Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Similar to QPC Security - Breakfast Bytes
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Physical threats to mobile phones, SIM hijacking, out of band SMS, and Yubikeys
Manage episode 381384861 series 2981977
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Part 1 of a two-part series on threats to mobile devices and through mobile devices. Tactics and techniques to deal with those threats. Cohost: Tom Dean – Consulting Ventures
…
continue reading
- Tom has decades in capital goods manufacturing industry (fortune 500 scale)
- Years of experience in marketing, sales & interfacing with independent dealers/distributors (small/medium scale)
- Current focus is strategy & risk management consulting
- Lifelong learner and an interest in technology.
- Strategy + risk management ---> mobile devices
Laptops have transformed to mobile devices (phones and tablets)
Risk was more contained with laptops, but the impact is much higher with mobile phones. A lot of nuances around "was the password revealed?"
Biometrics are convenient but quite dangerousBiometrics are a proxy for a numeric passcode on a mobile device.
Physical compromise is a 5-alarm fire situation.
Physical loss when it is not compromised is not that big of an issue as long as authenticators are backed up.
Must have erase after 10 bad password attempts. Turn off notifications on screen lock. Do not have notifications turned on to display on the lock screen.
Avoid banking apps.
The first things that the baddies go after are Venmo, Apple Pay, Cash apps.
Out of band SMS for MFASIM swapping risk, or eSIM embedded in the phone
Put a PIN on your physical SIM.
MySudo – Can clone that instance to other phones.
Password manager on phoneDisaster if this is based upon your biometric. You can use a different or secondary PIN. You can use Yubikey.
Password manager helps you recover.
Segmentation strategiesThey can see all the emails on your phone and change passwords or password reset is typically done via email
Screentime on Apple can be helpful, but there are weaknesses there. The only way to really secure the device is to use a MDM. You still need to be concerned about MFA and account takeovers.
Need to have an out of band mechanism to receive alerts and ability to remove kill the device.
Microsoft Authenticator and Google Authenticator do not have a separate PIN.
Authy is free. It has its own separate PIN.
Yubikey is great but assumes that you can manage controlling the physical access to that. Do not store on your key chain.
Diversification strategy with inventory.
MDM- Kill apps
- Apple configurator – small scale
- Apple Business Manager
- Jamf – requires Apple Business account for security
- Inexpensive “Jamf Now” for small businesses. Minimum is one device. The first 3 are free. Still affordable beyond that.
- Don’t let anyone change the account on this device.
- You have to figure out a lot on your own and block URLs that you don’t want accessed.
- Apple devices need to be in supervised mode, so it matters how you buy them.
- Intune
- loss of device (resiliency e.g. MFA)
- theft of device involving passcode surrender (loss mitigation)
- SIM swap (cellular store employees)
- SIM card theft (removal of SIM card from phone)
- OS decision (iOS vs. android)
- Note that one is not better than the other
- Risk reduction is all about an individual's ability to manage the risks based upon platform selection
- MDM (remote data wipe): small-scale co (Apple Configurator or JamfNow) vs. corporate MDM
- MFA backup/diversification (SMS via cell or VOIP providers vs. TOTP vs. passkey/yubikey etc.)
- App selection (OS-based or Independent)
- App protection (‘independent’ PIN protection vs. face/touch ID)
- ‘Attack Surface’ – minimization of exposure (e.g. banking apps, cash apps, findmyfriends etc.)
96 episodes
Share
Manage episode 381384861 series 2981977
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Part 1 of a two-part series on threats to mobile devices and through mobile devices. Tactics and techniques to deal with those threats. Cohost: Tom Dean – Consulting Ventures
…
continue reading
- Tom has decades in capital goods manufacturing industry (fortune 500 scale)
- Years of experience in marketing, sales & interfacing with independent dealers/distributors (small/medium scale)
- Current focus is strategy & risk management consulting
- Lifelong learner and an interest in technology.
- Strategy + risk management ---> mobile devices
Laptops have transformed to mobile devices (phones and tablets)
Risk was more contained with laptops, but the impact is much higher with mobile phones. A lot of nuances around "was the password revealed?"
Biometrics are convenient but quite dangerousBiometrics are a proxy for a numeric passcode on a mobile device.
Physical compromise is a 5-alarm fire situation.
Physical loss when it is not compromised is not that big of an issue as long as authenticators are backed up.
Must have erase after 10 bad password attempts. Turn off notifications on screen lock. Do not have notifications turned on to display on the lock screen.
Avoid banking apps.
The first things that the baddies go after are Venmo, Apple Pay, Cash apps.
Out of band SMS for MFASIM swapping risk, or eSIM embedded in the phone
Put a PIN on your physical SIM.
MySudo – Can clone that instance to other phones.
Password manager on phoneDisaster if this is based upon your biometric. You can use a different or secondary PIN. You can use Yubikey.
Password manager helps you recover.
Segmentation strategiesThey can see all the emails on your phone and change passwords or password reset is typically done via email
Screentime on Apple can be helpful, but there are weaknesses there. The only way to really secure the device is to use a MDM. You still need to be concerned about MFA and account takeovers.
Need to have an out of band mechanism to receive alerts and ability to remove kill the device.
Microsoft Authenticator and Google Authenticator do not have a separate PIN.
Authy is free. It has its own separate PIN.
Yubikey is great but assumes that you can manage controlling the physical access to that. Do not store on your key chain.
Diversification strategy with inventory.
MDM- Kill apps
- Apple configurator – small scale
- Apple Business Manager
- Jamf – requires Apple Business account for security
- Inexpensive “Jamf Now” for small businesses. Minimum is one device. The first 3 are free. Still affordable beyond that.
- Don’t let anyone change the account on this device.
- You have to figure out a lot on your own and block URLs that you don’t want accessed.
- Apple devices need to be in supervised mode, so it matters how you buy them.
- Intune
- loss of device (resiliency e.g. MFA)
- theft of device involving passcode surrender (loss mitigation)
- SIM swap (cellular store employees)
- SIM card theft (removal of SIM card from phone)
- OS decision (iOS vs. android)
- Note that one is not better than the other
- Risk reduction is all about an individual's ability to manage the risks based upon platform selection
- MDM (remote data wipe): small-scale co (Apple Configurator or JamfNow) vs. corporate MDM
- MFA backup/diversification (SMS via cell or VOIP providers vs. TOTP vs. passkey/yubikey etc.)
- App selection (OS-based or Independent)
- App protection (‘independent’ PIN protection vs. face/touch ID)
- ‘Attack Surface’ – minimization of exposure (e.g. banking apps, cash apps, findmyfriends etc.)
96 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to QPC Security - Breakfast Bytes
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
