Never Miss An Episode | Subscribe Now
Shows
ShopAboutWork With Us
Never Miss An Episode | Subscribe Now

July 21, 2021

Credential Stuffing w/ Dr. Sam Small

by Cyber Ranch

Listen Now

test
Credential Stuffing w/ Dr. Sam Small

July 21, 2021 Cyber Ranch

00:00:00

Show Notes

In this episode, Allan's friend Dr. Sam Small, CISO of Zero Fox, joins us to chat about credential stuffing, its implications and the defenses against it. Several statistics are given from a few industry reports on credential stuffing, including the Verizon DBIR and F5's report. Several techniques to foil credential stuffing are explored, as well as common traps when combatting credential stuffing. OWASP provides some guidance in this area. The criminal's abilities vis a vis breach sharing and botnet as a service are discussed as well. Finally, Sam explains what keeps him going in cybersecurity... Key Takeaways: 1:08 Sam's background and education in cyber 2:41 Sam defines credential stuffing and explains why we should care about it 4:17 The origins of the term 'credential stuffing' vs. its history 4:39 Is ransomware the end goal of every single kind of cyber attack? 5:22 Botnets as a service to drive credential stuffing attacks 6:33 Allan cites statistics from the Verizon Data Breach Incident Report 7:23 The DDoS aspects and related cloud costs of credential stuffing 8:48 Sam's theory about F5 report statistics on credential stuffing being interestingly somewhat contradictory 10:43 Anecdotally anyway, password reuse appears to be a huge problem still 11:51 Comabating credential stuffing and common traps in doing so 13:23 Credential stuffing and data breaches are not the same thing 14:17 Getting credential stuffers shut down by way of their service providers 15:25 Practical tips from OWASP for preventing credential stuffing in your environment 19:10 The difference between a comprehensive defense and not 20:32 Are obscure usernames useful in the fight? 22:06 Proposal for user-centric federation to monitor account usage everywhere 23:06 Obligations of those who suffered a breach of credentials 25:14 Criminals share data on their side 26:09 What keeps Sam going in cybersecurity Links: Learn more about Sam on LinkedIn Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs
Read more

Recent Episodes

View All

May 31, 2023

1% Leadership with Andy Ellis

by Cyber Ranch

This week's show is exciting because Allan has been waiting for Andy's book on leadership to come out for quite some time.  The book is called “1% Leadership – Master The Small, Daily Improvements That Set Great Leaders Apart”, and it consists of 54 ...

Listen Now
May 24, 2023

Will LLM AI Close The Bad Guys’ Skills Gap? with Adrian Sanabria

by Cyber Ranch

This episode is a bit scary.  Adrian Sanabria, who on an earlier show busted many cybersecurity myths, is back again, this time analyzing the impact of Large Language Model Artificial Intelligence on a hypothesized skills gap on the bad guy side. Pre...

Listen Now
May 22, 2023

RSAC 2023 SPECIAL EDITION Campfire Chats - Part 1

by Cyber Ranch

This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023.  Guests include: Chris Kennedy, CISO @ Citadel Gary Hayslip, CISO @ Softbank Investment Advisers Michael Calderin, CISO @ YAGEO Group Reet  Kaur, CISO @ Portland C...

Listen Now
May 17, 2023

Two Founder CEOs with Merav Bahat and Mickey Bresman

by Cyber Ranch

Leadership skills, technical skills, cybersecurity skills, pluck, drive and determination are all on display as Allan interviews Merav Bahat, CEO @ Dazz and Mickey Bresman, CEO @ Semperis. Dazz has completed a Series A investment round.  Semperis a S...

Listen Now
May 10, 2023

Security Chaos Engineering with Kelly Shortridge

by Cyber Ranch

What is security chaos engineering?  You may remember Kelly Shortridge, our very first guest, who came on the show to talk about behavioral economics and cybersecurity.  Well Kelly is back to talk about her new book, "Security Chaos Engineering: Sust...

Listen Now
May 3, 2023

The 9-Layer Cybersecurity Program Cake with Bryan Liebert

by Cyber Ranch

Bryan Liebert is one smart cookie.  Who bakes cybersecurity cakes.  But seriously, Bryan has been a CISO, consultant, architect, and has served many other roles in cybersecurity.  His specialty is creating simple to digest (we could not help it, sorr...

Listen Now
April 26, 2023

Four Problems with Cybersecurity with Adrian Wright

by Cyber Ranch

Adrian Wright, "The Cynical CISO" of LinkedIn fame, joins Allan to discuss four areas where cybersecurity is perhaps getting it wrong: Cybersecurity viewed as a necessary evil, related to The Twilight Zone Ownership, Authority, Accountability: Invent...

Listen Now
April 24, 2023

The Cloud and the Big Bang of Data with Cecil Pineda and Gene Moore

by Cyber Ranch

Join us for a SPECIAL EDITON! episode of The Cyber Ranch Podcast LIVE! from CISO XC in Dallas-Fort Worth, Texas! The topic is data security: its challenges and how to overcome them. Joining Allan are Cecil Pineda of R1 ("Cecil the CISO") and Gene Moo...

Listen Now
April 19, 2023

The Blurring of Personal & Corporate Security with Leigh Honeywell

by Cyber Ranch

We always think of cybersecurity startups as companies who contribute to the tech stack in an organizational environment - usually the enterprise.  We also think of personal cybersecurity in terms of protecting Grandma or our kids from the bad guys. ...

Listen Now
April 12, 2023

Design Partnerships with Emily Heath

by Cyber Ranch

Emily Heath is a well-known and well-respected figure in cybersecurity.  She has been a CISO three times in a variety of industries, including software and a major airline.  She has been in law enforcement, is a partner at a VC firm, and serves on bo...

Listen Now