A closer look at the notable stories inside
Information Security and why they matter.

S1:E6 Communication Err0r

Communication Err0r

This episode is about the little things, the details, the small mistakes that trip up hackers and get them caught. Josh and the team examine the recent SWIFT banking hack and the ways hackers beat themselves instead of the system. Guests include machine learning experts and a security research team leader.

S1:E5 Blackout

Blackout

In this episode the Root Access team takes a look at the vast, interconnected systems supporting our daily life. How vulnerable are the industrial systems behind the light switch on your wall, the water out of your tap?

View Related Material

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-INTERVIEW Extended interview with Dan Tentler of Phobos Labs, @viss on Twitter.

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-INTERVIEW Extended interview with Marina Krotofil of Honeywell, @marmusha on Twitter.

Pt. 2

Pt. 1

SANS / E-ISAC Report on the Ukraine Power Grid Attack

E-ISAC_SANS_Ukraine_DUC_5

S1:E4 Code Blue

Code Blue

This episode the Root Access team looks at hospitals, and the devices that run them. Health care is the most targeted industry for its valuable data and weak defenses. Josh explains how hospitals are often set up to fail.

View Related Material

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-INTERVIEW Billy Rios extended interview, part 1 [22:50]:

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-INTERVIEW Billy Rios extended interview, part 2 [25:45]:

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-LINK From Troopers14, a security conference in Germany: Kevin Fu of the University of Michigan gives a comprehensive history of medical devices and their security holes.

S1:E3 Ransomware

Ransomware

The root access team looks at the latest scourge of the internet. Ransomware is everywhere, with thousands of infections daily, and millions of dollars being made by… someone. Josh and special guests from PhishMe dig into the identity of the attackers and how the organizations work.

View Related Material

Ransomware Variant Evolution

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-LINK

This demonstration of a Windows install being infected with Locky shows how quickly the malware works to encrypt files.

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-LINK  Annual Cisco Security Report discussion — including ransomware — with OpenDNS CTO Dan Hubbard and Talos Lead Craig Williams.

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-LINK Living document of known ransomware variants, their file extension naming conventions, screenshots, decrypters if available, and suggestions for protecting against ransomware.

 

 

S1:E2 Ashley Madison

Ashley Madison

The hack of Avid Life Media’s Ashley Madison dating service left lives in ruin. In this episode of Root Access, we take a look at one of the most unique and impactful breaches in history, and how it affected everyone on a personal level, plus the security details of how it occurred.

View Related Material

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay_DOCUMENT The “spouse” blackmail note.

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay_DOCUMENT Message from Impact Team message.

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-INTERVIEWTroy Hunt outtake: When did you hear about Ashley Madison?

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-INTERVIEWTroy Hunt outtake: Username enumeration issues and Adult Friend Finder.

02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay-INTERVIEWTroy Hunt outtake: How many inquiries to HaveIBeenPwned did you receive?

S1:E1 The OPM Breach

US Office of Personnel Management Breach

The breach at the Office of Personnel Management compromised the background records, fingerprints, and personal data of millions of Americans, even those who didn’t actually work for the government. In this episode we’ll look into how the breach happened and what could, or should, have been done to prevent such a catastrophe. Josh talks to former government employees who have had their personal data stolen as a result.

View Related Material

Below are related interviews and documents for Episode One:

UPDATE:
On Sept. 7, 2016, the House Oversight Committee published a report of its findings during the investigation into the OPM breach. The report is nothing short of scathing, citing false statements under oath by former CIO Donna Seymour, and a lack of effort to implement tools that could have prevented the breach and its scale.

Read the full report here:
02122016_R1d_OpenDNS_RootAccess_PodcastSite_RM_Icons_ay_DOCUMENT OPM Data Breach Report [44MB PDF]

Interview icon Full Interview with Bob (10:17)

Interview icon Full Interview with Frank (9:16)

Interview icon Full Interview with Natasha (5:39)

Document Icon U.S. Office of Personnel Management’s Final Audit Report 2015 (279KB PDF)

Document Icon U.S. Office of Personnel Management’s Final Audit Report 2009 (1MB PDF)

Document Icon Standard Form 86

About R00T ACCESS

Root Access is a podcast focused on privacy and security. We take an in-depth look at the topics and events that are determining the course of the internet and its effect on people’s daily lives.

Cisco principal engineer Mike Storm is your host. Root Access is brought to you by Cisco.

Josh Pyorre

Josh is a security researcher with Cisco. Previously, he worked as a threat analyst with NASA, where he was part of the team that initially built out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer, and data security with a goal of maintaining and improving the security of as many systems and networks as possible.

Past speaking engagements include:
2015: Derbycon, DeepSec (Vienna, Austria)
2015: NASA, Source (Boston, Seattle)
2015: BSides (Los Angeles, San Francisco, Chicago, Austin)
2010: Defcon (Las Vegas)

josh-image-3

Mike Storm

Mike Storm is a Cisco principal engineer and 10-year CCIE with more than 25 years in the networking and cybersecurity industry. He has an affinity for educating others on how to correctly build security solutions that successfully protect their business, data and themselves from modern threats.

© 2017 Cisco  Privacy Policy  Terms of Service

Supplier is a member of the DMA and adheres to their code and all relevant rules and regulations. They have a Privacy Policy and a process in place for managing opt outs in accordance with the CAN-SPAM Act of 2003 which includes maintaining a suppression file of all people who have opted out of being contacted. All new email mailing lists are “parsed” against these prior to any message being sent.