There is a great chapter in the Book, The Demon-Haunted World, written by Carl Sagan. The title of chapter is the baloney detector. It has great examples of how to sniff out BS and have good critical thinker skills and to be a skeptical thinker.
Personally I get annoyed at "security researchers" who claim that devices I write firmware for are a threat to life as we know it because they have a root shell available, on a CMOS level UART, internally, on the PCB, with no header soldered on. It is like a point scoring exercise with them, setting up doubts in the mind of management types and skirting over the fact that often these are deliberate design decisions not careless mistakes.
Just one guy filling up the comment section pretty much. 😅. I think there was good info in this video and if anyone felt targeted, it says a lot about their saltiness to create a user and spam useless comments.
@@LAWRENCESYSTEMS like you said, all chasing the likes, followers and clout with no _real_ substance of education. Keeps on doing what you do, it's invaluable now and in the long run.
I think I personally know the person that you're talking about when you reference someone that was in a meeting but never happened. As soon as you said it I immediately did a double take lol
This might seem like a silly question but how do you, as an MSP, verify users and companies on the other end of the line / email? In the event that a malicious actor where to attempt to phish credentials or information out of your employees or you, what methods do you use to know it's actually the person they say they are. I know phishing and social engineering attacks are happening more and more as we go forward, so how could internal or even external IT teams combat people masking as other people / entities.
"By the way, did I mention my name is Bond? James Bond. I'm the world's most famous spy." (In other words, I definitely failed at my job of being a spy and oops the whole room is shooting at me now)
Nothing wrong with Folks that specialize on certain Code - e.g. Imaging and they work ONLY on webp, and hence have 'only' knowledge of CVEs related to that
Having experience in one domain or one language is not the issue, it's more about the people who brag about having many CVE's to their name because they tested many things that used that same library, hence our WebP example.
There is a great chapter in the Book, The Demon-Haunted World, written by Carl Sagan. The title of chapter is the baloney detector. It has great examples of how to sniff out BS and have good critical thinker skills and to be a skeptical thinker.
Personally I get annoyed at "security researchers" who claim that devices I write firmware for are a threat to life as we know it because they have a root shell available, on a CMOS level UART, internally, on the PCB, with no header soldered on. It is like a point scoring exercise with them, setting up doubts in the mind of management types and skirting over the fact that often these are deliberate design decisions not careless mistakes.
Just one guy filling up the comment section pretty much. 😅. I think there was good info in this video and if anyone felt targeted, it says a lot about their saltiness to create a user and spam useless comments.
Yup, at least their comments help tell the RUclips algorithm that this content is engaging, which also means they'll see more of my videos! 🤣
Fellow HAM radio operator here! 👋
That’s you guys off the Christmas card list this year 😅
TikTok and "security" 😂 - the amount of BS on there is too damn high!
There is so much cringe content on there
@@LAWRENCESYSTEMS like you said, all chasing the likes, followers and clout with no _real_ substance of education. Keeps on doing what you do, it's invaluable now and in the long run.
Always great info from your channel. Respect!
I think I personally know the person that you're talking about when you reference someone that was in a meeting but never happened. As soon as you said it I immediately did a double take lol
If you follow me or Jason in forums or social media it's really not hard to figure out the people we call out.
This might seem like a silly question but how do you, as an MSP, verify users and companies on the other end of the line / email?
In the event that a malicious actor where to attempt to phish credentials or information out of your employees or you, what methods do you use to know it's actually the person they say they are.
I know phishing and social engineering attacks are happening more and more as we go forward, so how could internal or even external IT teams combat people masking as other people / entities.
"By the way, did I mention my name is Bond? James Bond. I'm the world's most famous spy." (In other words, I definitely failed at my job of being a spy and oops the whole room is shooting at me now)
James Bond does not have good opsec for a spy.
Hmmm, GrrCON. That's a new one to me.
It's a great conference
Nothing wrong with Folks that specialize on certain Code - e.g. Imaging and they work ONLY on webp, and hence have 'only' knowledge of CVEs related to that
Having experience in one domain or one language is not the issue, it's more about the people who brag about having many CVE's to their name because they tested many things that used that same library, hence our WebP example.
not just security but similar point, i really hate people who introduce themselves by listing off their qualifications
For sure and this happens a lot at business conferences.
It's a real put down for the uneducated who have no qualifications themselves.