Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 0

Toxicity & Security's Responsibility

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Good morning, everybody. How you doing today? Welcome to episode 90 of mornings with Mark crazy. Thank you for participating. Thank you for following along for a difficult one. Because a couple things cross my mind this weekend. You can tell by the background. I'm in a hotel room in San Francisco.

I'm still up here for certain Wisconsin Security in my mind isn't perfect for that talk as I'm adjusting on that talk is about security culture and how a lot of the stuff is going to collide in. The server was Community. I'm traditional security culture and the serverless sort of ethos really conflict and there's some interesting things there that I've been the last few months actually wasp Gees years already this morning about toxicity sort of insult.

Work's interesting extortion email started to brew in my mind the Challenger round security and what securities roll is. Now any of you speak publicly. You'll know. I'm the common how old one tends to be something along the lines of stopping bad guys protecting on systems from hackers this kind of stuff great activity definitely part of security.

I don't think it's entirety to ask somebody with in cybersecurity then get something along protecting the confidentiality integrity and availability for cyber security. It's to make sure whatever you've works as intended and only as intended so if you're building a system to process lunch orders, that's all it should do what you do.

Breakfast it should just do lunch orders because if somebody is using it to work so very clear definition. The flip side. Is it that you change the culture in that part of what I'm going to be ice cream and I will show you this is the main slide at the intro slide from my talk today, you know calling BS on security of cultural Challenge and started getting me down the thought process because I'm not an email email not in any requirement at to do anything, but just wondering how many people will fall for this and we can get a significant amount email out.

Where you folks are on the podcast. It's a z I will come directly to the point. I know and they had my actual an old for this is your password as proof of this. You don't know me personally. No one employed me to examine you. It's just your bad luck that I stumbled across actually I setup a malware on the adult videos parentheses porno and you visited the site to have fun parentheses.

You know what I mean? Remote desktop having a keylogger which provide me access ability to your screen and also your webcam after that myself or gathered all of your contacts from your messenger FB as well as mailbox next. I gave him any more time that I should have digging into your life and traded it to Screen Video.

The first part shows you the recording you would been viewing and the other part shows the capture from your Camp parentheses. It's you doing now. He thinks email continues to go on and says you need to pay me 26. I'm going to send out. To Screen Video. Everybody know if you email about of course is all Bs.

What happened is some enterprising cybercriminal has gotten their hands on it was either in the cleaner or they reversed the password hashing and they have a set of emails in a password. So what they do is they write this song they send it to the email with the subject line of the password they found in the deep and they fry them on the skin.

There's no tracking pixel in the email. I looked at all the source. They sent it from Hotmail. They cream this email in a word doc, which on some level as a security professional sort of offends me now, nobody's paid with a wallet that I was sent. But I'm sure other people have any better.

This is scary if you had been watching adult videos nothing wrong with that, but maybe you don't Feel That You're vulnerable to descend maybe you play so this criminal it takes them no effort whatsoever to write a script to everybody in a very low-cost crime for them and it comes up.

It's another example sore toxicity in the system now emails been around for 40 plus years. There's not much we can do about this but also stumbled across this fantastic article from everywhereist. I'm so Geraldine is the everywhereist on TuneIn everywhere else. Com online. When she posted article called what happened when I tried talking to Twitter abusers supposed to this yesterday and it's gut-wrenching.

It's an absolutely explains that she replied to people who are being offensive who were being misogynistic to or being aggressive and violent on Twitter and ask them flat-out questions. Like would you say this to somebody in person and what did you mean by that? What is your desired outcome from this type of thinking chicken? Bartaman are not willing to engage in a productive discussion.

So this is a great article tweet this out shortly. For those of you were watching a walk here August you can see the URL for those of you. I'm on the podcast everywhereist. Com. It's a great great peace now. Why I started thinking about this was because security has a role here you go back to my definition.

I have make sure that systems work as intended and only as intended now, you're not going to be able to stop toxicity in tools that connect people. It's just not going to happen or talked about this ad nauseam off with media in relation to Facebook in relation to Twitter in relation to various scams on YouTube.

Security requires people that requires process and it requires products now the products help enforce the process which helps amplify the people in all three needs to work together. Now, you're not going to stop toxicity on social network. You're not going to stop talking to me on something like email.

You connect a billion plus people on a platform like Facebook a good percentage of those are going to be good people. I'm paid unfortunately larger than we would like to percentage Souls. That's just the way it is an entire spectrum of people within that billion. The challenge has created a system that helps respond when things get out of out of whack and one of the things that's really frustrating in the everwinter cervical.

I'm in another reports of abuse isn't the fact that the abuse happens that's a people problem and we're not going to solve people with technology. It's the lack of response from the platform when it's reported when it's verified when it's off. And I think that's a security failure. I think security has a big role to play in something like that where you need to build a system for Billing System let people communicate and there's the potential for abuse shelters humans.

There's the potential for abuse you need to be able to create mechanisms that help get that back under control and I'm in that's not censoring content necessarily that's making sure that there's a process was quick and efficient in place for that bad content to be report for Action to be taken when an incident occurs.

So it's setting of guardrails and setting up an additional work there and I think from secure a perspective within the community like to results back door Resort back to Technical Solutions machine learning automatically get all this stuff not going to happen just not possible with the technology we have today.

So there's a there's a roll there in used to be part of discussion goes to M episode 89 is topic on discussion scale when anytime people are engaged there's negativity there now, I know this Usual and I appreciate your patience. I have lots to think about here absolutely lost.

I think about lots to discuss hopefully positively and constructively let me know. What do you think? I'm at Mark NCAA online in the comments down below for the Vlog on as always by email searching for podcast listeners me at Mark and CA important critical topic. What do you think? What are your experiences What's Ruby thought of security in that aspect in before I let me know.

I hope you're set up for a fantastic day. I will be live-tweeting a lot from serverlessconf. I am speaking this morning and found on security and security culture. Hope you have a fantastic day. I will see you online and have that discussion with you and I will hopefully see you on the show tomorrow.

Take care. Good morning, everybody. How you doing today? Welcome to episode 90 of mornings with Mark crazy. Thank you for participating. Thank you for following along for a difficult one. Because a couple things cross my mind this weekend. You can tell by the background. I'm in a hotel room in San Francisco.

I'm still up here for certain Wisconsin Security in my mind isn't perfect for that talk as I'm adjusting on that talk is about security culture and how a lot of the stuff is going to collide in. The server was Community. I'm traditional security culture and the serverless sort of ethos really conflict and there's some interesting things there that I've been the last few months actually wasp Gees years already this morning about toxicity sort of insult.

Work's interesting extortion email started to brew in my mind the Challenger round security and what securities roll is. Now any of you speak publicly. You'll know. I'm the common how old one tends to be something along the lines of stopping bad guys protecting on systems from hackers this kind of stuff great activity definitely part of security.

I don't think it's entirety to ask somebody with in cybersecurity then get something along protecting the confidentiality integrity and availability for cyber security. It's to make sure whatever you've works as intended and only as intended so if you're building a system to process lunch orders, that's all it should do what you do.

Breakfast it should just do lunch orders because if somebody is using it to work so very clear definition. The flip side. Is it that you change the culture in that part of what I'm going to be ice cream and I will show you this is the main slide at the intro slide from my talk today, you know calling BS on security of cultural Challenge and started getting me down the thought process because I'm not an email email not in any requirement at to do anything, but just wondering how many people will fall for this and we can get a significant amount email out.

Where you folks are on the podcast. It's a z I will come directly to the point. I know and they had my actual an old for this is your password as proof of this. You don't know me personally. No one employed me to examine you. It's just your bad luck that I stumbled across actually I setup a malware on the adult videos parentheses porno and you visited the site to have fun parentheses.

You know what I mean? Remote desktop having a keylogger which provide me access ability to your screen and also your webcam after that myself or gathered all of your contacts from your messenger FB as well as mailbox next. I gave him any more time that I should have digging into your life and traded it to Screen Video.

The first part shows you the recording you would been viewing and the other part shows the capture from your Camp parentheses. It's you doing now. He thinks email continues to go on and says you need to pay me 26. I'm going to send out. To Screen Video. Everybody know if you email about of course is all Bs.

What happened is some enterprising cybercriminal has gotten their hands on it was either in the cleaner or they reversed the password hashing and they have a set of emails in a password. So what they do is they write this song they send it to the email with the subject line of the password they found in the deep and they fry them on the skin.

There's no tracking pixel in the email. I looked at all the source. They sent it from Hotmail. They cream this email in a word doc, which on some level as a security professional sort of offends me now, nobody's paid with a wallet that I was sent. But I'm sure other people have any better.

This is scary if you had been watching adult videos nothing wrong with that, but maybe you don't Feel That You're vulnerable to descend maybe you play so this criminal it takes them no effort whatsoever to write a script to everybody in a very low-cost crime for them and it comes up.

It's another example sore toxicity in the system now emails been around for 40 plus years. There's not much we can do about this but also stumbled across this fantastic article from everywhereist. I'm so Geraldine is the everywhereist on TuneIn everywhere else. Com online. When she posted article called what happened when I tried talking to Twitter abusers supposed to this yesterday and it's gut-wrenching.

It's an absolutely explains that she replied to people who are being offensive who were being misogynistic to or being aggressive and violent on Twitter and ask them flat-out questions. Like would you say this to somebody in person and what did you mean by that? What is your desired outcome from this type of thinking chicken? Bartaman are not willing to engage in a productive discussion.

So this is a great article tweet this out shortly. For those of you were watching a walk here August you can see the URL for those of you. I'm on the podcast everywhereist. Com. It's a great great peace now. Why I started thinking about this was because security has a role here you go back to my definition.

I have make sure that systems work as intended and only as intended now, you're not going to be able to stop toxicity in tools that connect people. It's just not going to happen or talked about this ad nauseam off with media in relation to Facebook in relation to Twitter in relation to various scams on YouTube.

Security requires people that requires process and it requires products now the products help enforce the process which helps amplify the people in all three needs to work together. Now, you're not going to stop toxicity on social network. You're not going to stop talking to me on something like email.

You connect a billion plus people on a platform like Facebook a good percentage of those are going to be good people. I'm paid unfortunately larger than we would like to percentage Souls. That's just the way it is an entire spectrum of people within that billion. The challenge has created a system that helps respond when things get out of out of whack and one of the things that's really frustrating in the everwinter cervical.

I'm in another reports of abuse isn't the fact that the abuse happens that's a people problem and we're not going to solve people with technology. It's the lack of response from the platform when it's reported when it's verified when it's off. And I think that's a security failure. I think security has a big role to play in something like that where you need to build a system for Billing System let people communicate and there's the potential for abuse shelters humans.

There's the potential for abuse you need to be able to create mechanisms that help get that back under control and I'm in that's not censoring content necessarily that's making sure that there's a process was quick and efficient in place for that bad content to be report for Action to be taken when an incident occurs.

So it's setting of guardrails and setting up an additional work there and I think from secure a perspective within the community like to results back door Resort back to Technical Solutions machine learning automatically get all this stuff not going to happen just not possible with the technology we have today.

So there's a there's a roll there in used to be part of discussion goes to M episode 89 is topic on discussion scale when anytime people are engaged there's negativity there now, I know this Usual and I appreciate your patience. I have lots to think about here absolutely lost.

I think about lots to discuss hopefully positively and constructively let me know. What do you think? I'm at Mark NCAA online in the comments down below for the Vlog on as always by email searching for podcast listeners me at Mark and CA important critical topic. What do you think? What are your experiences What's Ruby thought of security in that aspect in before I let me know.

I hope you're set up for a fantastic day. I will be live-tweeting a lot from serverlessconf. I am speaking this morning and found on security and security culture. Hope you have a fantastic day. I will see you online and have that discussion with you and I will hopefully see you on the show tomorrow.

Take care.