Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning. Sorry, a little late this morning. Um I installed the latest um Apple Mac Os update on my Macbook. Um It's a 2017 Macbook. I have not been impressed with this device but a quick heads up if you are installing your latest Apple update, which you should be, it is a doozy doozy being a technical term for uh it's gonna take way too long and not the best way to start your morning.
So no wonder people don't like auto installing updates because they take too damn long regardless. This is a super important update. Make sure you do install it. It fixes that um Telugu character um exploit that was flying around where people could send you just one character and it would crash certain applications and stuff.
So make sure you do auto updates. But uh grab a coffee, grab a tea um because this one is gonna take a little while um as demonstrated by house, it was this morning. Um So yesterday we talked a little bit about uh credentials we talked about, um, let me make sure we're not gonna spill that.
We talked about credentials and um A WX being exposed out. We talked a little bit about DEV ops overload. All of these are super important issues um and uh generated some great conversation um online afterwards and thank you for that. Um I always like to engage um with folks.
It's interesting because I try to make a message um hit a certain audience level and that's not always clear. So if you have suggestions um on how to do that better, um, all ears. Um, because inevitably people will say, well, in my case, I do this and that and sometimes they're right, sometimes they're probably looking at a little wrong.
Uh, but more often than not, I'm trying to talk about a broad case and somebody's got a very specific case, their case. Um And sometimes those don't always, um, line up so I don't try to talk in, uh, or I try to force myself not to speak in absolutes because nothing is absolute.
There's always edge cases that are exceptions to the rules. Um But I've got a little bit more on Aws credentials, I think coming up today and a little bit more of a write up. Um, though I did post on medium on that yesterday, I'll link to that below.
Um, but what I wanted to tackle today, um, was a couple of things, um, mainly the idea, um, because I was asked a couple of times with the ideas behind this show Behind Mornings with Mark and it's two fold, hopefully you the viewer.
Um And there's more of you every day and thank you for that. Um, are getting something out of this, seeing a little bit behind my process, seeing a little bit of what I'm thinking about today reacting to some news, um, seeing what's going on in the world of technology through a cybersecurity through a privacy lens for me.
I enjoy doing it. So that's, uh that's something but more often than not the or the at least the original idea, the seed idea here was that this is a way for me to get some thoughts out quickly. Video is obviously really straightforward, hit the go live button, talk into the camera and get something out there, get some reaction, see where it's going in order to take that further throughout the day.
Now, unfortunately, my schedule and demands from other projects make it really difficult to follow through on an idea, but I'm going to, to show you that in its completion. So you understand the goal here sort of mornings with Mark is a rough cut seed idea that I'm going to try to take into something more formalized later on throughout the day.
So today is a good example. Yesterday, we talked a little bit about credentials today. I want to continue that theme and highlight because something crossed my desk this morning and I thought is really interesting. Um There's a security researcher and community contributor named Ho uh Troy Hunt.
He is, um, out of uh Australia fantastic guy. Um, have yet to meet him in person hoping, uh, I can do that this year. Um, but he is so generous with his time to the community. He's regularly speaking at major events.
He's regularly publishing, um, stuff on his blog, Troy hunt.com and I'll link to that below as well. Um, and he runs the site have I been ped um, dot com, which is a site where you can check to see if your email address is associated with any um, data leaks or breaches.
Now as a part of those efforts, um Sorry, as a part of those efforts, that's the word I was looking for. Um, Troy comes across a lot of uh credentials and passwords. So he's got this wonderful treasure trove of information. And a few months back, he launched a subset or an additional service or feature as part of have I been pwned called P passwords.
And essentially it's an API and a data source for developers. If you're making an application, you can check a password that a user enters against this database of known exposed passwords. So you can tell them, hey, this password is not very good because it's been exposed before.
And he does this through some good ways of maintaining confidentiality and the privacy to people who have been breached. And it's a really balance and it's an excellent example of ethics within our community. Definitely standard to hold up high. But why I bring it up today was that Troy just released V two of the password info.
And it's, you know, hundreds of millions of passwords along with their usage count, how often they're seen in the underground, how often they're seen in breaches. And I think that is a wonderful data source to pull some analytics out of, to pull some really interesting tidbits to hopefully write up visualize and then post out.
So I'm going to try to get at that today and that's really uh it's coming back to mornings with Mark. You know, here I am talking about the idea. Um Ideally, I'd like to be able to show whether it's today or tomorrow depending on how much work it takes.
Um you know, showing sort of the construction of bad passwords and having a little data to back it up from Troy's fantastic um data source that he's made publicly available to the community. Um So I think that would a be a wonderful example of collaboration, but also of the process that I'm trying to shoot for here where a rough idea, take it further throughout the day and have sort of a polished product at the end of it.
Of course, will that happen? I'm not sure uh tons of stuff on my agenda um outside of just uh these kind of efforts. Um There is south by Southwest coming up. I'm speaking on the Monday I believe it's the 11th or 12th.
I'll double check that. Um talking about rogue robots and the challenges they present from a cybersecurity perspective. So this is where we go outside of the pure digital realm and work in what's called operational technology. So you've heard of IOT that's the internet of things commonly that refers to consumer stuff.
So things I've got around the house, um you know, things like uh Amazon Echo, um things like smart light bulbs, all that kind of stuff that's commonly iot it's mainly a consumer bet ot is the stuff operational technologies, the stuff that we've had building up in the backgrounds that we're not really aware of.
So uh industrial manufacturing, autonomous cars, medical systems, these kind of things that are getting smarter and smarter and smarter and a lot of them have been built with real concerns, physical safety and real world safety, but not so much cybersecurity.
So I'm talking about that um at South by Southwest. Um If you're in the neighborhood, please come on out and support me. Um I would love to see it. I would be giving talks on that topic um throughout the spring and summer.
I hope I'm still looking at the conference set up there, but obviously I'll be sharing a lot by a video and uh on my social property. So on, I get it. Yeah, right on. See I'm getting better at that um on marknca on Twitter here on Facebook, linkedin, all that.
Um Happy to talk to you. So, uh thank you very much for continuing to support this show. I look forward to talking to you today and every day here on out, have a great day builders. Ok. Good. It's good to know if I need to shut off which system.
So anyway, have a great day guys.
