where they are, what they do. These are all great frameworks for them to try and think subversively. Alistair Croll: First of all, I think that it's really important. I mean, I would consider a marketing department, have a Red Team. Have a second group, hmm, that has the same product and resources, but their job is to put the first group out of business. What do you do? Right. That's just hypothetical. You're going to think better. We Red Team on security. We Red Team on PR. Why don't we read team on go-to-market strategies.  And the second thing is, if you look at great brands that changed how people discussed a product or a service, they found a frame of reference that favored them. For decades we used to talk about electric cars. We would talk about sustainability and range. Pretty boring stuff, right? Lots of hippies sitting around going let's save the planet and look at my Prius. Elon Musk put one of them on a race track against supercar and beat it. And all of a sudden the conversation on electric cars was performance. He'd reframed the discussion about electric vehicles to performance, right?When Gmail first launched, your inbox on Hotmail or Yahoo mail had 10 mgs. That's like one photo, right? We don't remember that. My daughter doesn't believe this. When Gmail came along, Google knew that they did not have strength in folders and archiving and hierarchy and export, but they were good at with search and storage.So they said, Hey, email's not about your ability to manage your folders and your inbox and organization and management. It's about abundance storage. And they reinforced that so much that they actually had a counter showing you how much storage you get. Salesforce, when it first launched, was a web based CRM, but web-based CRMs had very few features compared to Siebel and Vantive and Clarify, companies that you don't see anymore.So they said no CRM is about not needing IT. In fact, their logo was no software. They had us the word software with a slash through it, despite the fact that they own their own programming language called Apex. Right? And so each of these companies found a way to reframe things, even like Listerine. Listerine was this clinical health thing. And then along comes scope and says, Hey, you know what? Mouthwash is actually about being attractive and sexy, not about clinical health. One action that a lot of big brands should take is to step back and say, what is a new frame that favors us and disadvantages our competition. And then what is it about that frame of reference that we can do to prove it that will then allow the customer to find a different way of valuing the product?Emily Ross: I would also chime in there and talk about generally large marketing teams will have, they'll have done their marketing degrees and their MBAs or masters on they'll turn out the four P's from, you know, the 1960s or the seven P's of service. And like there's too much P. Just stop peeing. Guys just stopped doing it.Right. Chuck, all of that in the bin and start thinking about creating attention. And it's as simple and as complicated as that. We talk about human motivation and Alistair  I think coined laid, made, paid, afraid. I tidy that up a bit to the piratey AARG. Which is appeal, authority, risk, and greed. So think about your customers. Think about your competitors. Think about the marketplace through the lens of human behavior and whether you're selling radiator bits or cars or Cola, people have all those very basic triggers. They want to be liked that's appeal. They want power that's authority. They want to feel safe. That's the risk lens.And then greed, you know, people want the things that they want. So. We're just human meat bags, right? We're just walking bags of meat with emotions. We have very simple motivations at the end of the day. And in a B2B setting for a big organization, the AARG framework is a really useful function. Like, so throw out the P. Think about AARG.And if you're trying to convince people to act, you need to appeal to base emotions more than you do plain reason, because most people really aren't very rational. There's also really a good examples of the seven deadly sins. If you look at the big, big enterprises, I think Chris Pack said this on Twitter.I thought it was really, really good. Uber and Amazon are slough. Instagram and Tik Tok are pride. Door Dash is gluttony. Tinder is lust. Pinterest is envy. Twitter is rath. And Bitcoin is greed. So think about the fundamentals. Just think about the basics. We haven't changed all that much. Alistair Croll: But I think the biggest thing here is that big brands haven't realized that the biggest risk they face is that someone else will subvert attention that they could otherwise be getting and turned into their profitable demand. And so if you don't do that, you're going to get eaten alive. If we can get the world to realize that the biggest risk is not whether you will build something, but whether anyone will care, we've already given people a huge headstart.Brian Ardinger: Well, and the fact that the world is changing so fast on the fact that you can go from company like Airbnb in 12 years to being, you know, one of the most recognizable brands, you know, overnight effectively from what used to be to build a business. New technologies, new marketplaces, new access to talent. All of that is just accelerating the opportunities to be disrupted. Alistair Croll: We used to have a new platform come along. You know, we had writing that took a few thousand years. Then we got to radio. It took a few hundred years. And then we got to television that took a decade, the rate of introduction of new platforms. And therefore, if you're thinking like a hacker new attack surfaces, Is incredible, right? The Cloud Kitchens example happened because of the pandemic and the rise of Uber Eats and Door Dash, and so on. The pace at which new exploit opportunities appear is very, very fast. And as a result, there are far more opportunities to subvert the status quo or the norms of your industry with one of these new platforms.So we're trying to get people to be much more opportunistic. And part of what we do, like I said I can't tell you do this thing, because if I tell you, then it's already been done. What we can do is we can say, here are some ways to think about it. You know, is there an innovation that happens? Can you reframe things? Can you do a substitution where people think they're getting one thing and they're actually getting another. Can you appeal to the foibles of human psychology? Emily Ross: Don't be afraid to be disagreeable. Alistair Croll: It's weird because in the past I've written books that are very technical. There is a right answer. And Emily's written lots of articles on like how to do stuff. This is a more subjective thing and candidly more uncomfortable for us as writers, because we want to make sure that there are applicable lessons, but it's almost like, you know, teaching someone Zen. I can tell you what it is, but you're going to have to go sit on a rock and figure it out for yourself.But once you start thinking this way, everything becomes a subversive opportunity. And once you have that subversive lens, you're not being evil, you're just being just evil enough. Opportunities are everywhere. Emily Ross: And actually, if you think about it, just coming back to your very first question, which is a nice cyclicity.  The title of the book is exactly what we set out to do, which is we got your attention and we're turning it into demand. So the book title is a really, really simple and effective way to showcase the thinking. And I think if you take one thing away from it, it's change what you spend your time on. So building a subversive go-to market strategy is just as important as thinking about your product. And if you get the balance, right, you're going to be unstoppable. Brian Ardinger: Well, and you've also from the book perspective, the book's not out yet, but you're doing things to grab attention differently than a lot of, I mean, I get pitched every other day by a book author trying to get their book noticed and that. But I know that you've been doing some things as far as live online course that's leading up to the book. And you have a interesting little survey. I don't, if we got to talking about any of the things that you're doing from a attention perspective to, about the book. Emily Ross: Well one of the things I love, this was so much fun, is that you can't just order the book. You can't just pre-order it. You have to take a quiz so that we can decide if you're evil enough. So you take the quiz and if you're not evil enough, we think, you know, you're not going to be able to handle the book. And if you're too evil, then this book could just perhaps be too powerful. So we have gamified the experience of the pre-order function, which was a lot of fun. And we've done a ton of tons of things, just mostly because we'd like to mess around, but that's just one of the things we've done so far. Alistair Croll: It's also great that Emily has like a whole team of web developers that stand up.  Emily's business is actually, she's like the SWAT team or the MI6 for some very advanced tech brands, who can't really explain what they do well. And Emily figures out how to do that. So she has a team of people to build stuff. So a good example of that is we wanted to do a survey to see whether people would take our cohort based course, which we're going to be running with Maven, the founders of  Alt MBA and UDemy,   set up this new, online cohort based course program. But we wanted to get people to take the survey. So we told them one lucky winner will get a free workshop or talk from us for their organization, which is usually something we charged a lot of money for. But we also wanted to make sure they shared the survey, which is a paradox because I want the greatest odds of winning. So I'm not going to tell my friends, right?So we made two surveys. One was Team Orange, one was Team Black. And we say, we'll choose the winner from the survey that has the most responses. That's a bit subversive. Right. And we found some funny things about people getting kind of tribal and like I'm Team Black and so on. We even did things to tweak the survey questions a little bit between the two.So we ran like six or seven social experiments in the survey. But would you buy a book from people who weren't thinking subversively? I mean, I wouldn't buy a book on subversiveness for someone who went through normal tactics. For More InformationBrian Ardinger: Absolutely. Well, I appreciate you both coming on Inside Outside Innovation to share some of this subversiveness and hopefully get more folks to be Just Evil Enough. People want to find out more about yourself or the book itself, what's the best way to do that. Emily Ross: Just Evil Enough.com and I'll actually, I landed Alistair in it on a talk we did last week because we were live Tweeting. They wouldn't let us take live questions. So we just got everyone to jump on Twitter and ask us questions there.And I promised everyone lives that if they hashtag Just Evil Enough that Alistair would read out whatever they wrote. And they all said smart, intelligent things. And I was like, I can't believe none of you are like trying to flog a course or a book or promote something. Like he will have to say anything you like. So people should...Alistair Croll: I think one guy had me mention his podcast, but there's a good example where like, Oh, you think you're getting free promotion in this thing we're recording, but you're actually following the Just Evil Enough account. Emily Ross: But yes, Just Evil Enough.com is where you can take the quiz. You can hear about the cohort class. You can, pre-order the book and there's an Evil Enough Twitter account too. You can check that out. Brian Ardinger: Well Emily, it was great to meet you for the first time here and Alistair. Always good to catch up with what's going on in your world. So appreciate you both for being on here and looking forward to the conversation in the future.Alistair Croll: Thanks so much for having us. Emily Ross: Thanks Brian.Brian Ardinger: That's it for another episode of Inside Outside Innovation. If you want to learn more about our team, our content, our services, check out InsideOutside.io or follow us on Twitter @theIOpodcast or @Ardinger. Until next time, go out and innovate.FREE INNOVATION NEWSLETTER & TOOLSGet the latest episodes of the Inside Outside Innovation podcast, in addition to thought leadership in the form of blogs, innovation resources, videos, and invitations to exclusive events. SUBSCRIBE HEREYou can also search every Inside Outside Innovation Podcast by Topic and Company.  For more innovations resources, check out IO's Innovation Article Database, Innovation Tools Database, Innovation Book Database, and Innovation Video Database.  

USB our Guest Flash Briefing
Zero-Day Exploits - Recently Windows

USB our Guest Flash Briefing

Play Episode Listen Later Feb 18, 2021 3:18


Today's episode covers Zero Days. What are they, why you should know about them and what you should do when you hear about them. Recent Windows Zero day - https://www.darkreading.com/vulnerabilities---threats/microsoft-fixes-windows-zero-day-in-patch-tuesday-rollout/d/d-id/1340114 FireEye Zero-Day definition - https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/usbog/message Support this podcast: https://anchor.fm/usbog/support

windows zero days zero day exploits
Apfeltalk® Editor's Podcast
ATEP570 - Wenn die sicheren Apps unsicher werden

Apfeltalk® Editor's Podcast

Play Episode Listen Later Apr 26, 2020 6:03


Apple erfreut sich dem Ruf, die Sicherheit und Privatsphäre seiner Kunden besonders wichtig zu nehmen. Das schützt den Konzern aber natürlich nicht vor Fehlern. Vergangene Woche wurde ein schwerwiegender Fehler in Apple Mail bekannt. Zugegeben es ist bei Apple eher selten, es gibt sie aber doch: die sogenannten Zero-Day-Exploits. Der von Zecops gefundene Fehler ist seit iOS 6 im System, seit iOS 13 ist er noch einfacher auszunutzen. iPhones sind damit angreifbar – auch ohne aktiven Eingriff des Nutzers. Bis Apple einen Patch veröffentlicht gibt es immerhin eine einfache Lösung: die Mail-App von Apple vom Gerät entfernen. Nichts Genaues weiß man nicht Die Einschätzung der Lage geht weit auseinander. Apple selbst spielt den Fall runter, während diverse staatliche Stellen durchaus scharf reagieren. Am Ende gibt es vor allem eines nicht: belastbare Zahlen oder ganz konkrete Angriffsszenarien oder Betroffene. Es gibt nur zwei Tatsachen: Es müssen mehrere Sicherheitslücken genutzt werden und es ist grundsätzlich eine große Menge an Geräten betroffen. Standard-Apps gibt es nicht, … In zwei Wochen ist dieses Thema ziemlich sicher vom Tisch und Apple wird kaum Schaden genommen haben. Eine andere Diskussion bekommt dadurch aber neue Nahrung: Warum lässt Apple keine anderen Standard-Apps zu? Mail kann deinstalliert werden – sofern dann eine Mail per Mail-To-Link verschickt werden soll, will iOS die Mail-App jedoch wieder installieren. Apples Begründung: Der Konzern legt besonderen Wert auf Sicherheit. Ein Argument, das bröckelt. Vielleicht ändert der Konzern jetzt aber seine Meinung, …ein Thema, das wir auch im Podcast bereits hatten. ----- Wenn euch dieser Podcast gefallen hat, würden wir uns freuen, wenn ihr Apfeltalk unterstützen würdet. Einerseits könnt ihr uns auf iTunes bewerten – damit erhöht sich die Sichtbarkeit dieses Podcasts – oder uns andererseits auf Steady unterstützen. Förderer auf Steady erhalten die Apfeltalk SE sowie die Film und Serien Folgen immer bereits am Sonntag, alle anderen Hörer am Freitag. Außerdem sind alle Folgen werbefrei und ihr bekommt Zugriff auf unsere wöchentliche News-Zusammenfassung. Empfehlt uns auch gerne euren Freunden!

Secure Digital Life (Video)
Terms & Acronyms - Secure Digital Life #99

Secure Digital Life (Video)

Play Episode Listen Later Feb 13, 2019 37:40


Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain. Full Show Notes: https://wiki.securityweekly.com/SDL_Episode99 Visit our website: http://securedigitallife.com Follow us on Twitter: https://www.twitter.com/securediglife

ai terms cyber acronyms sdl doug white zero day exploits technicalsegment secure digital life techseg
Secure Digital Life (Audio)
Acronyms - Secure Digital Life #99

Secure Digital Life (Audio)

Play Episode Listen Later Feb 13, 2019 37:41


Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain.   Full Show Notes: https://wiki.securityweekly.com/SDL_Episode99   Visit our website: http://securedigitallife.com Follow us on Twitter: https://www.twitter.com/SecureDigLife Like us on Facebook: https://www.facebook.com/SecureDigLife  

ai security terms cyber hacking acronyms infosec sdl doug white security weekly zero day exploits technicalsegment secure digital life techseg
Paul's Security Weekly (Podcast-Only)
Hellfire Dong Slinger - Paul's Security Weekly #590

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Jan 19, 2019 166:49


This week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into a network while pen testing! In the Security News, two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for Zero-Day Exploits are rising, new attacks target recent PHP Framework Vulnerability, Microsoft launches a new Azure DevOps Bug Bounty program, and more!   Full Show Notes: https://wiki.securityweekly.com/Episode590 Visit https://www.securityweekly.com/psw for all the latest episodes! For more information about Black Hills Information Security, visit: securityweekly.com/bhis   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly
Hellfire Dong Slinger - Paul's Security Weekly #590

Paul's Security Weekly

Play Episode Listen Later Jan 19, 2019 166:49


This week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into a network while pen testing! In the Security News, two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for Zero-Day Exploits are rising, new attacks target recent PHP Framework Vulnerability, Microsoft launches a new Azure DevOps Bug Bounty program, and more!   Full Show Notes: https://wiki.securityweekly.com/Episode590 Visit https://www.securityweekly.com/psw for all the latest episodes! For more information about Black Hills Information Security, visit: securityweekly.com/bhis   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Craig Peterson's Tech Talk
Encryption Busting Laws In Australia and more all on TTWCP Radio Show

Craig Peterson's Tech Talk

Play Episode Listen Later Dec 15, 2018 28:04


More what happened at Marriott.  Listen to find out how it actually went down. Does the news about the Partnership with 23 and Me worry you?  We'll discuss how you can remove your information if you choose to and why you might not want to. I know we have talked about Zero-Day Exploits before. Today we will talk about a new one More on the stupidity of the Equifax hack.  Listen in and I will explain why it really was irresponsible and avoidable. Australian lawmakers think they are Security Professionals. You know I like encryption and think it is a good thing.  Australia is passing laws that will have horrible global implications.  These and more tech tips, news, and updates visit - CraigPeterson.com --- Transcript: Below is a rush transcript of this segment, it might contain errors. Airing date: 12/15/2018 Encryption Busting Laws In Australia Craig Peterson: 0:00 Hey, Welcome to Tech Talk with Craig Peterson we have a few things to talk about, as we always do. We've got a little bit more news on what happened with the Marriott hack, 23AndMe I didn't really get to this last week I had this article up on my website I wanted to cover this I talked about a little bit on the air this week it's a big deal for a lot of people there's a new flash zero-day exploit out there in the while wild another reason not to use flash we'll be talking about that and how that is frankly, going to impact you. It's scary. I don't know why flash is still out there at all. Frankly, this is it's a travesty the Equifax breach we got we got some new info on this just how dumb this silly thing was, and what happened there. And of course, that expose the personal data of hundreds of millions of Americans, the encryption has passed encryption, the Australians have passed and encryption law. So we'll be talking a little bit about that that's going to have some global privacy implications. And there was a bug that was left wide open to your Microsoft account that's going to maybe have some ramifications for you. This was kind of a crazy thing, again, something fairly obvious in retrospect, right? But you don't always notice these things in advance. And I had a great meeting this week, I want to do a quick shout out to john he is a CEO, oh, some multi location business and trying to get his security under control. And it made me think about this webinar did this week for the FBI on how do you sell security? How do you let the sea levels the managers, the directors know why they should? Now there's obviously there's the whole you got to be scared of this side of things, right? which I think makes some sense because you do have to be afraid of these things. But the other side is there are major business benefits to making sure your systems are safe. Do they go with all the way from, hey, listen, we're not going to be down because we have ransomware, right? And so how much would it cost us per hour to not be able to stay in business and, and we have a client, a multinational client who had to shut down worldwide manufacturing, worldwide sales, distribution, everything for a week or more, how much you think that cost them. So there's a benefit there, there are other benefits, including you can now use it as a marketing plus we have a number of Accountants is that we're working with an accounting firm, small firms, we're working with them to help them understand and what their footprint is, what their liability is. And I think that's a really big deal to Franklin, when you get right down to it, that that, hey, if you come to me, I have a differentiating factor, right? Which every business needs, right? We all need our own unique selling proposition. Well, if you can tell your customers that their data is safe on your systems. Do you think that's a big selling point? I absolutely do. I think it's a huge selling point. And we went through a whole bunch of things. And gentleman's name is Dominic gorillas. He's a managing partner over to impress draw. Now, you might want to look them up by MP St. ra.com. He has been very busy over the years in large public companies doing things King consulting, he was over Capgemini and many others. And he did a lot of stuff over in Europe, helping to transform all of these businesses. So thank again to him to Dominic because that was a fantastic FBI infra guard webinar that I put on with him here this last week, we're going to we be re-airing it looks like next week. I'm not sure if it's going to be Tuesday or Thursday, because there are there were some snap photos right there isn't that isn't that always happen where our clocks got messed up. And it was my fault Because my clock got messed up I was thinking 4 pm because that's when I hold my webinars, right. I hold mine at four. And then I hold the webinars for the FBI infra guard program at 3 pm. So I I kind of got messed up and telling myself, so I'm going to run it next week. If you're in regard member, make sure you keep an eye out in your email for that announcement. Because this is a really good thing. I think, you know, of all of the webinars I've done this year, for the infra guard program. This may be the most important because it's helping businesses understand the higher level management understand what they should do, and how you can help them understand it as well. Okay, so let's get down to the business at hand here today. And that, of course, has to do with all of our friends who are over Microsoft and what they've been doing to us or for us. Well, there was a bug that was left wide open, and it allowed complete takeover of Microsoft account. So there's a bounty hunter out there, some of these guys and gals can make some decent money just looking for bugs, I called bug bounties and they can range all the way up to 100,000 bucks. But it's usually not that much even for huge bugs in it. It's shameful what some businesses pay to find out about bugs in their software. Sometimes, you know, the pay my I use $2,000, wait a minute, he just spent what, 510 years learning the craft to try and find bugs. And then they spent what six months finding this bug in your offering them two grand. But anyway, so he was working as a security work researcher here with a cybersecurity site called safety detective and discovered that he was able to take over Microsoft subdomain success dot office calm because it wasn't properly configured. So this lot, the bug hunter set up an Azure web app that pointed to this gets kind of technical, but pointed to the don't main see record. So it's used to map domains and stuff moving around. So bottom line, Microsoft Office, Outlook store and sway app sent authenticated login tokens to him kind of a big deal here. So the issues were reported on Microsoft in June. And they finally fix them in November. Okay, so hopefully, again, this isn't an example of a good guy doing the right thing where he founded, he reported it Microsoft fixed at 10. And then, you know, we're all going to be relatively safe because of this. So, you know, hopefully, right isn't that kind of the bottom line here, we got to keep an eye out. If you are running a business and you have a software, you have a service, remember, you have an obligation to try and keep that safe. And that gets very difficult. That's why you should hire ethical hackers and hire these teams. And we have certified ethical hackers who are on our team if you want some help. But you need to not only make sure your software is pretty much safe, right. But you have to also make sure that your people are safe, that your systems are safe. I guess I kind of goes back to whatever just talking about right with Dominic here this week on that on that info guard webinar. But you got to make sure and another thing a lot of people really aren't aware of. And, and I want to make this very clear, too. And that is, if you're using Microsoft Office 365, or you're using salesforce.com, or you're using various other vendors, the liability for a hack still rests on you. So you need to make sure that you have an agreement in place with them, your agreement with him, not their agreement with you your agreement with them that says I am pushing liability for this on you my provider because you're supposed to provide me with security. We went into a restaurant two weeks ago to have a look at their security. We're doing a paid cyber health assessment. And we had a look at their other tablets that they have hooked up, now they're on hardwired so you know, the thinking as well. Okay, well, they're relatively safe, because we've got, wow, a sonic wall firewall. And of course, we know we have a look at it. And it was disastrous. What was on there is anybody could have put a logger on those. And they may have, right because we didn't go into that level of detail yet. But a keylogger on that, that grabs all of the credit cards that are run through that tablet. Think about that for a minute What a pain that would be. And because of the payment card industry standards, not only are his consumers hurt, because now they have to argue with the credit card company, which young not such a big deal, but he would get fined. And in this case, in the tune of about $8 million dollars, potentially based on the number of cards that go through his machines. Now, this is real, if you take credit cards, you have to live up to these PCI DSS the data security standards that they have in place, you signed it, we had another client that again, we just started doing security for the Payment Card Industry guys FedEx them a package that said, you know, we need you to go through this and sign it, it was 150 pages, printed pages, they wouldn't let them sign it online, they wouldn't let them do digital signal, say a signature should say they had to take and ship that package of paper, right. And they open it up. And of course, it's all legal ease. And it's 150 pages. And they're trying to figure it out. And so they sign it anyway. Right? Who hasn't, who hasn't just clicked on, I accept on a website. And now they are liable because the PCI, the payment card industry is going after vendors that have their data stolen. So in this case, they were relying on a back to the restaurant, they were relying on the cloud service that was doing all the credit card clearing and, and tracking all of the orders and doing everything for them. Right. So we're all set. But that vendor wasn't keeping any of their data save, which means when it's stolen, they're out of business. And we just had that happen in my hometown, it was one of these chain restaurants. And the people in that restaurant weren't taking credit cards. And we're keeping copies of the credit cards. And so the whole thing had to shut down the whole chain that the guy owned multiple of these of these restaurants, right name brand restaurant, and he had to shut down completely because of the liability. And people just don't pay attention to that now. And I get it right. I sat down there just this week and went through all of the different things that I have to worry about. And believe me, there's, there's a lot of things, right. One of the things was security, but I have about two dozen, what I call silos of responsibility. A lot of those have to do without reach. But they have also to do with maintaining customers, employees think about everything, I know it right, you're a business person, you know what this is like. And just putting one more thing on to that pile just pushes it over the edge, right, it's just too much to do well, in this day and age, it's not anymore. Because if those cards have been stolen, this restaurant chain would also have been out of business, this other chain, we had a quick look at, they would have been out of business as well, because they had this data. And this data was a place where wasn't being kept safe. So that's a pretty big deal, frankly, and I just want everyone to think about it. If you need help, let me know or go to anybody out there. Please go to anybody. We have certified white hat hackers, these are guys that know how to hack in, they have been certified, but they work for us. And they we have bonds, right. And insurance and everything case something happens. But you got to do it in this day and age. It's unfortunate. But it's absolutely the case that you have to take care of this. So I've got an encryption busting law we've got to talk about because this is going to happen all over the place. This is from our friends over Digital Trends. You'll find this article as well as all the other articles I talked about today up on my website at http://CraigPeterson.com. But they've got some new legislation in Australia that could have some global consequences for security and privacy on the internet. Now, we know that various law enforcement agencies have been pushing to have a backdoor in for encryption. And this isn't, you know, this isn't a Trump era thing. People, okay, don't get all about set with President Trump about this, this goes way back. This goes back to the beginning of time, really. But do you remember during the Clinton administration, this whole thing over the Clipper chip, and we're going to have encryption and this is the best standard in the world? And they pushed it out to the world and it turned out it had a backdoor and it had a way for the federal government to get in. Now, I kind of understand this right to in many degrees of if you're a victim of a crime, obviously, you want the crime solved. If you're trying to investigate a crime, you want the right evidence and as much of it as you can get, you don't just want to have a phone that you can't get into. And you don't want to have just hearsay. You want physical evidence. You don't want somebody to say Yeah, well, I heard so and so say the lesson such here. All right. I remember one case, I was sitting in a restaurant. And I overheard a discussion between two waitresses and they were talking about the commission of a murder that had occurred and who they knew was involved with this murder, local-ish murder, right? My, I don't think my hometown kind of murder and very, very long time, but you know, very local, the next town over next big town over and they were standing there talking about it. So I called up the detectives that I knew and said, Hey, guys, for what it's worth, I heard so and so and so on. So talking about the murder of this other person. And they said, they are confident that this person committed the murder. And here's kind of the background on at what I heard. And of course, the detectors have, thank you very much. And I have no idea what they did with that information. At the time. They said, yeah, this is this is useful, but they said, it's stuff we have, we already knew. But it's just, you know, another the checkpoint, it's another data point on this, that we know now that, okay, there has been some involvement in it. So I understand you can't use as talking about here, say, right, fifth hand, who knows how far out this was, this is just rumors, a couple of people chatting right over something that they might not have really known anything about. So getting into that phone or getting into a computer can be very important. And the same things true when we're talking about things like snapshot chat, or we're talking about FaceTime, or we're talking about some of these others, it can be really important for the police for their investigation to know what was said, or know what is being said. So there might be a crime, they're watching somebody right now. And there, they're listening in, right, kind of like the Pfizer warrants and, and major major general right, but General Flynn who was kind caught up in all of this and you know, how can he divides a whole another story. But when something like that happens, and they want to listen in, it's one thing to be able to listen into a regular phone call, it's almost impossible for them to listen in to one of these encrypted calls that you can use just, you know, as I said, FaceTime, you can use WhatsApp, there's, there's just a ton of them out there. So Australia has come out now with this law. And it's saying that the apps like I message from Apple like WhatsApp, or what app telegram SIG signal that is used to keep messages private between people. And we already know that some of the Federal investigations that have gone on, they did not have access to this. It's not like Peter struck in the FBI sending Texas deletes a page because every text is kept Okay, that doesn't matter if you deleted off of your phone, it went through the phone company. And they keep those things for a period of time. Well, that private conversation is something they'd like to listen in. And frankly, some of these are pretty high-level privacy. And the Australian Government now has decided that they want to compel technology companies to help them access the information. Now, we're going to have to see what happens here in practice it what's really going to happen in practice is still being debated. But there are critics in the tech industry that made it clear they're not on board, the government's having this kind of power to snoop. Many of them say the bill of blind just tech companies to put backdoors into their security systems so the government can get in. But of course, that gives now the opportunity for bad guys to get into it for fraud to occur, right? Because if there's a door, somebody is going to find that door and they said, the bill does have a safeguard this has companies are not required to build systematic weaknesses into the software. But systematic was not defined, meaning that the actual legal requirements are unclear. There are other concerns with this bill, which is the lack of judicial oversight in the process. Look at all of the problems we've had recently with the fines a warrant Right, essentially a star chamber it the judges see in here, it is completely private, there's nothing public about it, and you can easily have someone that does something they shouldn't do, right. So law enforcement agencies in this case, will still need a warrant. But you know, how do they go ahead and break the encryption and once the warrants issued? There's no further oversight now because most tech companies are global. We're talking about a very wide net here, are you going to design a system that has a back door so that you meet these Australian requirements? And, frankly, the Chinese requirements? So are you going to put a back Dorian and then somehow keep that door closed for the rest of the world that that's the problem out there. There's a human rights lawyer down in Australia, Lizzie O'Shea, she says The truth is that there's simply no way to create tools to undermine encryption without jeopardizing digital security and eroding individual rights and freedoms hackers with bad intentions will do their utmost to take advantage of any such tools that companies are forced to provide government so there you go it I think a bad idea and a good idea all at the same time I can absolutely see both sides of that argument It drives me crazy I'm not sure what the right way to go is entirely but I gotta say I'm not sure that the government having essentially unfettered access to our papers is what we want you to know, they used to be a constitution and a constitutional amendment about being secure right in your papers. You used to have privacy but that that seems to be kind of going by the wayside but if there's a warrant required I guess that is a check and balance it should be public there should be oversight but you know, as they said an enemy of the state so who's going to oversee the overseers, overseers. right but that's not a direct quote pipe away but that's kind of where we're going so let's talk about Equifax here and there's some dumb hack we had the House Republicans investigating this Equifax breach because they really cared that this was a very very big deal and it needed some oversight and how the justice department they did some investigating into this not a whole ton but the House Republican spent 14 months now investigating it and they reach the same conclusions that everybody else that looked at this came to and that I came to about a week after the hack and that is the breach was entirely preventable and that the credit reporting agencies management didn't anything to shield can consumers from this mass. Now the article I posted from Gizmodo up on http://CraigPeterson.com has some colorful language in it. So if you're not into the colorful language, you might not want to read it because I'm skipping over that part here. But there are no new laws in place about this. There's no new accountability. And I'm not sure we need new laws about this. But I do think the regulations need to get a little bit more in the line of teeth. If you are a small company like these people we deal with every day, you know, you're under 20 million in revenue, it's hard to justify a major investment in security. It's, I get it, it's very hard, although you should be sent spending one to 3% of your budget if you're a large corporation of your IT budget on security. Okay, the little guys, that's the wrong number. It's a very high number, unfortunately, but they there have not really been any changes. private organizations, as I mentioned earlier, like the payment card industry is enforcing new rules. And they are legitimate rules. They are very tough rules, but the rest not so much. Okay. So they found in the info here that it was entirely preventable, that Equifax failed to take a to fully appreciate and mitigate its cybersecurity risks they found that had been the company taken action to address its observable security issues, the data breach could have been prevented lack of accountability and management structure, Equifax failed to implement clear lines of authority between their internal IT management leading to an execution gap. That's something else. We covered this last week In my FBI infraguard webinar. They had complex and outdated IT systems that you know, because of their aggressive growth. They had all kinds of problems because of acquisitions, not moving stuff in Does that sound familiar? Like the Marriott hack that just happened, right? Well happened started in 2014. And it's not entirely Marriott's fault but they've been on an acquisition spree and Starwood had been hacked. So there are some problems there right so they were out just out of date there were way too complex custom-built legacy systems IT security very, very challenging for implement responsible security members, they allowed over 300 securities certificates to expire including 79 certificates from monitoring business-critical domains they failed to renew an expired digital certificate for 19 months and that one it's expired certificate left Equifax without visibility on the X filtration of data during the time of the cyber attack. And we see that all the time you get an attack, there are indications that compromising yet the businesses have no idea what data was stolen, unprepared to support affected customers. It goes on and on. And there's a link in this article again on my website to get a full copy of the report and it's well worth reviewing. It might be something that I'm going to have to do a master class on, you know what lessons learned basically from the Equifax breach. So I'm going to set this article aside because I do want to follow up on that one. And wow, okay, all wrapping it up here. We only have a couple of minutes left if that we've got fresh zero-day exploit that's been spotted in the wild. So if you have flash on your computer updated, and I strongly advise that you remove flash. Now if you're using iOS devices, iPads, iPhones, you don't have flash, they've never had flash, Steve Jobs, Apple have never allowed flash to be placed on iOS. Okay, so you're safe. If you have a Mac. It is not enabled by default. But many people install it particularly a few years ago because many websites required it and in this day and age, there's no reason to have flash anymore period. Goodbye. So Personally, I'd say delete it because it has had so many security problems if you need flash for some particular reason, and make sure you update it because this one's another huge Okay, this is a zero-day flaw it's exploited in the wild already. And if you've given your DNA to 23 and me I've got a great article from Business Insider up on http://CraigPeterson.com DNA testing company, 23AndMe signed a $300 million deal and that's kind of a big deal because it's Glaxo Smith Klein. They're using the data to do research for developing medications that are a personal medication that you can use. And you know, I think that's a good thing frankly, because that's the future but let me your personal information your DNA is going to be out there and it's going to be shared so you got to make that decision visit 23andme.com make changes as you want to make sure you subscribe to my email list. I'm still getting that Christmas present together for everybody about how to keep your personal information safe the things you can do to stop the bad guys from opening credit cards and stuff in your name http:CraigPeterson.com/subscribe. Have a great week. We'll be back next week. We will take care bye bye. --- Related articles: Encryption-Busting Law Passed In Australia Will Have Global Privacy Implications Equifax Breach Was Just As Infuriating And Dumb As You Thought, New House Report Finds Flash Zero-Day Exploit Spotted – Patch Now! A Bug Left Your Microsoft Account Wide Open To Complete Takeover --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Hoover Institution: Cyberspectives
Lillian Ablon on Global Markets for Zero-Day Exploits and Stolen Data

Hoover Institution: Cyberspectives

Play Episode Listen Later Sep 4, 2018


RAND Corporation researcher Lillian Ablon discusses global markets for stolen digital data and zero-day exploits, the longevity of zero-day vulnerabilities, and the resulting impact on business risk profiles. Did you like the show? You can rate, review, subscribe. (Playing time:40:34)

Centrist Madness
Episode 13: Zero Day Exploits

Centrist Madness

Play Episode Listen Later Jul 24, 2018 52:29


We embark on a bold new publishing platform that will knock your dick in the dirt

zero day exploits
Digitalisierung. Einfach. Machen. - Der Digitalisierungs-Podcast der Telekom
Cyber Security: Von DDOS, APT und Zero-Day-Exploits

Digitalisierung. Einfach. Machen. - Der Digitalisierungs-Podcast der Telekom

Play Episode Listen Later Jun 20, 2018 19:47


Die Digitalisierung fordert auch das Sicherheitsdenken von Unternehmen heraus. Erfolgreiche Digitalisierungsprojekte erfordern effektive Strategien und Maßnahmen. Welche Gefahren bestehen aktuell und welche Abwehr-Maßnahmen muss ich ergreifen

Kurz informiert – die IT-News des Tages von heise online
Kurz informiert am 9.10.17: Sicherheitslücken, Forrester, BlackBerry, Facebook

Kurz informiert – die IT-News des Tages von heise online

Play Episode Listen Later Oct 8, 2017


Bundesregierung prüft Zurückhaltung von Sicherheitslücken Die Bundesregierung plant angeblich, das Wissen über Zero-Day-Exploits nicht zwangsläufig mit den betroffenen Unternehmen zu teilen. Stattdessen wird ein Verfahren vorbereitet, in dem für solche Lücken im Einzelfall geprüft wird, wie gefährlich sie sind beziehungsweise wie hilfreich sie für Geheimdienste und die Bundeswehr wären. Zero-Day-Exploits sind Sicherheitslücken in Produkten, die deren Hersteller unbekannt sind, für die also keine Patches bereitgestellt werden können und denen Nutzer somit meist hilflos gegenüberstehen. US-Marktforschungsunternehmen Forrester erwischt Hacker in flagranti In der vergangenen Woche hat das US-Marktforschungsunternehmen Forrester eigenen Angaben zufolge Hacker auf frischer Tat ertappt und aus seinem System geschmissen. Dabei haben die unbekannten Eindringlinge für Kunden angefertigte Forschungsberichte erbeutet. Sie hatten jedoch keinen Zugriff auf Daten von Angestellten, Finanzdaten und vertrauliche Kundendaten, heißt es in der Mitteilung. BlackBerry Mobile stellt zweites Android-Gerät vor Am Sonntag hat BlackBerry-Lizenznehmer TCL nach dem KEYone ein tastaturloses Touchgerät vorgestellt. Das BlackBerry Motion hat einen 5,5 Zoll IPS-Bildschirm mit FullHD-Auflösung und läuft unter Android 7.1. Das Smartphone ist zunächst nur in den Vereinigten Arabischen Emiraten erhältlich. In welchen anderen Märkten es angeboten werden soll, hat BlackBerry Mobile noch nicht bekanntgegeben. Facebook will politische Werbung besser prüfen Facebook will Werbung, die auf der Basis von "Politik, Religion, Ethnie oder sozialen Themen" an Nutzer gerichtet wird, künftig manuell prüfen, bevor sie freigegeben wird. Laut einer Ankündigung will das Unternehmen dafür insgesamt 1000 Prüfer einstellen. Damit reagiert das Soziale Netzwerk unter anderem auf verstärktes Interesse für Facebook-Anzeigen im US-Kongress. Diese und alle weiteren aktuellen Nachrichten finden sie auf heise.de

TechByter Worldwide (formerly Technology Corner) with Bill Blinn
TechByter Worldwide 2017-06-25: Google Drive and Google Apps Fill a Need. Why Zero-Day Exploits Matter. Short Circuits. Spare Parts.

TechByter Worldwide (formerly Technology Corner) with Bill Blinn

Play Episode Listen Later Jun 24, 2017 16:49


Because of some special needs, I've developed an appreciation for Google Drive and some of the Google Apps -- Sheets in particular. We haven't seen a lot of zero-day exploits recently, but they are still a serious threat and those who develop them can expect big financial rewards. In Short Circuits: What does Amazon want with Whole Foods? What Amazon did to book stores won't work in the fresh food market, but expect disruption. If you haven't contacted the Federal Communications Commission to argue in favor of Net Neutrality, now would be a good time to do so. In Spare Parts (only on the website): Sony says it has sold more than 60 million Play Station units worldwide. And this week I have an update on my older daughter's recent medical emergency, along with a lot of gratitude for the Ohio State University Medical Center.

Smashing Security
017: Data breaches, zero day exploits, and toenail clippings

Smashing Security

Play Episode Listen Later Apr 20, 2017 30:37


Hotel malware has been stealing guests' payment card details... again, should businesses relay delay rolling out vulnerability patches, and Burger King's Whopper TV ad campaign tries to take advantage of viewers' Google Home devices with predictable results. All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin. Show notes: InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region - IHG. Affected hotel look-up tool - IHG. Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware - Bitdefender. Microsoft patches Word zero-day booby-trap exploit - Naked Security. Microsoft zero-day vulnerability was being exploited for cyber-espionage - Graham Cluley. The Shadow Brokers - Wikipedia. Burger King's 'OK Google' sad ad saga somehow gets worse - The Register. Burger King Connected Whopper ad - YouTube. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Special Guest: Paul Ducklin.

The CyberWire
Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits. 

The CyberWire

Play Episode Listen Later Apr 13, 2017 14:33


In today's podcast we hear about how Ewind adware infests cloned apps in the Android ecosystem. Influence operations rise to prominence amid increased Russian and Islamist activity against Western targets. Accused Russian traitor makes jailhouse denunciation of Russia's coziness with cyber organized crime. Finspy found distributed via Word zero-day. And suppose you're doing a nickel in Ossining or San Q (not that you would be). Webroot’s David Dufour warns of tax-season phishing. Fred Wilmot from PacketSled explains the convergence of OT, IT and IoT. And, how do you stay connected in the big house?

Coffee Break with Game-Changers, presented by SAP
Data Security Breaches Part 4: Wising-Up to Real-Life Impacts

Coffee Break with Game-Changers, presented by SAP

Play Episode Listen Later Aug 12, 2015 57:00


The buzz: Spelling bee. Cybersecurity breaches in the headlines still strike fear in companies, governments and individuals worldwide. For businesses, the advent of the IoT can compromise secure access to critical infrastructures by connecting business applications with process/infrastructure applications, a traditional no-no. With today's Advanced Persistent Threats and Zero Day Exploits, how do you protect access between 30-year-old sensors without Internet protocol support? The experts speak. Gerlinde Zibulksi, SAP: “What is cybersecurity? C Y B E R S E C U R I T Y – CRY BE SECURITY – SECRET ICY RUBY – ICE CURRY BYTES – I RUT BY SECRECY.” Hillel Zafir, HMS Technology Group: “Let's start at the very beginning, a very good place to start. When you read you begin with ABC.” (Sound of Music). Richard McCammon, Delego: “We will bankrupt ourselves in the vain search for absolute security” (Dwight D. Eisenhower). Join us for Data Security Breaches Part 4: Wising-Up to Real-Life Impacts.

Coffee Break with Game-Changers, presented by SAP
Data Security Breaches Part 4: Wising-Up to Real-Life Impacts

Coffee Break with Game-Changers, presented by SAP

Play Episode Listen Later Aug 12, 2015 57:00


The buzz: Spelling bee. Cybersecurity breaches in the headlines still strike fear in companies, governments and individuals worldwide. For businesses, the advent of the IoT can compromise secure access to critical infrastructures by connecting business applications with process/infrastructure applications, a traditional no-no. With today's Advanced Persistent Threats and Zero Day Exploits, how do you protect access between 30-year-old sensors without Internet protocol support? The experts speak. Gerlinde Zibulksi, SAP: “What is cybersecurity? C Y B E R S E C U R I T Y – CRY BE SECURITY – SECRET ICY RUBY – ICE CURRY BYTES – I RUT BY SECRECY.” Hillel Zafir, HMS Technology Group: “Let's start at the very beginning, a very good place to start. When you read you begin with ABC.” (Sound of Music). Richard McCammon, Delego: “We will bankrupt ourselves in the vain search for absolute security” (Dwight D. Eisenhower). Join us for Data Security Breaches Part 4: Wising-Up to Real-Life Impacts.