 Alexa, what is today? Today is Thursday, September 14th. That means it's vlog Thursday. Vlog Thursday. Yay! We got one of these cool listening devices in our office because we weren't sure enough people were listening to us and we ought to make sure the government can too. And you ask her, hey Alexa, do you work for the government? Oh, she climbed up on us. Climbed up on us. Alexa, do you work for the FBI? No, I work for Amazon. I don't believe you. So the best part of this is telling where you got this, Tom. At a security company. That kids is what we call irony. Yes, had a great meeting. You can look them up. They're an interesting group of guys, group of guys, group of people, group of security professionals. Yes, human beings, a great group of human beings and a couple of them, maybe AI systems in disguise because they were really good. A cyber security company called CBI and other locals are big. They do security response and breach and all that stuff and sometimes you got to know your own limitations and that's part of the reason sometimes I like to meet with other companies like that because there comes a point where there may be some breach responses that happen and things like that that you need some outside help for because there's lots of legal navigation to do and so I had a meeting with them to talk about all those fun things that occur because here's the fun part. Lay it on us, Tom. I need a marker but we'll just pretend I have one. Marvin knows where I'm going with this. I do, yeah. We need tubes and markers. Tubes and markers. Just put the clip of our previous video in there. Yeah, yeah. So security is obviously a big topic right now especially since you know about a hundred and forty million people you know big database a little company called the Equifax and yeah I mean hey listen as long as you don't have credit cards a mortgage or a car payment you're probably fine. Yeah. As long as you know the people who have no credit all are celebrating going haha not me. Poor people for the win. Yeah right. Bad credit no credit. Sweet. Yes. And in a joke son they're offering free credit monitoring. Jokes on them. I already have a credit for you from another company that got breached and lost all my data. Yeah, yeah. Right. Haha. Like a hipster. I was doing it before it was cool. I had my data breached before you guys. Yeah everybody's thinking about the security now. Yeah well and then there's the ones that aren't and that's what we're gonna talk about right here. So I don't know the exact truth of this story but I like the story either way so we're gonna tell it and how it relates to what I'm gonna talk about next. Citizen journalism. Citizen journalism. It's probably wrong so you can stop here if you care about the facts. Anyways no this concept is a psychology count concept that was used I was told as I heard on how they got people to leave during disasters was they said oh you should leave there's an impending disaster coming and when the person would say no I plan to stay here they would pull out a marker and hand on the marker they said please take this and write name and phone number on each of your limbs so when we come back later after the disaster passes through your area we can put all the body parts together and know who to call and let them know. Grasm. Yeah it's gruesome. That's what you needed them I thought you were gonna do the VPN demonstration again. Oh yeah that was fun. VPNs with ink pens. Yeah yes no so as well as concepts and that's kind of where we're you know it's not a scare tactic it's we have some clients that are in clear violation of rules that govern them perhaps and they decline updating security they have firewalls that are 10 years old that were like you know right now I did do a vulnerability scan and there's currently no CBEs for this particular firewall but there's also no more updates for it because it's reach end of life from there you should really replace it because you have lots of things in your network that are very important to you and your clients and lots of them have the attitude of we're too small to get hit. I'm like okay and it still works and then they get hit. It's still working though. Why do I need to replace it? Yes it's working. Yes and some of them aren't our clients we came in because we were called from a place regulated under HIPAA compliance and they have a whole bunch of stuff that's way way outdated and they get 100 not gigabit 100 megabit switches which is part of the problem. The switching infrastructure and the firewalls are that old that they're only 100 meg. They're not to mention they bought them at Best Buy undoubtedly because of the brand it is I'm like yeah. The switch had a save by the bell sticker on top of it. Oh. So we want to make sure and if these if something worse happens to these clients for them after a client that we've got some type of plan. Now that plan it sounds like that's a cool contingency. I'll just have some breach stream come in. Be prepared because you could be upwards of seventy thousand dollars with these people I mean seventy thousand. Yes as opposed to you know us charging less than a thousand to replace that firewall far under a thousand replace that firewall you know it puts something decent in or we'd recommend even something better and intrusion production and all the whole thing but yeah to think that they want to decline everything and keep their you know 12 year old firewalls still in place. We just want to make sure that they also have another plan. It's kind of psychology. We're trying to scare them but we're trying to make sure they understand the series instead of this. It's not just Equifax and knowledge companies like Target when they get hit when they get breached we hear about our news. There are a ton of small companies constantly breached and it's it's a it's a problem that's getting bigger and bigger and it's something we've talked about it. I've actually had a lot of conversations with a lot of security people I know and that leads me to my next project. How'd they get hacked. How did they get hacked. How did they get hacked. So I first bought the domain and I gotta put a website up. I haven't done it yet. That's a hobby Tom has. He just buys domains. But I want to I want to compile stories and the stories you know protect the innocent. We're not going to reveal any names or anything in there but I know a lot of security professionals and I want more of them to help participate in this. I love a lot of the breakdowns and the details for how they get hacked. There's places like Krebs and security and a lot of others out there who do great details on some of those but I would like a more consolidated place that exclusively dedicates to the stories of all those because I found on Reddit some really interesting stories. Assistant men's have shared of how things went wrong in their network. You know when hackers got in and how they get crypto-lockered and you know one of them was just a overlooked misconfigured firewall rule which then someone had set the backup to like backup backup is the username password because they were testing and then they forgot after they were done testing to change the password again when they're trying to solve something. Those little things happen but it's like those couple calamities of one person on the firewall team. This is a bigger company that did the breakdown and then finding out someone else on the backup team you know that was supposed to be responsible for this. I mean it's a coincidence yeah but it was the way they got in and a hacker then held them ransom. He locked up everything but then also agreed if they paid the ransom because the hackers like to respond and reply and you've seen my text messages thing that was great. But they like to reply sometimes and so the hacker agreed that if they paid the ransom he'd say how he did it. Tell you how I did it if you give me your money. Yeah they well because he encrypted the backups and because he had the backup admin. It's kind of like a double-edged sword to you really you're gonna give me your money and I'm gonna show you how easy it was for me to do. Yeah and it was they thought it was something more sophisticated and it really was just a oops on a firewall rule that opened up remote access in an area it shouldn't have and a backup back I think was just like backup backup was the username password for the backups which of course led him right to encrypting the backups which put them in the perils that they were in because the hacker when he got in did not immediately just shut them down it's about oh you know they waited encrypted backups they made sure they were playing with a lot of things before they released the ransom or so they made a big mess of their network they got a lot of it back but those kind of stories and and getting into some of the details I think would be cool to all have in one place because understanding those stories makes us think differently about how we should apply security and I wanted to be a resource because somebody you know when you meet some of these guys who work where they refer to as like red teams where they do some of those pentesting not just they usually reveal the results of the company well they do reveal the results of the company to home like this is how we reached a company but having some of that knowledge as opposed to just what you should follow these guidelines and here's a really long thing but talking about this is what went wrong I think would be very valuable to the security community you know just in concept because the sophistication is getting so much faster or so much better and faster and we've dealt with a few of them ourselves that we like wow they sent personal emails and things like that to impersonate wait till the owner of the company was on vacation impersonated them while they were on vacation with them completely plausible email to do a money transfer for a vendor they met I mean it's it's got all the personal details in it too it's not just a he send money and you can spot it as a scam no they impersonate him so almost admire it really yeah the love association which leads you to the text message thing and I found this on Reddit I thought it was great but it was well those it was a scam link to a bank and the person replied right away like do people really fall for the scam and the person sending out the scams that they said yeah like 15% of the people that have a phone also probably bank at this bank and they go why don't you get a real job because I can't find a job that pays me $20,000 a week now the $20,000 was in Australian dollars it's on my Twitter yeah but still but still that's that's I think that we're gonna be like 16,000 probably something like that and then my phone to do the conversion that's still that's a sizable amount of money to send emails and it's not like there's one solution to this there's a it's a tiered solution it's user training combined with you know making sure all the firewall rules right and everything else but you know thinking about the levels of sophistication and it's hitting small businesses really hard but no one talks about it because when a small firm or small you know law office or something like that gets hit locally we come in we'll clean something up that's it there's not where do I put that story and you know share it with people they went through some sophistication and it's kind of devastating small business obviously devastating the Equifax is happening but yeah you know they have more money to throw at it and these small businesses just assume if it's not in the news they're not hitting us and that's such a problem and when it does hit them they don't want to put necessarily want that out there that's why you have to change the names and you're you know in this because target's gonna be okay target gets hit you're still gonna go shop there yeah cuz I mean that's just how that's gonna work but you know if my if my attorney or my CPA or somebody gets hit and my information gets out well I'm probably not gonna use them anymore yeah you know and that makes a difference yeah so it's really it's hitting the small business is really hard right now I think people won't realize that so my is to raise awareness with both you know anyone who wants to read the stories and the stories are probably gonna be very interesting about some of these hacks occurred so I'm hoping to get that rolling up here pretty quick some fun graphics and pictures to fun graphics and pictures yeah I want to do a combination of some stories and a lot of videos I want to actually sit down and do interviews with some of the people who've worked on the security side of it so we can have fun discussion about it and hopefully enlighten people on all the stuff going on in that learning learning new stuff get some learning stuff going other things going on I'll be gone at Microsoft not this week but next week because Florida is still there so that's good they sent me a plane ticket to go down there so hope everybody in Florida and in Houston are digging out or swimming out or whatever you do whatever that was on there good luck to you and we're pulling for you so me and the whole Sunday morning Lennox review team well not all of us one of us can't make it but me Tony and Mary will be down there so you have an open slot and you didn't ask me to go dude dude you don't know legs but I'm I'm learning though that's this is an opportunity this is unacceptable now I'm upset they had to struggle to get us three tickets because oh they didn't they're Microsoft well they they make it dramatic to us I don't know if they're really struggling so like a yeah that's coming up that's very cool produce a ton of video at the build conference but I was really the build conference only a couple days and we were really back to back doing all the interviews we're there for more time so I'm gonna be doing a lot of video down there and I want to interview some of the Microsoft people and talk about a few things and that's gonna be a lot of fun so I'm kind of excited about all the hat while Tom's away who knows what shenanigans will get up to here no Steve wanted by a pirate hat because he's gonna be running around yelling at the captain that's that's on his list I am the captain now for the love yeah all right we'll see how that's gonna happen it probably will it probably have the eye patch and you know what I'll give him a peg leg he starts running around saying I'm yes he gets a peg leg yes I am almost done with some virtualization changeover stuff so we're doing some upgrades here internally with our infrastructure which is also what I'm gonna be doing a zensor review I try a lot of different things I kind of like the zensor so this weekend if nothing else comes up I'll probably do the whole migration over there plus I'll do a whole video on the migration and how it works and all kinds of fun details because why not do both I'm doing to work and documenting to work on video so yeah we tried a couple of new things out this past week we tried that oh man I might do a review on it mighty thing that it's a good concept I just yeah it wasn't terribly there's like one there's one feature of it where it's like if you just hadn't done this it would be awesome watch a review on it you'll see it look it up it's called the ergo slider it's really interesting they sent us one and I told them we're not just gonna do a demo we're gonna do a multiple-person demo on it so I'm gonna show you how it works it's interesting I I don't know I type different so I'll that'll be a separate video maybe we tried the that alternative to slack well yes and so you guys talked matter most was when we talked about last week and it was rocket chat someone suggested thank you for a suggestion rocket chat has a wonderful web interface I really liked it and there their mobile app isn't bad if you use an iPhone it seems to work better on the Android but us getting messages was bad and the app just didn't work very good at all the channels would randomly show up and it would decide occasionally it wouldn't want to show the chat history when you close the app until you logged out log back in now this is really odd because we got it up and running which was easy I may do a video on it's almost not worthy of doing a video was so easy I use their snap package and I got it set up then it's got to installer to install less encrypt certificates right in it so that was really easy to do as well so all those things are pluses with it and follow their instruction like wow this only took me a few minutes to give it you know get it up and running configured with an SSL cert awesome then came try to use the mobile app and that's unfortunately is a big hang up for us we do a lot of it because my people are out in the field I'm out in the field and slack messages are our favorite way to communicate while we're out in the field it's like hey I plug this in can you check the log and see if this or that occurred and it just doesn't work fine for me yeah it seems to work on the iPhone that's one puzzle we had it worked on the iPhone these guys are like it's not work I can't see this and I'm just like message yeah so we may visit Rockets yet again later if there's an app update but the problems with the app appear to be common because there's plenty of feedback and they don't have very good rating in the app store so I didn't I looked up matter most I never got around to installing it but the app had same thing didn't look good so I'm kind of like and try an alternative Google is working on coming out with theirs they scare me a little because they're Google not have something already hold on let's talk about that because right here I have my my Google alo and then we got what was the other one they had they we can hang out still but it's deprecated and there's there's another one they anyway Google has a few of them and none of them are clear there's not a roadmap they I think they're working on something that looks like a slack competitor I don't know where they're going with that we do enjoy hangouts hangouts actually work really well but I I've heard rumors that that's going away and so do you build anything on top of that yeah I know the video works really well on it so I'm like you know I prefer something open source but it comes back to I need an app that works and slack does the job so we're sticking with slack for now there's a quick change of subject but it's a good segue off of Google maybe you know this Tom so on the you know on the side I do some writing and I belong to a writers group we were discussing last night that somebody said that they had heard that if you write anything in Google docs Google owns the rights to that thing no I didn't think so yeah from what I could read it was they they have the right to use what you upload and store in there to better their product and promote their product but they don't own it they're not allowed to use or see the text you write yeah okay so they have a pretty sure I understood that yeah they can see or use it that that's where there's some convolution that comes in on rights to things like the voice because a lot of people like oh Microsoft's using the voice for telemetry that came the big deal it as much as normally I would jump on the let's bash Microsoft back and I'm much more rational person on things don't make any sense like that like yeah they kind of have to send telemetry back in order to do the voice recognition to make sure the words were coming out of your mouth in a way to understand so right but everything going to cloud everything is going to be in the cloud I mean apps everything like you can't have if that were the case then Google and Microsoft would own every single thing that's ever going to be written from here on out yeah that's not gonna happen there's so yeah there's so much confusion it goes around all that so that's definitely everybody if everybody read their terms of service they would know I mean I read every single terms of agreement that I get yes so and in comes back all the way around we're putting a cloud and you think about security on it and everything else yeah terms and conditions I don't I my videos rather popular about that because right away so you know we're trying to sort out the whole Equifax breakdown and I'm like someone to point it out and I've right away did a video on it because I'm like this is BS before everyone runs and signs up so I share this on my foot with my Facebook friends too I'm like the terms and conditions apparently you opt out of being able to sue Equifax on this and so yeah if you if you get their free credit monitoring you out you opt out and all their free credit monitoring is from my understanding is every couple of months they'll give you your credit report which you can you are entitled to 10 of like every right isn't it 10 every year I think something like there's a law now that says you're entitled to get your credit report free so many times a year so they're providing you for free a service that you can do for free they're not actually monitoring transactions and stuff that could be happening really they're not doing that Krebs on security is one of my favorite good security blogs to read he has amazing articles on there and I'll link below the the title of his for his aquifax one this is the dumpster fire that of ex aquifax is dumpster fire of a response or something like that it's a great read about everything that went wrong something triggered Alexa it's I said dumpster fire Alexa got excited oh yeah it's probably heard fire oh no she's gonna think some fire fire fire no okay anyway dumpster fire that is aquifax that's that's that's accurate though that is accurate yes so that yeah that's definitely crazy there's a lot of things going wrong I mean we're gonna hold off until there's a full debrief because I'd love and hopefully they do a good breakdown because of the facts being in the light that they are of everything wrong now we don't know when I don't know if this is a claim or we actually know it's for certain they're claiming there was a vulnerability the problem is that the software that they claim is about a billion there was multiple but some were passed and some weren't so when did it happen why did it take aquifax so long to know someone was inside your database there's so many questions we want answered about this I believe Krebs will probably have the first reports on that coming out so yeah it's it's really I have the answer aliens aliens aliens did it every time it's always aliens aliens yeah aliens stole our social security numbers you know someone did ask me because they can that's how they actually fuel their ships with social security numbers yep well people don't know that well people know that um here's something interesting in in lieu of this now there's a there's some companies that keep pricing notices and a lot of security companies internally do this and I'm tremor the name there's there's a couple places you can Google it they keep prices of things on the dark web so I've talked a little bit before about the dark web and one of the prices they have right now is what it what's all security numbers are going for and apparently this aquifax for you to just kill in the market for these things supply and demand right it's flooded the market literally supply and demand and they haven't hit the market yet but when they do like this is this is changing the the market dynamic for the value of a social security number so what the what are the chances that this will actually be like a good thing and people will stop buying so there are selling so secure numbers because it's not worth it yeah was that was that meme the the one you know when everyone's something that no one is whatever yeah when everyone's hacked no one's hacked this could turn out to be the best you don't thanks aquifax yeah thanks this could turn out to be great you guys are heroes so scary numbers anymore that's great idea that's fantastic anyways you should not have anything like that we should be using some type of public-private key crypto but it's an entirely under discussion which I thought about making a video about of how we should be doing it but that's said this stuff just so you know does end up on the dark web that's generally where this stuff goes and will be sold and parsed and yeah we need to talk about the dark web sometimes yeah get under later they get understanding people yeah the dark web and Bitcoin they'll just can't wrap my head around Bitcoin Bitcoin and dark web the two things kind of go hand-in-hand yeah I just can't get anyway get anywhere I just can't get my head around Bitcoin every time I think I understand it somebody said something different and I'm like the son of a yeah we gotta do the Bitcoin discussion yeah gotta bring Alexa what's Bitcoin thank you been helpful Alexa what's the current price of Bitcoin as of about two hours ago one Bitcoin was three thousand five hundred seven US dollars and thirty nine cents there you go where can I just find I just want all Bitcoin that's all I want is a $3,000 of Bitcoin tell me my watch as a Bitcoin all right all right we're we're gonna done and Felix content here like and subscribe more videos coming and all that fun stuff see you next week see you next week