The Linux Security Podcast covers key concepts in security, reviews some of the latest exploits and discusses the tools enterprises use to detect prevent and recover from cyber attacks. The show features insights from Mike Shinn, co-founder and CEO of Atomicorp, and Scott Shinn, co-founder and CTO of Atomicorp as well as PM for OSSEC. Scott was also chief network manager at the White House and interim CISO at the Department of the Interior earlier in his career. Mike contributed to the first intrusion detection device and was the first computer security analyst for the White House. He is also the author of the federal regulation for Cybersecurity Programs for Nuclear Facilities. The Shinn brothers have been working with Linux since before 1.0. been in computer security for 25 years and are the co-authors of Troubleshooting Linux Firewalls.
Episode 13: What are Red Teams and Why They Exist
Red Teams have become a common tool for testing enterprise security. They attempt to penetrate security defenses as if they were hackers. Red teams are motivated to be creative and determine the best way to circumvent security measures in place, sometimes by any means possible. Mike has been red teaming since the 1990’s, before the term existed. He breaks down how red teams operate, their objectives, the difference between physical and digital vulnerabilities and how constraints can limit their value.
Episode 12: Why hackers hack. It’s not what you think
Why do hackers hack into your networks and devices? Many people think it’s for credit card data, PII or to steal intellectual property. This is sometimes true, but there are other reasons. What you value about your assets is often different from what hackers value. We are now seeing hackers break into networks so they can leverage the computing resources cryptocurrency mining. Atomicorp CEO Mike Shinn walks through hacking history and how cyber defense should begin with understanding attacker incentives.
Episode 11: Virtual Patching
Virtual patching is a way of implementing a security policy to eliminate or mitigate a vulnerability. It is not actually patching, but is a way to do something quick and external to the application. Why not just use a patch? Sometimes there is no patch available and other times speed is of the essence. And, patches sometimes introduce risk that something will break. Atomicorp CEO Mike Shinn developed some of the earliest virtual patches and explains what they are and why they are gaining in popularity.
Episode 10: SQL Injection Attacks
SQL Injection Attacks are a method for taking advantage of flaws in the way an application is written. In particular, they exploit vulnerabilities that offer direct access to databases. Mike Shinn, CEO of Atomicorp, has employed SQL injections in Red Team exercises and built countermeasures that defend against them. In this week’s episode Shinn talks about SQL Injections, the typical vulnerability of databases, the high frequency of the risk and common methods for defending against the attacks.
Episode 9: CVEs Explained. What They Are and How They’re Used
The Common Vulnerabilities and Exposures (CVE) system is a critical tool for the cybersecurity industry. CVEs provide consistency in naming and clarity on the nature and impact of various vulnerabilities. In this week’s Linux Security Podcast, Atomicorp CEO Mike Shinn discusses the origin and management of the CVE process, how it’s used by cybersecurity professionals and why it’s so important. He also discusses how vulnerability management systems are perpetually hobbled by the limitations of the CVE system.
Episode 8: Efail Vulnerability and its Impact on Encrypted Email
The Efail vulnerability has been in the news and has many people rushing to remove encryption from their email clients. The vulnerability does impact S/MIME and PGP users, but only a subset. That means a lot of people are removing encryption from their email unnecessarily and putting themselves at risk. Atomicorp CEO Mike Shinn discusses what Efail is, how the exploit works and why the notification process was handled poorly. If you ever need email encryption, you should definitely listen to this episode.
Episode 7: What is OSSEC & Why People Use It
OSSEC was founded in 2004 and received the update to 3.0 in April 2018. It is an open source project for cybersecurity and offers the most robust endpoint detection and response capabilities available to enterprises today. OSSEC PM Scott Shinn discusses the history of of the project, the core features and how it differs from commercial security software currently in use. Scott is CTO of Atomicorp, a former contract CISO for the U.S. Department of Interior and co-author of Troubleshooting Linux Firewalls.
Episode 6: What the Equifax Hack Tells Us About Cybersecurity
The Equifax breach exposed than 147 million people’s financial data. Surprisingly, Equifax’s CEO blamed a single engineer for failing to patch a known vulnerability in Apache Struts. This scapegoating is absurd. The Struts vulnerability might have been the point of entry, but the failure was an over-reliance on patching as a security strategy. Atomicorp’s Mike Shinn breaks down the Equifax hack, how it happened and what it says about how security cultures based on patching will face similar fates.
Episode 5: What is a WAF and How Are They Different from Firewalls
Web application firewalls (WAF) are a specialized form of firewall designed to protect applications from internet-based attacks. Traditional firewalls must be lightweight to ensure speed of communication, but WAFs are much more sophisticated. Atomicorp CEO and long-time Modsecurity contributor Mike Shinn talks about these differences, good and bad WAF attributes, software-based WAFs, the role of rules in making a WAF effective and the origin of the open source WAF Modsecurity.
Episode 4: OSSEC, SIEM and Logging
Logging is important because engineers need to know what is going on so they can fix issues. Bigger companies also need to capture logs to comply with regulatory and compliance requirements. SIEM has become popular for log aggregation and visualization but open source tools such as OSSEC provide similar functionality. Atomicorp CEO Mike Shinn reviews his experience with logging, SIEM and OSSEC approaches and breaks down what is important and how the space has evolved from a security perspective.
Episode 3: Meltdown and Spectre Vulnerabilities
The Meltdown and Spectre vulnerabilities took the security industry and the chip market by surprise. Many people are characterizing these vulnerabilities as flaws in microprocessor design, but the choice was intentional. It just wasn’t contemplated as an attack vector. Essentially all mobile devices are at risk and no security tools would even detect an attack was underway. Mike Shinn breaks down the vulnerabilities, how Meltdown and Spectre differ and what risks they pose to unpatched systems.
Episode 2: File Integrity Monitoring
File Integrity Monitoring is designed to notify you when files have changed on a system. It was one of the very first security detection capabilities in existence and is almost as old as passwords. FIM has also been incorporated into many regulatory and security protocols. Mike Shinn breaks down the core elements of FIM, how it evolved, where it falls short today, and how open source solutions like OSSEC provide new features that are a big step up from Tripwire and other legacy tools.
Episode 1: What is a Brute Force Attack?
A Brute Force Attack is one of the oldest cyber attacks. It was even featured in the 1980’s thriller, War Games. In this episode, Mike Shinn walks through how a Brute Force Attack works, reviews some different flavors of attacks and how to defend against them