WEBVTT 00:00:00.574 --> 00:00:06.574 Typical points of failure for requirement 1.4? 00:00:06.574 --> 00:00:08.574 It's kind of a binary thing. 00:00:08.574 --> 00:00:10.574 Either you've done this or you haven't. 00:00:10.574 --> 00:00:12.796 And if you've done it, 00:00:12.796 --> 00:00:16.574 then even if they are sort of minor areas of noncompliance, 00:00:16.574 --> 00:00:20.574 they're relatively easy to hammer into shape. 00:00:20.574 --> 00:00:22.574 And if you haven't, then you've just got to do it. 00:00:22.574 --> 00:00:25.301 And so is that the same really for businesses as 00:00:25.301 --> 00:00:27.288 usual for your second assessment, 00:00:27.288 --> 00:00:29.574 when the organization either does it or it doesn't do it? 00:00:29.574 --> 00:00:30.074 Right. 00:00:30.074 --> 00:00:32.074 I mean baring, again, 00:00:32.074 --> 00:00:36.974 if they've done some sort of central management to deploy the right 00:00:36.974 --> 00:00:39.574 kind of configurations or they have the sort of knack and policy 00:00:39.574 --> 00:00:42.574 adherence testing at connection point, 00:00:42.574 --> 00:00:46.574 unless somehow that's come undone in the intervening period, 00:00:46.574 --> 00:00:48.574 yeah, I mean you've either got it or you don't. 00:00:48.574 --> 00:00:48.847 Okay. 00:00:48.847 --> 00:00:51.574 Do you know if this was a cause of compromise? 00:00:51.574 --> 00:00:53.574 I've not heard of this being a cause of compromise anywhere. 00:00:53.574 --> 00:00:54.574 I've not either. 00:00:54.574 --> 00:00:55.074 Yeah, okay. 00:00:55.074 --> 00:00:57.574 So it's not one that's liable to let the bad guy in. 00:00:57.574 --> 00:00:59.574 We know it's a way the bad guy come in. 00:00:59.574 --> 00:00:59.907 Right. 00:00:59.907 --> 00:01:04.717 I guess I'm aware of at least some pen testing scenarios 00:01:04.717 --> 00:01:09.574 where the attack had some social engineering kind of quality 00:01:09.574 --> 00:01:11.574 of targeting the administrator. 00:01:11.574 --> 00:01:12.018 Something, 00:01:12.018 --> 00:01:18.241 I think I heard a Kevin Mitnick talk where they sent some 00:01:18.241 --> 00:01:22.574 cool keyboards to a bunch of the IT people. 00:01:22.574 --> 00:01:25.574 You know, hey, here's this promotional like cool gaming keyboard or whatever, 00:01:25.574 --> 00:01:28.574 and they all plugged them in and passed them around, 00:01:28.574 --> 00:01:29.574 but somebody had, you know, 00:01:29.574 --> 00:01:32.074 it was like a soldered Arduino device or something like that 00:01:32.074 --> 00:01:36.074 into it that then created some tunnel back out, 00:01:36.074 --> 00:01:36.574 right? 00:01:36.574 --> 00:01:38.574 And then they could hop in through the administrator workstation. 00:01:38.574 --> 00:01:42.574 So, am I aware of actual bad guy attacks doing this? 00:01:42.574 --> 00:01:43.003 No. 00:01:43.003 --> 00:01:45.574 Am I aware of simulated situations? 00:01:45.574 --> 00:01:46.574 Yes. 00:01:46.574 --> 00:01:48.574 And it wasn't originally, from my memory, 00:01:48.574 --> 00:01:50.574 it wasn't in the first version of DSS, was it? 00:01:50.574 --> 00:01:54.574 No, it came along somewhere in the, I think, version 2. 00:01:54.574 --> 00:01:54.756 Yeah. 00:01:54.756 --> 00:01:58.574 And I think that was after the worms came out, where people went oh, yeah. 00:01:58.574 --> 00:02:01.574 And we have to remember, again, DSS is 12 years old. 00:02:01.574 --> 00:02:03.574 Twelve years ago, Windows didn't have the firewall for free. 00:02:03.574 --> 00:02:04.574 No, it didn't. 00:02:04.574 --> 00:02:05.574 There was no firewall in Windows, 00:02:05.574 --> 00:02:16.574 so that was part of the reason for putting it in.