In the Naked Security podcast, hosted by Doug Aamoth and Paul Ducklin, technology-related news and issues are discussed. In one episode, they delve into the importance of security in the internet of things (IoT) and share cautionary tales about inside threats. One story they discuss is about a sysadmin who ransomed his own employer. The attacker managed to get sysadmin powers, extract gigabytes of confidential data, and demand 50 bitcoins (valued at $2 million USD at the time) to keep quiet. The crook was later identified as one of the company’s own sysadmins who had been drafted into the team to find and expel the attacker. He pleaded guilty and received six years in prison, three years of parole, and was ordered to pay a penalty of $1.5 million.
The hosts offer three pieces of advice for preventing similar incidents. First, they suggest dividing and conquering by requiring the authorization of two people, ideally from different departments, for certain key system activities. This makes it harder for a lone insider to pull off tricks because they would have to collude with everyone else that they need co-authorization from. Second, they recommend keeping immutable logs, which means logs that cannot be rewritten. This ensures that these logs serve as evidence and cannot be tampered with. Lastly, they emphasize the importance of measuring instead of assuming.
In the episode, the hosts also discuss the failure of Apple III, which was designed by marketing people instead of engineers. The computer was meant to look good and capitalize on Apple II’s success, but it could not run all Apple II programs and was not as expandable as Apple II. Some early models of Apple III also had their chips seated improperly in the factory, which led to problems. This example highlights the importance of engineering and quality control in technology.
Overall, the Naked Security podcast offers insightful discussions and advice on technology-related news and issues. The hosts’ expertise and humor make for an engaging and informative listening experience.