Ep.25 Josh Lospinoso | Encryption and Backdoors Pt 2
In this episode of the Cybrary Podcast, we sit down with Josh Lospinoso, the CSO of Shift5. Speaking with Mike Gruen, the CISO of Cybrary and Jonathan Meyers, the Head of Infrastructure for Cybrary, they talk about a wide range of subjects including encryption and government backdoors.
Share it with friends now!
Josh Lospinoso, CSO at Shift5, Mike Gruen, CISO at Cybrary, and Johathan Meyers, Head of Infrastructure at Cybrary, are here in the second part of a talk about encryption and backdoor, and there are some speeches about Josh’s new C++ Crash Course and his company.
IoT is one of the hot topics among other topics these days. One thing is for sure, that it makes people’s life convenient, but its security is not taken seriously from both the manufacturer and the user side. According to Josh, IoT based devices are exposed more to security issues because they are based on wifi. Wifi signals could be captured almost anywhere between the sender and the receiver on the air. Wireshark and Ramsey Box, which are the ideal ones for Josh, are two of the tools that can capture packets and signal on the air. This can be way useful to get packets from wifi signals. It can give critical information to the attacker about the communication, about the sender and about the\ receiver, and much more. One of the security points from the users’ view is they don’t have security understanding at a basic level, so they can’t imagine if their device is owned by an attacker, what wrongs can be done. They only think about the convenience they get. So, this is also considered a reason why people are so careless about their IoT devices’ security. The communication must be encrypted, so no information can be gained in case the packets are captured.
Another common security issue is phone numbers. This is because Sim cards can be cloned and taken over, so any account which is created based on that Sim will be taken over. A clear example of it can be the Revolut which is a banking app. Recently, someone’s account was taken over and emptied because his phone number was spoofed and the two-factor authentication was stolen. This type of attack is a common thing at the moment, and it is a security concern.
The talks go over the C++ Crash Course which is available on Amazon, and it is the 17th most popular book among C++ books. Josh basically wrote this book collecting different stuff together to make it a great one. He says, most people think C++ is dead, but according to him the modern C++ is more like Python and will have some new incredible features in it like the module systems. This makes dependency management easy and important. Josh has started a company that has above ten developers in it now, but he has plans of hiring more developers for the next year.