An ISO 3103:1980 compliant podcast that explores the issues with tackling the insider threat and its impact on the key business functions and information security program of organizations

4 Dec December

Welcome back! This is episode 28 of The Insider Threat podcast, for the week of December 4th, 2017.

I want to thank Dr. Helen Ofosu once again for coming onto the last episode and giving us some insight on ways that psychology can be used to reduce insider threat risk

My Thanksgiving was great, aside from half the family getting sick that weekend, but we got to catch up on lots of movies

Haven't received many t-shirt designs, so there's still a chance if you want to get in on it (chosen design gets first shirt)

 

Infosec Question of the Week

 

It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was "In the early 1980s, William Gibson coined the term 'cyberspace' when he wrote this."

The answer was "Neuromancer".

According to Wikipedia, Neuromancer is a 1984 science fiction novel and is one of the best-known works in the cyberpunk genre.

 

Congratulations to Ryan from Caparra, Alex from Binghamton, Rory from Syracuse, and Rich from Virginia for getting the correct answer.

 

Here's your question for this week: "In the movie "Hackers", one of the characters posed as a maintenance worker and crawled under a desk in order to install a telephone bug. What was the handle of this character?"

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Crack".

 

Discussion Topic for the Week

This week’s discussion topic is not becoming a victim over the holidays

- We just had black friday and cyber monday

- You're using credit cards, email addresses, and online stores more

- You are willing to shop at online stores you wouldn't typcially shop at to get a good bargain

- Stores have temporary employees that might not have as much of an issue leaking or stealing information

- Dont use your company email to purchase personal items

- Hackers will pretend to be the store you bought things from, the shipping company, and tech support

- Just like with everything else, try to avoid clicking on any links in emails

- Always check to make sure your connection is secure before paying online (https)

- Stick with familiar, established retailers

- Try not to use public wifi

- Not a bad idea to change your passwords immediately after the holiday season

 - The holidays are a great time for credit card or account information thieves, as they can sit on a network for a shorter period of time when employees are too busy to notice anything and gather more data, faster

 - Treat yourself to a password manager (they are cheap or free) and make sure you keep it up to date. I use lastpass.

- Expect phishing emails. You'll more than likely get a few.

- Monitor your credit card statements

- Watch out for sites like craigslist, where people might be more willing to scam or phish you

- There couldn't be a better time to educate your family members and coworkers on the importance of information security at home

 - Common targets are senior citizens

- Ignore popups on websites that may be caused from malvertizing or compromized sites

 

News

Apple Mac OSX High Sierra flaw allowed users to log in as root without a password

Followed this as it was happening on Twitter

Patch is out but some people are saying the patch didnt fix the issue. Make sure you check your own installation

MacOS Update Accidentally Undoes Apple's "Root" Bug Patch

The company's fix for an embarrassing security bug includes a big bug of its own.

Insider threat — Chemours employee steals trade secrets

Insider threat — Chemours employee steals trade secrets

Chemours' off-boarding process provided the evidence that Jerry Jindong Xu stole trade secrets and intellectual property and tried to monetize the information in China.

Jerry Jindong Xu, a Chinese citizen, had over the course of several years, stolen the intellectual property and trade secrets of his employer, Chemours. Xu had worked for Dupont China from 2004-2011 and transferred to the U.S. in 2011.

Proprietary data was taken - ways that chemical compounds are produced and processed, blueprints for a new factory, potentially valued in the hundreds of millions

Tried to shop around with competitors to see if he and someone else he used to work with could profit from the data

Chemours noticed that the data was taken, asked for it back, and filed charges when he claimed that he didn't have anything

 

Thought of the Week Segment

Our thought of the week comes from Hamilton Wright Mabie, a late 19th century American essayist, editor, critic, and lecturer. He said, "Blessed is the season which engages the whole world in a conspiracy of love. "

 

Outro

 

Thank you for listening to episode 28 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

 

Thanks again and I'll see you folks next time!