Zoom Security Breach Details and Other Insights

Unsecurity Podcast

Brad and Evan are back for the 75th installment of the UNSECURITY podcast. This week, they take a positive spin on the COVID-19 outbreak—discussing hope and how FRSecure is trying to instill it. They’ll also dive a little deeper into the zoom security breach and issues we’ve seen around Zoom.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:23] Brad Nigh: All right. Good morning everybody. This is episode 75 of the Unsecurity podcast. Today’s april 13th 2020. And I’m Brad and I joining me is my co-host. Evan Francen. Good morning Evan. How are you today?

[00:00:38] Evan Francen: Doing all right. It’s cold. I’m tired of it for from Minnesota man. I It’s 20° when I got up this morning,

[00:02:06] Brad Nigh: Yeah. So we are remote still. We’ll be remote for who knows how long? But we are recording the show on zoom, which I know some people are probably surprised to hear that zoom. Um, we’ll talk about that a little bit later first. You know, you mentioned your easter, sunday going to drive through church. Anything else over the weekend? Do a chance to finish your chicken coop on saturday.

[00:02:33] Evan Francen: I did. I almost finished my chicken coop. I just have the top role of what I call it, the cap on the roof. People rift something before

[00:02:42] Brad Nigh: I have.

[00:02:44] Evan Francen: Okay. Yeah, I have to and I’m not good at it.

[00:02:47] Brad Nigh: But sure it’s like anything right? You have to do it a bunch to get good at it and it’s not something I ever want to do. A bunch.

[00:02:59] Evan Francen: No, no, it was, but it’s a small, you know, it’s a chicken coop. So it’s not like you’re doing a big, you know, house or anything, but it was nice to get that. All done. I’ll send you a picture later on. Nice.

[00:03:14] Brad Nigh: Yeah, be cool. Um what do you do? Just hang out, play some games with the kids? Just trying to, you know, unlined a little bit, it’s been uh It’s been tough with the three kids at home, so. Yeah.

[00:03:29] Evan Francen: Yeah, what’s new with that now? Are you, are your kids going doing online school again?

[00:03:34] Brad Nigh: Yeah, so all three are the girls are doing fine, they’re uh they’re used to doing The stuff on their iPads, so they have scheduled like 1520 minute videos for each of their classes throughout the day. They have to jump on and do and then they have homework and stuff so they’re doing fine. But you know, Jack stuff is in kindergarten, so it’s it’s been a little bit harder for him because I can’t read or anything, you know, here read the instructions he’s learning to read, I should say. But yeah, we’re gonna mentioning we were debating Meissner, so she gets we had the child care through the school district because she’s a essential, Yeah, we’re debating whether or not uh you know, a bunch over last week, should we take advantage of that? Because it’s an additional exposure plants? Is that risk assessment that people don’t always think about that. Um We ended up, we’re gonna try it today and see how it goes. Cool.

[00:04:36] Evan Francen: What have you been? So what have you been busy with like last week, what was kind of the most time consuming thing? You you had to work

[00:04:43] Brad Nigh: on? Gosh, it’s just it’s been a lot of things trying to wrap up the Q1 stuff and get prepared for video this week and and then uh see MMC stuff. Lot of the seaman’s, it’s uh A little bit more in depth and I think I was expecting when I first looked at the controls, I was like, 017 this for level one. That’ll be easy. And then you look at it and it’s like these big sweeping statements that are good. But MAC to a bunch of a sense of the s to ward controls, right? So it’s a take me a little longer, it’s like, oh man, yeah, it’ll be good. It’ll be it’s I think CNN c is going to be a net positive. It’s way better than the the fires and 801 71 that somebody small companies are having to comply with now. Yeah,

[00:05:44] Evan Francen: yeah, I spent a lot of time last week on, I think I did seven webinars last week. Mhm. I did one for South Carolina. Uh south Carolina s a chapter that was that was on friday. And uh I got a lot of traffic on twitter, you know, more than I was expecting and I yes, it went pretty well, you know, it’s hard to tell. It’s so much different doing webinars and doing, you know, face to face, you know, when you’re speaking. So this was originally I was going to be flying down there and and speaking to the group because you just sit there and everybody’s can kind of just staring at their camera? Mhm. Yeah. You know, and see a joke and you’re like, I don’t know if any of you got that.

[00:06:31] Brad Nigh: They’re like staring, didn’t these? Are they? What’s going

[00:06:35] Evan Francen: on? And then that we did the the, the safety and cyber security at home 101 series.

[00:06:45] Brad Nigh: Okay. Oh yeah, with uh go through security studio,

[00:06:50] Evan Francen: Yep, Yep. We did five, so monday night, Tuesday night, Wednesday night, thursday night friday night uh monday night was kind of the introduction and then the rest of the week was actually going through the s to me tool. So with some, you know, some depth. Yeah, we recorded it also, it’s all upon upon Youtube

[00:07:11] Brad Nigh: on the Youtube. That’ll be uh that’s good. I want to be interesting to watch the traffic on that and see how people yeah, look at it and view it over time.

[00:07:23] Evan Francen: Yeah. Yeah, absolutely. Well, it’s just, you know, creating bunches and bunches of content, right? Trying to get the word. I’m trying to help people uh you know, some people, I swear some people don’t want to be helped.

[00:07:37] Brad Nigh: Yeah. You know. Yeah, and it kind of transitions into the main topic of of hope because I think um you know, like you said, the notes, Hope is a beautiful thing, right? It’s sometimes that’s all we have, so how does hope play into it? And I think that’s part of it is, you know, maybe some of these people that don’t are looking for help or don’t want it, maybe they don’t have that right now. It’s it’s tough. You know, we’ve been doing a lot of discussion at the mention of unwanted if I’m scared to like, what can we do to to help what we give away? Like companies are, everybody is struggling. So how can we help? And I think give hope and continue to, you know, forward the mission when nobody really knows what’s going on.

[00:08:32] Evan Francen: Yeah, I mean, I and I wrote the, uh, you know, I wrote the show notes yesterday. Um, it was after coming back from that church thing. You know what I mean? I just came back with like just a renewed sense of hope. You know, you mean the point of the day really, you know, for easter is, you know, the promise and the hope of, you know, what’s to come. And so yeah, it’s kind of the same thing with this, right? I mean, we’re all sort of stuck at home. We’re all sort of in the same boat together. What keeps us going, man, it’s, you know, it’s hope, hope that we’ll get through this just fine and hope that maybe even will be better than we were when this thing started.

[00:09:18] Brad Nigh: Yeah, yeah, it’s there. I think there’s there’s an opportunity here. Yeah, it’s if, you know, you hear it a lot, but if you don’t come out of this changed for the positive. Yeah. I don’t know how you, you missed it right? Yeah. Great, amazing opportunity to kind of reset a little bit and maybe, I don’t know, get rid of some of the sharp divide.

[00:09:49] Evan Francen: Yeah. Well when the sharp divide, right? I mean you kind of saw that the beginning of the, you know, the outbreak here in the United States, you saw, you know, sort of the left em in politically right, The left right sort of, you know, complement each other. And sadly in the last few weeks there back to the same bickering crap, you know that we’ve had to deal with the last God knows how long, you know?

[00:10:16] Brad Nigh: Yeah, yeah. What’s what’s frustrating? I think it’s a nurse. So you know, she’s got probably a little bit more information on some of this stuff. But if all this self isolation, all this social distancing goes out the window. So the last three weeks months of whatever, we just go up, everything’s back to normal, it’s just gonna come right back and we’ve just thrown out a month of and it’s like, you know, you’ve been going into the office but not seeing anyone basically at home, made one, maybe two trips out to go pick up things for the dedicated shopping person in our house. So like I’ve been out of the house probably seven times in the last month total. Yeah.

[00:11:09] Evan Francen: Well if you do have to go out right, you just, you play by the rules, right? I mean keep distance from people wash your hands regularly and

[00:11:18] Brad Nigh: just limit the limited right? We’re just doing instead of like picking up something on the way home. It’s all the shopping at once. Yeah. Which by the way is eye opening when you, you’re gonna be for a family of five for an entire week is like, huh?

[00:11:36] Evan Francen: Yeah, no doubt, man. Yeah, thankfully I’ve only got one kid left at home, You know, the other four moved out. But you know, within our industry, I’ve seen, you know, things that like, there’s a lot of things that people are given away for free, a lot of free trainings and things like that. It’s, it’s been cool to see that stuff and been cool to see, you know, there’s uh the twitter group crap, I can’t remember the name, but it’s uh you know, a bunch of information security people just kind of donating their time and and energy to help other people who are less fortunate. Yeah. And I always love being those things now, but it’s like, where were you before this? Why did it take the covid thing for you to get this way?

[00:12:25] Brad Nigh: Right. So like you mentioned that I’m, I’m not gonna say who it is, but you know, there was one group that was like, hey, we’re giving away a million dollars with the training for, For this. We’re like, you’re coming, we’ve been doing this for 11 years without saying anything. Yeah. So yeah, it is awesome to see. And I hope that this does continue to get free resources out there and things like that. But it is a little Yeah, yeah. It feels a little icky for some of that marketing stuff to be like, right, you know, because of this, we’re doing it just because it’s the right thing to do.

[00:13:04] Evan Francen: Well, yeah. And that’s what, that’s my hope. My hope is that people that are giving away free things in our industry and people that are, you know, doing the things that seem uh you know, really good, aren’t they’re not just doing it to try to get something in return. You know what I mean? I just have a feeling that some of the people, I know that some of the people are doing this to get something in return as opposed to why don’t you just do this all the time? Why don’t you just give things away all the time? Why don’t you just love people all the time? Yeah, that’s my, that’s my ultimate hope is that our industry, a lot of these people that are giving away free stuff will always do this after the pandemic.

[00:13:46] Brad Nigh: Yeah. Well, you know, I think so many companies are driven by the bottom line, not, not necessarily like we are with the mission of fixing the broken industry and when I think, I don’t know, I think we’re doing it the right way, right? If you you go through and do things the right way the money will follow. If you go after the money then you’ll never hit your mission. I think he there there’s some skeptic in me that some of these companies are, we’re not doing it for the right reason, right? But I really hope I’m wrong.

[00:14:19] Evan Francen: I do too. And in that hopefully people that are listening and people that um let me, let’s encourage those people that are doing it to keep doing it after the pandemic, after we’re through this and we’re on the recovery, you know? Yeah. Because we started we we have always been this way. We’ve always been kind of a and we’ve resisted the urge, right? I don’t know how many times we’ve been asked, you know, you should be charging for this. No, we’ll always give it away. Uh you know, I’m talking specifically, I’m talking about the C. I. S. Sp Metro program for our listeners. I was talking I was talking to chris roberts this morning narrowly talking to him, but we were, you know, going back and forth on linked in and uh I told him that you know, today is gonna be a long day for us because 6:00 We teach, you know until 8:00. And uh You know I told me, you know, we have 1200 students more than that and he didn’t even know, he was like holy cow, you know what I mean? I’m like, but you know, part of me is also thinking maybe we should tell people about it more, not to boast about it, not because we want something in return, but hopefully so we can get more people become advantage of it.

[00:15:41] Brad Nigh: Yeah. Yeah, I think It’s very been it’s been very much organic to get the 1200 because pretty much the only marketing or whatever you wanna call it behind it has been like, hey, it’s open now on like clinton and twitter and it’s about it. Big pushes though, adds there’s no nothing about it. Like on the main page of the website, it kind of tucked away just we’re doing it because it’s what needs to be done.

[00:16:15] Evan Francen: Yeah, maybe we would get more of them and be able to help, but I always feel a little dirty about it because you know, I don’t want it to be boastful. I don’t want to boast about it, I don’t want to be proud, you know, full of pride about it.

[00:16:32] Brad Nigh: What? It’s been doubling almost every year. I think that since, well this would be the fourth time I’ve done it and it’s mhm. It’s pretty much doubled every time.

[00:16:44] Evan Francen: Yeah, it’s been cool and this year is the first year we got cola helping us out. So the way I see it, What we got 14 classes.

[00:16:54] Brad Nigh: Yes. So I got 13 point.

[00:16:56] Evan Francen: So that means that each one of us has to do four and then two of us have to do five. Is that right? Would you look up evenly?

[00:17:08] Brad Nigh: Beaches would do. Yeah. Yeah.

[00:17:11] Evan Francen: Okay. That’s not so

[00:17:12] Brad Nigh: bad. It’s gonna be nice. It’s like you said it’s a long day. Especially Mondays because we’re recording this at seven a.m. So it’ll be 13 hours of being on. Yeah.

[00:17:26] Evan Francen: Yeah, that’s true man. So those things I mean the biggest thing I’d like to see more out of our industry is more collaboration, more working together, more doing things for the good of humanity and less doing things for profit. Let’s doing things for pride. You know we’ve got so much ego in our industry and we’ve got so much money. I mean I don’t know what the dollar was supposed to dollar amount was supposed to be this year but it was like 100 and 30 $140 billion. Yeah, spent on security. And so what I’d like to see us do is focus more on the people that are under served. You know what I mean? Stop going after enterprise. Like they’ve already got you know, multimillion dollar budgets and all kinds of blinky lights that they don’t know how to use, right? But they also can afford to make mistakes, right? It’s the small medium sized companies that you know are screwed and they’re the ones that that took, the biggest brunt I think are taking the biggest of the economic

[00:18:28] Brad Nigh: Yeah, yeah. You’re seeing the big enterprises that, you know, the airlines and some of those that are getting dedicated amounts to bail them out or cover their pit cost during this. The small companies that are struggling,

[00:18:43] Evan Francen: right? And I think it’s always funny too because you see the big companies and you know, one in particular which is right in our neck of the woods and I’m not going to mention them by name because We probably do business with them, but you know, it’s a big company and they gave uh $50 million, but this is a company that has, you know, like, I don’t know, $30 billion dollars in cash or something like that, you know? So it’s like you’re $50 million if you put that into context with like what me or you would donate, it’s like five bucks, two bucks. I mean it’s not even like it’s so inconsequential to what they can afford. I’d like to see bigger companies and people with more money just kind of step up a little bit more.

[00:19:27] Brad Nigh: Yeah. Yeah. I think this will be interesting to see from corporate perspective, like there’s gonna be some companies that make their name and some that people are gonna be like, wow screw them if that’s how they’re going to treat people forget it. Mhm.

[00:19:43] Evan Francen: Exactly. When we knew that kind of going in that really all we needed to be for us is just be who we’ve always been, right, stay focused on the mission, stay focused on serving people and we’ll come out of the other other side. But people remembering that right? When they needed, when they needed a friend, we were there.

[00:20:03] Brad Nigh: But I think that’s the biggest thing I know our sales team is, hey, I’m not here to sell you anything. What can we do here is our free stuff. Like, you know, everybody is, I think people are getting a little bit of uh sales fatigue. I personally have gotten more just unsolicited calls from random companies trying to sell me something in the last three weeks that I’ve gotten in years. Yeah. And it’s like, come on. So it’s a little different. I think that’s kind of how we’re trying to approach it is how can we help you? What? Here’s our free resources, health, you know, what do you need?

[00:20:46] Evan Francen: Yeah, I almost don’t fault either. The people that are calling like that I, I sense like there’s a real desperation behind it, you know, they’re just trying to yeah, survive I guess. But yeah, it is sad to watch it and it sort of sucks to be on the other side of it. It’s when the bigger companies call me, you know what I mean? They’re trying to sell me stuff or pitch me something or they do the manipulation, you know, they’ll give away something free, but you know, that there’s like strings attached, which then, which then like gives gives us a much harder time when we say we give stuff away for free. I think a lot of people are skeptical about like, right, I’ve been burned by this before. It’s like, no man, try me. It’s been 11 years, 12 years. We’ve always been like

[00:21:34] Brad Nigh: this, right? Yeah. There’s a track record here. It’s not right. Not some fly by night operation. This is yeah.

[00:21:43] Evan Francen: There’s no catch.

[00:21:45] Brad Nigh: Yeah.

[00:21:46] Evan Francen: Which makes it even, you know, hard to because it hurts the mission. You know, it’s like when we were doing S2 or got on security studio, we were doing this tour for free and people wouldn’t take us up on the offer. I think they’d rather pay, obviously I’d rather pay $10 $15,000 for an assessment rather than get, you know, get a tool for free.

[00:22:11] Brad Nigh: Yeah. I think part

[00:22:12] Evan Francen: of it because because I thought there was a strings attached. You know,

[00:22:15] Brad Nigh: it’s crazy. Oh man.

[00:22:19] Evan Francen: We’ll just stay consistent. You know? And the hope is that maybe, I don’t know, man, I hope that this helps. Maybe the the industry get more on mission, you know? Yeah,

[00:22:37] Brad Nigh: Yeah.

[00:22:39] Evan Francen: I’d like to see that.

[00:22:41] Brad Nigh: It would be uh it would be nice. We’ll see what happens, right? Yeah.

[00:22:47] Evan Francen: What’s what’s up our secure doing then still hold,

[00:22:51] Brad Nigh: I think because we’re trying to pump out as much free content as we can. You know, we’re co doing those daily insanity podcast with you and security studio. I know we’ve had you know, brainstorming sessions because that like what can we do to help? Uh huh. So yeah, just we’re here.

[00:23:16] Evan Francen: Yeah man. I love I love the management team at fr secure because it’s really cool to see that you guys are are so on mission. You know what I mean? I’ve known you long enough and I’ve worked around you enough to know where your heart’s at. That’s really, really cool. Well, you know, we genuinely give a give a guy about people, you know?

[00:23:39] Brad Nigh: Yeah, hopefully that comes out to all right. I think because it was it was funny we had a fool but it seems silly, but it was a full hour of just like what can we do? And it was even with you know, through the sales director and it wasn’t what you what can we sell? It was what can we do? Yeah. And you know, anybody that knows a salesperson for a sales director is like rep really right. You know, it’s top to bottom like how can we help people, what can we do to get them through this? Yeah, I mean I’d rather you know, was that the announce of prevention is worth a pound of cure. Let’s we know that the incidents are going to come. People are going to get this. We’ve seen the attacks come up? What can we do to help people prevent that or minimize what happens, Right? Just anything. So, Well,

[00:24:37] Evan Francen: yeah, that’s what makes it hard. You know? And it’s like this covid so you can’t like, you know, go out to a food shelf or anything or, you know, excuse me, you know, go help build a house or in the food line or anything because you can’t go anywhere.

[00:24:55] Brad Nigh: Right? Yeah. And and I think what we’ve it’s been kind of surprising what’s what we’ve been struggling with the most is not our capacity to do stuff right? From a work perspective, we’re humming along with the only thing we can’t do is physical pin test, right? You know, everything else we can handle. We’ve got things in place to do the assessments remotely the pc I work and everything we can do. Companies aren’t prepared to do it right. They’re still trying to figure out how to make things work and like, okay, so how can we help you? And they’re like, I don’t even know what’s going on yet. So it’s like, well, how let us know,

[00:25:42] Evan Francen: well, that’s it, man. And they will, right. I mean when you make the call because I’ve done a lot of this, you know, So, you know, some of the things that that were doing to it, security studio is we’re just being France. We’re finding that everybody is up for talking? So we just talk how’s it going? How’s the family, How are you hanging? You know?

[00:26:06] Brad Nigh: Yeah, I think that’s a big thing once. If we can get a hold of someone to just here, hey man, what can we do? How are you doing? Yeah, and just, it’s a it’s a very different. I don’t know, I’m a little biased, but I think we are different and I hopefully that comes across and is apparent.

[00:26:27] Evan Francen: Yeah, I love it man. I called like my surge, my Russian friend, you know, talked about him a lot, but I called him because I know he works in the travel industry, right? And I know they’re just being decimated and just called him on saturday and not this saturday, but the saturday before and and say, hey man, you know, it’s going to be okay. The travel industry people will travel again, I’m sure of it. Just so you just have to endure.

[00:26:56] Brad Nigh: It’s gonna make it through this neck. But well, that’s a, I think that’s the toughest thing is nobody knows how long this is going to last.

[00:27:03] Evan Francen: No, that’s right.

[00:27:05] Brad Nigh: Until we get some, some testing and tracking in place. And yeah, it’s just, I think that’s the toughest part is it’s just indefinite kind of being

[00:27:19] Evan Francen: Yeah, Well, it takes a lot of faith to right to believe in things that you, you know, you you don’t have the details.

[00:27:27] Brad Nigh: Yeah, it takes a lot of people,

[00:27:29] Evan Francen: right? It’s funny because it’s not like you have to have faith in jesus, our faith in anything, but you have faith people have faith mm That’s what keeps us going every day. That’s what gets me up in the morning, is today is going to be a day where either I can make a difference in somebody else’s life or somebody can make a difference in mind.

[00:27:50] Brad Nigh: Yeah, Yeah. But yeah, that’s what I love about working here is like the end of the day, do you feel like I need a difference? Mhm. And help someone, Right? No matter what I’ve done. So it’s not just like chasing a dollar, getting a paycheck and clocking in and clocking out. We’ve all had those jobs are just like uh I don’t I feel dirty, but I need a job, right?

[00:28:17] Evan Francen: Got bills to

[00:28:18] Brad Nigh: pay. Yeah. So

[00:28:20] Evan Francen: yeah, we’ve also been creating, we’re trying to create a whole bunch of like, new content, like webinars and things. We feel like, like people, we’ll watch videos, they won’t read stuff necessarily, so create some kind of videos, you know, regularly. So doing webinars and then recording those things and making them available. Doing a lot of that stuff.

[00:28:43] Brad Nigh: Yeah, I think we’re gonna be working from the fr security side on similar things, you know, maybe some some training on some open source tools for like pen testing or security that we would use in pen test. Um and then, you know, kind of soliciting questions ahead of time for, you know, we did that initial two webinars of kind of the back and forth. Well, hey, let’s send it out and say submit a brand. It can be anonymous, who cares. But any question you want, we’re going to just go and all we’re gonna do is answer questions, right, yep, plane, it’ll be online, whatever. Like I think you’re right. I think that’s going to be the more are popular type of thing, some sort of human interaction or even if it’s just watching the video versus reading, right?

[00:29:36] Evan Francen: Yeah, I was talking to my uh my neighbor, he’s a high school teacher in bloomington Minnesota. And so we were just showed him my chicken coop because he’s got chickens too. I guess that’s a thing in my town now. Yeah, so he came just looking at my chicken coop and and I was talking about, you know, what’s it like getting school back up and running again, you know, from uh you know, distance learning and all that stuff and what are the challenges. And it was pretty cool. Um And then we got to talking about, you know, how information security sort of fits into that. He’s a science teacher, so he doesn’t really

[00:30:13] Brad Nigh: inside it.

[00:30:15] Evan Francen: No, the conversation went weird quick. And then then then you get a real it back, you’re like, all right, all right, let me let me tell you. And so, but it was he was cool because you know, when you talk about the role that information security can play during the recovery, it’s trying to be there for people. Um Because I want, what I want to do and what I was telling him is like a 12 in education. I want to simplify information security. This is like a good opportunity to almost start from scratch. It seems like where we can focus on the fundamentals. Don’t buy a damn thing. Don’t buy anything. No blinky lights. You already had blinky lights fundamentals. Start with assessment and build a basic information security program that everybody can, you know,

[00:31:09] Brad Nigh: it has been, you know, that that’s a good point. Um a couple of the clients is talking to have said, right, no expenditures at this point. So they’re actually kind of sort of being forced to focus on their policy procedure, those things that just take manpower but no expenditure and Yeah, but they never would have been then it just never would have been a priority because there was other things that were going to buy and put in place and do all these things and every elder purchasing is on hold. So it has been kind of a positive from that standpoint too. Hey, we gotta do something alright. Client will do the things that we never really wanted to do but are really are the fundamentals of critical thinking. Self

[00:31:59] Evan Francen: yeah. And I would, I almost feel like it’s a bigger part of the mission right now even to be there for when they get back up and running. Uh not because we have all the answers, but because we know our heart is in the right place. I know that I will never take advantage of them. You know, I mean anybody really so like When KK- 12 gets back up and running again, hopefully we have established enough friendships with people in that industry so that when they’re ready we can focus on the fundamentals and not charge an arm and a leg for it, right? I mean we just need to make enough money to keep the lights on, you know, at the end of the day, right? Uh And the reason why I feel like it’s like a sense of urgency is because we we have to keep the money grabbers out.

[00:32:57] Brad Nigh: What? Yeah. Yeah.

[00:33:01] Evan Francen: You know, we have to keep the money grabbers out. It’s almost like if we fail at that, if the money grabbers get in there and start charging, you know, God knows how much for just basic fundamental stuff or selling a bunch of blinky lights that nobody there knows how to use. Yes. Then we’ve sort of failed.

[00:33:22] Brad Nigh: Yeah.

[00:33:23] Evan Francen: Were there And those underserved markets, you know, I think our state and local government like we’ve talked about before on the podcast counties, cities, Education. K 12 higher ed. Um small to medium sized businesses specifically in those verticals that just got killed like tourism and hospitality and retail and restaurants.

[00:33:49] Brad Nigh: Well, what’s interesting is for the most part, those industries have never that security has never been our information. Security never been priority for a lot of them. I know we’ve had calls with um, you know, hospitality with hotel chains or restaurants that have had like, yeah, you’ve definitely got an incident. Somebody is in doing it and they’re like, well, yeah, all right. We’ll just, we’ll figure it out. Thanks. Right. You you lost hundreds of thousands of dollars in wire transfers regional and suddenly spending. Mhm. This is not worth like really? So hopefully that changes some thinking,

[00:34:39] Evan Francen: well, what a great opportunity for us if we have something, they’re ready for them to simplify and operationalize. So it’s not treated as a separate thing. It’s just integrated into the way you do

[00:34:50] Brad Nigh: everything.

[00:34:53] Evan Francen: Yeah. Come up with some really cool things that isn’t, that isn’t going to cost them much.

[00:34:58] Brad Nigh: Yeah, I mean, yeah, yeah. We’ve got really low cost stuff to help with the remote readiness and things like that. If people need it. You know, it’s gives you a good solid understanding of where you’re at. Yeah. Bye. Yeah. We’re not, we’re not pushing it on anyone. It’s just, hey, we can help. Here’s what it is. If you want it, let us know. But here’s our free stuff.

[00:35:24] Evan Francen: Yeah. And I think that, and I think once we start back on the road to recovery, it’s okay to push. Mhm Because if you don’t want the money grabbers will or somebody else will. Yeah. So it’s just sitting idle being friends until the time is right. And then it’s like okay, it’s time to go guys.

[00:35:43] Brad Nigh: Yeah. Yeah. There’s a lot of waiting to I think we we closed our offices, what March 17, so coming up on a month and Most people were a couple of weeks or a week or two after that. I think we were ahead of the game. Um So yeah, there there’s still just so much kind of chaos and unknown for these companies. That’s the that’s the tricky part. When is the right time to go. Okay enough is enough. You got to get your stuff together.

[00:36:17] Evan Francen: I think we’ll feel it. Yeah.

[00:36:20] Brad Nigh: Yeah, we’ll see. Yeah, I’m ready. Should we talk about?

[00:36:24] Evan Francen: Yeah. Why not? Everybody else’s

[00:36:28] Brad Nigh: So you know, this is crazy. I’m not saying zoom. I said I’ve been very consistent zoom is not without fault. They definitely have some I have had some issues with their security and how they’ve done things. There is no two ways about it. However, the amount of crap they’ve gone through and taken. I’ve never seen anything like this. I haven’t either. Right. We had somebody tell us last week, well, we can’t use zoom. It’s not secure. We have to use Webex instead whether it’s just had critical exploit that was known to be exploited that took credentials. Yeah. You hasn’t had any critical at that level that I’m aware of. How is how are you okay with one over the other? Like what’s your justification and nobody has anything that’s just so much like, well, I should’ve seen on the news, it’s not secure. Right? What is like give me something beyond Well, it’s just not right. Well,

[00:37:45] Evan Francen: you know, and on the one side it’s, I always welcome having these discussions because it’s a security discussion where normally you might not even be talking about it. You might, you know, it might just be, you might just be ignorant of all this. Yeah. You know, so I like the discussion. What I, what I don’t like is I can feel or since the undercurrent of what’s like envy almost. Oh yeah. You know where people are like envious of zoom that they’ve just had so much success in such a short period of time. It’s like, well we better knock them down a couple notches. You know,

[00:38:27] Brad Nigh: Like we mentioned they’ve been around for nine years, they were having 10 million users a day in December. It’s not like this is like like some new thing that just kind of took advantage that they’ve been around mm, we’ve used zoom since I started. So it’s not they they have issues, right? The Lennox version by, you know Mudge’s twitter thread. I was pretty eye opening. No

[00:38:55] Evan Francen: analytics version

[00:38:56] Brad Nigh: but so they’ve got issues. But everything that they mm they fix things so fast. Right? It’s crazy. I don’t I don’t think I’ve seen, can you imagine Microsoft coming out with a fix in 36 hours? I know it’s not going to happen.

[00:39:16] Evan Francen: Well, and that’s one of the things that for me as a consumer is, I don’t I don’t expect anybody that I do business with to be flawless, right, expect them. What I expect from them is is honesty and transparency. And when I look at what zoom is done, when they’ve reacted the way they have reacted as quickly as they have done, they’ve been still trusted me. They’ve instilled, you know, trust because of their transparency.

[00:39:47] Brad Nigh: Right? Well in the update um that they put out On the eighth up based on the one back on April one in the 8th, they’ve put together the cso council they’ve brought on Alex demos, They’re doing that weekly webinar, you know, like yeah, they, they’ve got some transparency stuff. They don’t have a transparency report, they don’t have some of the stuff I get it. But I think it’s also part of going from, You know, the 10 million to 200 million users a day. Exponential growth. They went from Yeah, we can kind of get away with some of this stuff because they were a little bit smaller compared to some of the other offerings and now it’s okay, we got to step this up and they’re actually stepping up.

[00:40:41] Evan Francen: Exactly, yeah. So, you know, just that alone, you know, and the fact that they didn’t run from it, they didn’t, you know, stay quiet.

[00:40:52] Brad Nigh: They owned it.

[00:40:53] Evan Francen: Yeah. And the communications that they put out publicly were legit. I mean they were clear it wasn’t like, you know, pointing fingers at anybody else, you know? So

[00:41:04] Brad Nigh: yeah, I was reading something and like their shocking, another big ones like google bands zoom from its computers and you know, it they said, no, you can’t use the app. B he is the web version. And oh, by the way, google has a competitive product. G what are the odds? Right. Right. So like who’s gonna end up coming in and buying zoom at the end of this? Because they get they’ve been just taken a beating, kind of, that’s the thought that’s out there, is, you know, maybe there’s a little bit of uh like you said in the or yeah. You know, who’s who’s trying to knock them down a bit. So it becomes an opportunity for a purchase.

[00:41:50] Evan Francen: Well, right. Yeah. I mean, I’ve seen things from Cisco, I’ve seen things

[00:41:53] Brad Nigh: from Microsoft, I’ve seen

[00:41:54] Evan Francen: things from Ring central. Yeah, all sort of like, hey, you know, come to our web, you know, conferencing software because it’s yeah. You know, but kim Zetter, you know, one of the things kim Zetter said that I thought was like dead on because I’m that kind of guy to like if you really want to get ahead of the curve zoom is going to zoom is probably the best software to use. From a security perspective. It is getting pen tested like a son of a bit gun. Uh, you know, I mean Related threats are up 2000%,, you know, that the Attackers are targeting zoom more than they ever have. The zero days. It’s like, it’s all like free, sort of, not free, but it’s testing,

[00:42:41] Brad Nigh: it’s a bug bounty program. They’re not having to pay out on huge,

[00:42:46] Evan Francen: Right? I mean, it’s going to end up being the most secure conferencing tool on the market in a short period in a short period of time.

[00:42:55] Brad Nigh: Yeah. And again, it blows my mind that, that almost all of these have been, I haven’t seen any critical level. Right? That Lennox one maybe is kind of pushing it a little bit um from a high, too high, I should say. But almost all of these have been lower medium risk vulnerabilities and you know, you’ve got we’ll zoom bombing well, because people weren’t password protecting its configuration issue. Meanwhile, you know, earlier this year, Cisco webex had uh, ability for an unauthenticated user to join a password protected meeting. Right? To me, that’s a much bigger issue than anything we’ve seen from from zoom and I’m sure I’m not picking on Webex by any means, we know, I’m sure there’s issues with, you know, teams and google has got its own privacy issues that you like, really you’re worried about privacy but you’re using google, right? Yeah. Right. I mean, I don’t know. Again, they’re not perfect but their response has been better than almost anything I can remember for for this. Yeah, I mean if I can say this type of situation, this is unprecedented to see a company get just hammered like this,

[00:44:24] Evan Francen: Right, and show me one piece of software with any complexity whatsoever. That doesn’t have flaws now. What google I think, you know, based on, you know, what I read from much is, you know, twitter thread and and and other things. It sounds like they didn’t really take information security sort of seriously in any other coding practices from what I can tell really. But it’s also not unusual for have probably most, you know, software companies, you know what I mean? It’s like get to market, get to market, get to market fix the bug when, when, you know, fix the bugs when the testers, which is really means the consumers tell you about it.

[00:45:06] Brad Nigh: Yeah. Yeah, it’s uh yeah, it’s crazy.

[00:45:13] Evan Francen: So the fact that they’ve done what they’ve done, you know, they fixed all the, all the flaws as far as I know, I don’t think there’s any vulnerabilities known vulnerabilities anyway that are still out there.

[00:45:25] Brad Nigh: Yeah, not that I’ve seen,

[00:45:27] Evan Francen: I really like the, you know, the last update where they got the security button and uh you know for the host of the meeting.

[00:45:34] Brad Nigh: Well and what they’re actually pushing the updates to. Right so you have a mechanism for updating the clients. Not like you know it people have to go and do it or you have to click the update now there when you connect in. Hey there’s an update ready go ahead and do it. They made it really easy. Right? So

[00:45:58] Evan Francen: yeah and then you know appointing the advisory you know the seaside advisory group or committee and I don’t know man I uh I have no I would take the advice of you know what the team tells me but absent that I think it’s totally say I think it’s totally safe to use zoom as much as it is any other. Yeah in my opinion so I’ll continue to use them. I have no I have no issues.

[00:46:30] Brad Nigh: No and I think that there was the one um which one was it? The citizen lab dot C a article. That fact on zoom security issues uh had a you know a good point. This is their kind of Free version. They have a hipaa compliant one. They have a Gove one that have other things that nobody really is aware of. Yes if you’re using they’re free version for HipAA data that that’s kind of on you. It’s a right. I mean that’s isn’t zoom Can’t be held accountable for a healthcare breach if you’re not using the right one. And they made something available, right? That that’s on the company so much of this is you got to do the right thing. Just pay attention to what you’re doing. Exactly. Uh huh.

[00:47:27] Evan Francen: Now I’m with you man. So uh well and then what was it yesterday or What 1? No, last week they had the uh zoom verified accounts, I guess some accounts turned up on the dark.

[00:47:40] Brad Nigh: Yeah, I was like 2000 or 23:00 or something. I’m going to guess. Most likely if you look up those user names and passwords there in a bunch of for each database is Exactly,

[00:47:54] Evan Francen: yeah, because they didn’t they didn’t identify

[00:47:58] Brad Nigh: the source. No, it was on the dark web and it was a it was a pretty small number. I mean if they’re using even 10 million a day and they got 2300, that’s a I think that’s probably credential stuff in it.

[00:48:18] Evan Francen: Yeah. Yeah, it’s crazy, man. I mean zoom just like reading another article here as we’re sort of talking, you know, shareholder sue zoom over security flaws.

[00:48:30] Brad Nigh: Yeah, the shareholders are going to be making out like they’re one of the few companies that’s actually doing well, like what are you doing?

[00:48:37] Evan Francen: Unless you bought when I was two, you know, too high unless you’re late to the game.

[00:48:42] Brad Nigh: Yeah. Uh huh.

[00:48:45] Evan Francen: But even even the subtitle, you know, for that is zoom has raised the ire of many of many as security breaches and privacy issues plague the video conferencing app, it’s like you couldn’t use better words than that. I mean you make it sound like yeah,

[00:49:01] Brad Nigh: yeah,

[00:49:02] Evan Francen: I’ve lost so much respect for the media in the last

[00:49:07] Brad Nigh: months, man. It’s just well, I think probably one of the things that you’re seeing is the lack of understanding about in Passaic or cyber sex or whatever you wanna say it however you want free. They don’t understand. So they’re just throwing these big things out there, Right? So read, you know, I mean, talk to the experts. Exactly. Yeah. Yeah. It’ll be interesting because Yeah, the I’m just looking at it so shares are up 75% year to date, so you’re gonna sue that. How what what’s your standing that you’re you’ve gone up? What’s your how did you get? Yeah, whatever.

[00:49:53] Evan Francen: So in your opinion, in your opinion, is it safe to use zoom? Yeah,

[00:49:58] Brad Nigh: yeah. Configure it properly, take advantage of the security that they do have in place and and understand any of these products. Has that potential be exploited?

[00:50:12] Evan Francen: Yeah, you’re right. I mean, the last thing you want to do is, you know, install or use uh teams or something else and then have this false sense of security that since you’re using that I don’t have to keep my guard up or I don’t have to worry about the configuration, right.

[00:50:31] Brad Nigh: Right. If you post your meeting link, that’s not password protected on social media, guess what’s going to happen. It doesn’t matter what you’re using.

[00:50:40] Evan Francen: Right. Right. Yeah. I agree with you. It’s just as safe to use UMA as it is.

[00:50:47] Brad Nigh: Well, other apps and if you’re using it for two

[00:50:51] Evan Francen: and in a short period of time it will be the most secure apps.

[00:50:54] Brad Nigh: Oh yeah, for sure. Either that or it’s going to go away. Right. My guess.

[00:51:00] Evan Francen: And what kind of communication are you having any way? And a lot of these meetings, I mean we have a lot of meetings, you know, on zoom and I’m like actually most of them if word got out about what we were talking about and be like, okay,

[00:51:14] Brad Nigh: yeah, I was gonna say, well that goes to know what you’re talking about. If your healthcare organization use a a hip hop certified software solution, use the zoom, that’s poor health care, use webex for health, we use whatever you, something that meant for that don’t use. Hey, the free one that we’re making, we’re making this free for students for education purposes. Were what are they teaching in math? It’s proprietary or sensitive or protected. Nothing. Use the right version of software for what you’re using what you’re doing. Exactly

[00:51:51] Evan Francen: and can figure out what.

[00:51:52] Brad Nigh: Right. So yeah, personally at this point I don’t see any reason not to their response has been fantastic. Yeah. Obviously we’ll keep an eye on it. But same as we do for any of the other tools that we use.

[00:52:08] Evan Francen: Exactly. Yeah. You and I see a seeing eye to eye on this

[00:52:12] Brad Nigh: some Oh, all right. We could we could go on on that one. I

[00:52:18] Evan Francen: know we’re gonna run

[00:52:19] Brad Nigh: late. All right. So a couple other things we get the pandemic, the lockdown, everybody’s working remotely. Um so quick discussion on some some services we’ve got on the blog, we’ve got the mentor program. Today is the first day you can still sign up. Um as far as I know. Yeah, if not it will be on Youtube after the fact. So

[00:52:44] Evan Francen: you and I are going to have to get together like maybe a half an hour before we kick off just so I can make sure I remember how to use this tool you gave me.

[00:52:50] Brad Nigh: Yeah, it will be interesting. Plus I got to figure out how to be a moderator again. So yeah, that’s fine. We can do that. Um the safety and cyber security at home one oh one from uh security. Studio security studios, partner community link there. The daily and you should

[00:53:11] Evan Francen: you should join that too.

[00:53:13] Brad Nigh: The partner. I’m not

[00:53:15] Evan Francen: no, because I just set up the group.

[00:53:18] Brad Nigh: Okay. I looked at that.

[00:53:21] Evan Francen: We could collaborate. Could have we could have top secret

[00:53:23] Brad Nigh: communications there

[00:53:25] Evan Francen: until some joints and then

[00:53:27] Brad Nigh: no side from membership. Yes. You remember number three now you’re right. Yeah, no, I was thinking uh I was thinking of something else. All right, cool. By uh, during the podcast. Love it. Daily insanity. Uh, just a half hour of, you know, I think the best way to put it, it’s that cooler talk is that office talk. It’s just hanging out and chatting. And that to me, that’s the biggest value is because that’s what I think I’m missing the most is just the banter and has it gone. Um, so just jump in and we’ll have to talk. Just listen, jump in and talk when you want to. It’s it’s fun. So

[00:54:13] Evan Francen: yeah, some people never never turn on their video or their audio, they just sit there.

[00:54:18] Brad Nigh: It’s actually not really cool, but you get that at the office. So it is, it’s, it’s a little bit of uh, like what it’s like, so kind of next this. Um, yeah, so one news story, there is a list of the coronavirus attacks on security affairs, which I heard about a lot of these, but I was like, wow, okay, I missed some of these.

[00:54:47] Evan Francen: Yeah, it’s a really good synopsis, I thought. Yeah,

[00:54:52] Brad Nigh: yeah, I was I was surprised from

[00:54:57] Evan Francen: Pierluigi Paganini On security affairs. The titles, coronavirus themed attacks April five through April 11 2020

[00:55:09] Brad Nigh: and he’s not linked to the previous ones. He’s been doing this for couple. Let’s see. It looks like February one, March 15 and then 15 or 21st, 29-4. Like it’s becoming more and more frequent just because it’s what happens happening.

[00:55:28] Evan Francen: Yeah, Yeah. He’s done a great job. I don’t know where all his sources are, but it’s good

[00:55:33] Brad Nigh: stuff. Yeah. So that’s a good thing to keep an eye on.

[00:55:43] Evan Francen: Yeah. And if anybody wants uh, wants that link or can’t find it themselves, just reach out to us. Well, we’ll get you

[00:55:49] Brad Nigh: uh

[00:55:51] Evan Francen: point you there built

[00:55:53] Brad Nigh: do that. All right. So, I guess we should probably wrap up because we are running a little late here. Uh good show. Hopefully there was some hope and encouragement, you know, play it forward as it work, right? Try and try and do that for someone and if you need it then hopefully somebody will step up and get it for you. But you can help someone and you know, listen, let’s do it

[00:56:19] Evan Francen: right? Yeah.

[00:56:21] Brad Nigh: So, Evan anybody want to give a shout out to this week?

[00:56:25] Evan Francen: Yeah, I do. I want to give a shout out to Meghan Larkins. She’s just altogether awesome. And I love the work that she does with the team shout out for Leanne Villella two. I love what she does and she usually listened. So hopefully she’ll listen. Hey, thanks for the shout up. But she’s uh she’s one of those sales people that you that you were talking about earlier that really gets it. It’s about relationships. It’s about really caring about people and so I just know that she’s, you know, killing it. I could do a shout out for all of our management but you know, they already know that. So those are my two today.

[00:57:02] Brad Nigh: Yeah. I’ll give a shout out to to this, which is we’re gonna be weird coming from me. But our, you know, our sales team is really trying to do the right thing. They’re not, it’s different for them, but they get it so to them and yeah. Yeah. And I guess all but also the health care workers and people that are having to go in and kind of put themselves at risk. Keep it up and absolutely. All right, well thank you everybody for listening. This has been episode 75. We do love hearing from you. So you have something to say, email us at unsecurity@protonmail.com. Or uh if you want to do the social thing, we tweet like that I’m at right. @BradNigh and Evan is @EvanFrancen uh reach out if you just want to talk, connect whatever, we’ll respond and that’s it. We’ll talk to everyone again next week.

[00:58:05] Evan Francen: Have a good week.

[

/by