A closer look at the notable stories inside
Information Security and why they matter.
S1:E6 Communication Err0r
This episode is about the little things, the details, the small mistakes that trip up hackers and get them caught. Josh and the team examine the recent SWIFT banking hack and the ways hackers beat themselves instead of the system. Guests include machine learning experts and a security research team leader.
In this episode the Root Access team takes a look at the vast, interconnected systems supporting our daily life. How vulnerable are the industrial systems behind the light switch on your wall, the water out of your tap?View Related Material
Extended interview with Dan Tentler of Phobos Labs, @viss on Twitter.
Extended interview with Marina Krotofil of Honeywell, @marmusha on Twitter.
SANS / E-ISAC Report on the Ukraine Power Grid Attack
S1:E4 Code Blue
This episode the Root Access team looks at hospitals, and the devices that run them. Health care is the most targeted industry for its valuable data and weak defenses. Josh explains how hospitals are often set up to fail.View Related Material
Billy Rios extended interview, part 1 [22:50]:
Billy Rios extended interview, part 2 [25:45]:
From Troopers14, a security conference in Germany: Kevin Fu of the University of Michigan gives a comprehensive history of medical devices and their security holes.
The root access team looks at the latest scourge of the internet. Ransomware is everywhere, with thousands of infections daily, and millions of dollars being made by… someone. Josh and special guests from PhishMe dig into the identity of the attackers and how the organizations work.View Related Material
This demonstration of a Windows install being infected with Locky shows how quickly the malware works to encrypt files.
Annual Cisco Security Report discussion — including ransomware — with OpenDNS CTO Dan Hubbard and Talos Lead Craig Williams.
Living document of known ransomware variants, their file extension naming conventions, screenshots, decrypters if available, and suggestions for protecting against ransomware.
S1:E2 Ashley Madison
The hack of Avid Life Media’s Ashley Madison dating service left lives in ruin. In this episode of Root Access, we take a look at one of the most unique and impactful breaches in history, and how it affected everyone on a personal level, plus the security details of how it occurred.View Related Material
S1:E1 The OPM Breach
US Office of Personnel Management Breach
The breach at the Office of Personnel Management compromised the background records, fingerprints, and personal data of millions of Americans, even those who didn’t actually work for the government. In this episode we’ll look into how the breach happened and what could, or should, have been done to prevent such a catastrophe. Josh talks to former government employees who have had their personal data stolen as a result.View Related Material
Below are related interviews and documents for Episode One:
On Sept. 7, 2016, the House Oversight Committee published a report of its findings during the investigation into the OPM breach. The report is nothing short of scathing, citing false statements under oath by former CIO Donna Seymour, and a lack of effort to implement tools that could have prevented the breach and its scale.
Read the full report here:
OPM Data Breach Report [44MB PDF]
Full Interview with Bob (10:17)
Full Interview with Frank (9:16)
Full Interview with Natasha (5:39)
About R00T ACCESS
Root Access is a podcast focused on privacy and security. We take an in-depth look at the topics and events that are determining the course of the internet and its effect on people’s daily lives.
Cisco principal engineer Mike Storm is your host. Root Access is brought to you by Cisco.
Josh is a security researcher with Cisco. Previously, he worked as a threat analyst with NASA, where he was part of the team that initially built out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer, and data security with a goal of maintaining and improving the security of as many systems and networks as possible.
Past speaking engagements include:
2015: Derbycon, DeepSec (Vienna, Austria)
2015: NASA, Source (Boston, Seattle)
2015: BSides (Los Angeles, San Francisco, Chicago, Austin)
2010: Defcon (Las Vegas)
Mike Storm is a Cisco principal engineer and 10-year CCIE with more than 25 years in the networking and cybersecurity industry. He has an affinity for educating others on how to correctly build security solutions that successfully protect their business, data and themselves from modern threats.
R00T ACCESS is sponsored by Cisco
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. By learning from internet activity patterns, Umbrella automatically uncovers current and emerging threats. And because it’s built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection.