This time, on PVCSec: Verizon reminds us we’re bad at security (THX, FotS @hrbrmstr), why it’s not a good idea for corporations to use your PII as ID for PHI, you can’t handle the Truth! & BIG NEWS!
The PVC Security Podcast returns to form this week. Ed & Paul wax philosophic and cantankerous about topics such as:
BIG NEWS! As leaked/spoiled/generally known, PVC Security Podcast will record LIVE! at Converge/Bsides Detroit 16 – 18 July, specifics TBD. Stay Tuned! Ed & Paul also present 4 Pillars – Passion, Vision, Communication, Execution. Get your tickets now!
The Verizon 2015 Data Breach Investigations Report (DBIR)
- 9 major areas previously identified are still responsible for 95% of security incidents: user error, crimeware insider/privilege misuse, physical theft/loss, Web application attacks, denial-of-service attacks, cyber espionage, point-of-sale intrusions, and payment card skimmers
- The cost of breaches is going up
- Phishing is still a thing
- 70% of attacks also impact a second party
- Mobile isn’t that big of an issue (yet)
“99.9% of the exploited vulnerabilities were compromised more than a year after the CVE”
Ed’s rant on using US Social Security Numbers (SSN) or other Personally Identifiable Information (PII) for account numbers.
The value of providing negative feedback, as painful as it is to give and receive.
- FothS = Friend of the Show
- Bob Rudis (@hrbrmstr) contributed to the Verizon 2015 DBIR.
- Music Intro: Talking In Your Sleep by The Romantics (from Detroit, BTW)
- Music Outro: Tus ojos que contemplo con delicia
- Paul recorded from Mexico City, Ed from Tennessee, and Tim from the Carolinas.