Welcome to a special edition of Breaking Badness. For this Voices from Infosec episode of Breaking Badness, our special guest was a researcher who goes by the handle “NullCookies.” All of our guests are unique, of course, but one thing that sets NullCookies apart from previous guests is something you’ll notice immediately upon listening to the episode: he composed original theme music for us! It’s called “Bad Domain” and it’s fantastic.
Co-host Chad “Piffey” Anderson and I spoke to our guest about OPSEC (operational security) and, as befits such a topic, we referred to him as “Bob.” Here are some of the highlights of what, um, Bob, covered with us.
- OPSEC means carefully controlling what information you reveal about yourself or your operations.
- Language, and nuances of it, can be an overlooked signal. If you’re trying to fit in with a group, just having proficiency in their native language is not enough. Idioms, cultural references, and other social cues are critical.
- Everyone is going to have the occasional OPSEC fail. Threat actors do, but ordinary folks do too. It doesn’t mean you (or they) are stupid. It means you (or they) are human.
- In light of the above, it’s important to tilt the odds as much in your favor as possible by doing the basics well. Strong passwords, unique usernames, using a password manager – all of these reduce the risks of a slip up.
- Beware hubris. Something something pride goeth before the fall something something.
- If you’re not using haveibeenpwned.com, you’re not doing it right.
- A certain actor group forgot to include baked goods in their threat model. (Tune in for details!)
- When not making life more difficult for criminals, “Bob” enjoys ice climbing and making music. All three have a common thread: being willing to creatively take risks.
- You didn’t know that medieval motets could inform noise music, did you? Well, now you do.
- Chad and Tim discuss how they nerd out on film photography and percussion instruments, respectively.
Our thanks to “Bob” for a wonderfully informative and wide-ranging discussion!
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!