Transcripts
Hi, and welcome to Backup central's restore it all podcast.
Prasanna Malaiyandi:I'm your host WC Curtis w Curtis Preston.
W. Curtis Preston:Wow.
W. Curtis Preston:That's just, you will not assert my authority.
W. Curtis Preston:So welcome folks.
W. Curtis Preston:Welcome to the Backup Central's Restore it All podcast.
W. Curtis Preston:I am your host, and I actually know how to say my name w Curtis Preston, AKA Mr.
W. Curtis Preston:Backup, and I have with me, my voter abuse stress counselor, Malaiyandi.
Prasanna Malaiyandi:Oh, my gosh, Curtis, how are you doing after?
Prasanna Malaiyandi:So you volunteered at the elections and you were a site manager and
Prasanna Malaiyandi:for the listeners, if you wanna understand how elections work
Prasanna Malaiyandi:we did a podcast, uh, Last year.
Prasanna Malaiyandi:Was it no.
Prasanna Malaiyandi:Back in 2020 with Mark Thompson?
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Election poll site manager explains us election systems.
Prasanna Malaiyandi:Go take a listen to that, but yeah, you were in the primaries helping out
W. Curtis Preston:Yep.
Prasanna Malaiyandi:and you had an interesting time.
W. Curtis Preston:Yeah.
W. Curtis Preston:It's um, I, you know, I'll say the same thing to anybody
W. Curtis Preston:that anyone that's Curious.
W. Curtis Preston:If, if you do not trust our election system, then I would suggest you
W. Curtis Preston:go volunteer as a poll worker.
W. Curtis Preston:It, it is an incredibly information filled experience and, um, and that, and
W. Curtis Preston:that's what we talk a lot about, about.
W. Curtis Preston:In that podcast.
W. Curtis Preston:And then I wrote a blog, something like how hard it would be to actually hack the
W. Curtis Preston:elections, the, how absolutely improbable.
W. Curtis Preston:So many of the things that people are saying happened,
W. Curtis Preston:how absolutely improbable that.
W. Curtis Preston:I mean, there's no proof that it did happen and and how
W. Curtis Preston:difficult it would be to do that.
W. Curtis Preston:And, and, and the closer you get to the actual process, the more
W. Curtis Preston:you understand what I'm saying.
W. Curtis Preston:But I will tell you that the process of volunteering to be a poll worker,
W. Curtis Preston:especially election day, which is I get there at 6:30 in the morning.
W. Curtis Preston:And I'm there till about 10 o'clock at night.
W. Curtis Preston:And.
Prasanna Malaiyandi:It's a long day.
W. Curtis Preston:It's a long day and you know, it's funny
W. Curtis Preston:California or San Diego county.
W. Curtis Preston:Anyway, we do four days of voting.
W. Curtis Preston:In fact, there are some sites there's 203 sites.
W. Curtis Preston:I think voting sites and about a dozen of them are open 11 days.
Prasanna Malaiyandi:Oh my God.
Prasanna Malaiyandi:Could you imagine doing that?
W. Curtis Preston:yeah, I, I basically said a big fat no, when they said I
W. Curtis Preston:was like, listen, I got a JOB, I can't be, I can't be leaving for 11 days,
W. Curtis Preston:I mean, if I'm gonna leave for 11 days, what's that.
Prasanna Malaiyandi:Doing the podcast is your JOB, right?
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, yeah.
W. Curtis Preston:And so I was like, I was like, I.
W. Curtis Preston:I have zero interest in 11 day site, but I was at a four day site.
W. Curtis Preston:And for the first three days we got a whopping, like a grand total of
W. Curtis Preston:about 32 people over three day period.
W. Curtis Preston:And then on election day we got 266 people,
Prasanna Malaiyandi:Oh my God.
W. Curtis Preston:
:significantly more than 32.
Prasanna Malaiyandi:Yeah,
Prasanna Malaiyandi:just a little.
W. Curtis Preston:And, everybody's like, oh, I didn't, I didn't know you were open.
W. Curtis Preston:It's like, it's like, I guess you don't listen to the news
W. Curtis Preston:or the radio or anything.
W. Curtis Preston:That that's part of the problem is, you know, nobody watches the news or listens
W. Curtis Preston:to the, like, what's a radio, right?
W. Curtis Preston:The.
Prasanna Malaiyandi:Or checks their mail because
Prasanna Malaiyandi:you got they because they sent out flyers.
Prasanna Malaiyandi:They're like, Hey, here are those sites that are opened ahead of time.
Prasanna Malaiyandi:Go vote early.
W. Curtis Preston:yeah.
W. Curtis Preston:So, and of those 266 people, I'd say 10% of them were abusive
Prasanna Malaiyandi:Hmm.
W. Curtis Preston:to, to one degree or another,
W. Curtis Preston:um, you know,
Prasanna Malaiyandi:Do you just wanna curl up in the fetal position?
W. Curtis Preston:Yeah.
W. Curtis Preston:And, and as a site manager, I take the abuse.
W. Curtis Preston:Right?
W. Curtis Preston:I take the, I take the crazy questions.
W. Curtis Preston:Um, you know, I had a, I had a Sharpie gate question, which I don't know if you,
W. Curtis Preston:you remember Sharpie gate, but this, this thing of like, that people were being
W. Curtis Preston:handled Sharpie handed Sharpies instead of the official ballot marking pens.
W. Curtis Preston:And if you got a Sharpie, then your ballot wouldn't count, which was nonsense.
W. Curtis Preston:But that, that was one of.
W. Curtis Preston:And somebody actually asked me about that.
W. Curtis Preston:I was like, well, first off, not relevant to the current election because we use
W. Curtis Preston:a ballot marketing device, which is a screen that creates your printed ballot.
W. Curtis Preston:You will be doing, you know, that's one of the questions.
W. Curtis Preston:Are we gonna get paper ballots?
W. Curtis Preston:Yes.
W. Curtis Preston:You are going to use a paper ballot.
W. Curtis Preston:You're going to create it on that device right over there.
W. Curtis Preston:Which is a computer.
W. Curtis Preston:Is that a Dominion machine?
W. Curtis Preston:Yes.
W. Curtis Preston:Yes.
W. Curtis Preston:That is Dominion machine, but it, you will be able to see the, the thing
W. Curtis Preston:that it produces, which is your vote.
W. Curtis Preston:Um, so yeah, just all day long.
W. Curtis Preston:I don't mind questions.
W. Curtis Preston:I absolutely don't mind questions.
W. Curtis Preston:It's I don't need the, I don't need the.
W. Curtis Preston:Yeah, the attitude like I, like, I give everybody the same spiel
W. Curtis Preston:when they come up to the BMD.
W. Curtis Preston:That's the ballot marking device.
W. Curtis Preston:That's you might call it a voting machine.
W. Curtis Preston:We do not call it that.
W. Curtis Preston:A voting machine is what we used to do, which is, or what some
W. Curtis Preston:states used to do, which is it.
W. Curtis Preston:Records your vote, right?
W. Curtis Preston:This is not a voting machine.
W. Curtis Preston:This is a ballot marketing device.
W. Curtis Preston:It prints your ballot.
W. Curtis Preston:And I give this spiel to everybody about how it doesn't store your vote,
W. Curtis Preston:how it doesn't transmit your vote and how that you will be able to see your
W. Curtis Preston:vote before you print it, you'll be able to see your vote after you print it.
W. Curtis Preston:Cetera, cetera, cetera.
W. Curtis Preston:And this guy who was, you know, an anti BMD person was like, I
W. Curtis Preston:don't need, I'll figure it out.
W. Curtis Preston:Like, okay.
W. Curtis Preston:Okay.
W. Curtis Preston:Like, I'm just trying to help you vote, man.
W. Curtis Preston:You know, like I don't need you to snap at me.
Prasanna Malaiyandi:so I know before we've talked about like everyone, at some
Prasanna Malaiyandi:point in their life should work retail.
Prasanna Malaiyandi:Do you think everyone, at some point in their life should work an election?
W. Curtis Preston:I agree.
W. Curtis Preston:Yeah.
W. Curtis Preston:I'm yeah, I think so.
W. Curtis Preston:And first off it, it.
W. Curtis Preston:So San Diego county, 200 polling sites, average of eight people.
W. Curtis Preston:They wanted 10 people per site.
W. Curtis Preston:That's 2000 employees that are temporary employees that need to be hired and
W. Curtis Preston:vetted and trained prior to the election.
W. Curtis Preston:It requires two days of training to be a poll worker, five
W. Curtis Preston:days to be a site manager.
W. Curtis Preston:And, you know, we, we only ended up having seven people.
W. Curtis Preston:Let me just tell you.
W. Curtis Preston:There's a big difference between seven and eight and eight, nine, you know, on
W. Curtis Preston:election day, just try to get, there's no way to get the legally mandated numbers
W. Curtis Preston:of lunches and breaks and whatnot, and still function as a, as a site.
Prasanna Malaiyandi:because each person has their sort of
Prasanna Malaiyandi:role responsibility, right.
Prasanna Malaiyandi:Their task.
Prasanna Malaiyandi:And it's not like everyone's just doing the same thing.
W. Curtis Preston:Yeah, we cross train, right.
W. Curtis Preston:We cross train across the whole site so that everybody can do every job,
W. Curtis Preston:but still even with that, you have people that are better at certain jobs.
W. Curtis Preston:And, um, so it was, I'm just saying, I, it was.
W. Curtis Preston:It's a lot of work.
W. Curtis Preston:And then, um, and then we had to tear down everything the next day.
W. Curtis Preston:And, and now I'm today I'm, I'm sort of in, this is my first day where I get
W. Curtis Preston:to sort of breathe after all of that.
W. Curtis Preston:I don't have any election responsibilities, but yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Uh, and I, you know, I was looking for, and I'll throw out our disclaimer Prasanna
W. Curtis Preston:and I work for different companies.
W. Curtis Preston:He works for Zoom.
W. Curtis Preston:I work for Druva and this is not a podcast of either company.
W. Curtis Preston:These are our opinions and not theirs.
W. Curtis Preston:And, uh, be sure to rate us at ratethispodcast.com/restore.
W. Curtis Preston:And also, if, you know, if you listen to this and you, you're interested in
W. Curtis Preston:the things that we're interested in, then just reach out to me @wcpreston
W. Curtis Preston:on Twitter, or wcurtispreston@Gmail.
W. Curtis Preston:And we'll get you on, man.
W. Curtis Preston:You know,
Prasanna Malaiyandi:Come join us.
Prasanna Malaiyandi:Come talk to us.
W. Curtis Preston:come talk to us about.
W. Curtis Preston:You know, tape, disc backups, archives security.
W. Curtis Preston:We love talking security cuz it's so it's so adjacent to what we do.
W. Curtis Preston:Right.
W. Curtis Preston:It's funny.
W. Curtis Preston:I, I, I grew up hating security.
W. Curtis Preston:like when
Prasanna Malaiyandi:They were the people who would like stop
Prasanna Malaiyandi:you from doing things, right?
W. Curtis Preston:yes, yes.
W. Curtis Preston:Um, you you've been a Unix guy for a while.
W. Curtis Preston:You, you was, RSH still a thing when you started.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Mm-hmm,
W. Curtis Preston:Okay.
W. Curtis Preston:So in order to get, we used dump and, and, and, and rdump back in the day, right back
W. Curtis Preston:before I had a commercial backup utility.
W. Curtis Preston:The only way that rdump would work is to be able to rsh as root
Prasanna Malaiyandi:Oh,
W. Curtis Preston:one server to another, without a password.
W. Curtis Preston:Right.
W. Curtis Preston:Put all those things together.
W. Curtis Preston:And I just made a security person's head explode.
Prasanna Malaiyandi:Back in the days before the internet.
W. Curtis Preston:Well, we were, it was very, very, you
W. Curtis Preston:know, like internet was just,
W. Curtis Preston:I remember getting my AOL disc.
W. Curtis Preston:I was an AOL customer.
W. Curtis Preston:Jeezy, you've got mail.
W. Curtis Preston:What I remember was just really hating the security folks because all
W. Curtis Preston:they did, all they ever did was just get in the way of me doing my job.
W. Curtis Preston:And I will say that if you are a backup person, then stop that, right.
W. Curtis Preston:If that, if that's your way of looking at data security, cuz guess
W. Curtis Preston:what we're gonna talk about today.
W. Curtis Preston:We're gonna talk about information security.
W. Curtis Preston:We're gonna talk about the RSA conference.
Prasanna Malaiyandi:And for the people who are don't know who
Prasanna Malaiyandi:their security people are, go talk to them, have a conversation.
Prasanna Malaiyandi:Like I'm sure you both, like both teams are feeling the same sort of pressures and
Prasanna Malaiyandi:issues and just sort of go chat with them and figure out what you could do together.
W. Curtis Preston:Yes.
W. Curtis Preston:You both have a common goal, right.
W. Curtis Preston:Of keeping the company safe.
W. Curtis Preston:It's just, you look at it from different sides, right?
W. Curtis Preston:It's like the, that is that story about the elephant, like the people approaching
W. Curtis Preston:elephant, like one grabs a tail, one grabs like blind people approach it.
W. Curtis Preston:Do you know what I'm talking about?
Prasanna Malaiyandi:Are you crazy?
W. Curtis Preston:what do you know the story I'm talking about
Prasanna Malaiyandi:no.
W. Curtis Preston:It it's like three blind guys approaching an element.
W. Curtis Preston:Like one, you know, gets the legs.
W. Curtis Preston:One gets the trunk, one gets the tail and they describe the elephant
W. Curtis Preston:in three different ways because it's what they're experiencing.
W. Curtis Preston:You're experiencing the same thing is just you're approaching
W. Curtis Preston:it from a different angle.
W. Curtis Preston:And so just talk about it.
W. Curtis Preston:It's like, listen, I know, I know you wanna do this.
W. Curtis Preston:Here's how that makes my job difficult.
W. Curtis Preston:And he's like, I know you wanna do this.
W. Curtis Preston:Here's how that makes my job difficult.
Prasanna Malaiyandi:Yeah, I need access to every single system
W. Curtis Preston:Yeah.
W. Curtis Preston:And those of you that have heard the podcast, if you've, if you've listened
W. Curtis Preston:to the podcast, I, I, more than once, I'm sure I've told the story where
W. Curtis Preston:I worked at at, uh, a company where I, where the, the security people
W. Curtis Preston:shut me down in the middle of thing.
W. Curtis Preston:It was a Y2K thing.
W. Curtis Preston:It was, I just, I just lost it, but they were just, again, they
W. Curtis Preston:were just trying to do their job.
Prasanna Malaiyandi:Exactly.
Prasanna Malaiyandi:Be kind.
W. Curtis Preston:I mean, they, they did not, in my opinion, they did not do
W. Curtis Preston:their job because they were specifically told not to do what they ended up doing.
W. Curtis Preston:And that's why I went, you know, crazy.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, but the security people are your friends.
W. Curtis Preston:And if you're a, if you're a security type person listening to this and you,
W. Curtis Preston:you know, you hate the backup person.
W. Curtis Preston:Please don't.
W. Curtis Preston:So work together.
W. Curtis Preston:This headline from, uh, RSA, I found this excellent article.
Prasanna Malaiyandi:The RSA conference, just to be clear.
W. Curtis Preston:Thank you.
W. Curtis Preston:The RSA conference, which stands for,
Prasanna Malaiyandi:Is it three dudes names?
W. Curtis Preston:oh, I was gonna say really secure access.
Prasanna Malaiyandi:Co-founders Ron ADI and Leonard, sorry, their last names.
W. Curtis Preston:Okay, thank you.
W. Curtis Preston:I was, I was very confused
Prasanna Malaiyandi:Ron Reibes ADI Shamir and Leonard Adelman,
W. Curtis Preston:Well, there you
Prasanna Malaiyandi:R
W. Curtis Preston:then what about the SANs Institute?
W. Curtis Preston:Do you know what that stands for?
Prasanna Malaiyandi:secure something.
Prasanna Malaiyandi:Something,
W. Curtis Preston:something something the security people listening to
W. Curtis Preston:this podcast are like, oh man.
W. Curtis Preston:Uh, but anyway, if you're a security person, you know
W. Curtis Preston:what the SANs Institute is,
Prasanna Malaiyandi:CIS admin
W. Curtis Preston:well, there you go.
W. Curtis Preston:This was a talk at the annual RSA conference
Prasanna Malaiyandi:which I think they do every year is kind of like their keynote.
W. Curtis Preston:The keynote was the top five dangerous cyber threats in 2022.
W. Curtis Preston:So it's interesting because they are not, um, they're not very similar to
Prasanna Malaiyandi:What we think about normally.
W. Curtis Preston:no, what I'm saying is they're not the ones that they
W. Curtis Preston:talked about just a year or two ago.
Prasanna Malaiyandi:Hmm.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:Year or two ago, they were focused on living off the
W. Curtis Preston:land attacks, um, command and control.
W. Curtis Preston:Deep persistence, mobile exploit, checkmate and check rain.
W. Curtis Preston:I believe that's his and threats at the perimeter.
W. Curtis Preston:This is a very different list.
W. Curtis Preston:And I gotta say, looking at this list, I feel somewhat vindicated
W. Curtis Preston:because we've been talking about some of these things for a while.
W. Curtis Preston:Wouldn't you say?
Prasanna Malaiyandi:Oh yeah, for sure.
Prasanna Malaiyandi:It's it's interesting, like you were talking about earlier in our discussion
Prasanna Malaiyandi:about like security and backup are there's a lot of overlap there, right?
Prasanna Malaiyandi:Even in this list that they came up with, there's quite a lot of overlap
Prasanna Malaiyandi:between like what we normally talk about and think about from like a backup data
Prasanna Malaiyandi:protection perspective and what they're worried about from a security perspective.
W. Curtis Preston:Right.
W. Curtis Preston:So let's talk about the first one.
W. Curtis Preston:And it's called living off the cloud, which may sound familiar for those of
W. Curtis Preston:you that followed the SANs Institute.
W. Curtis Preston:So they had this concept of living off the land, which is people that were
W. Curtis Preston:using system management tools and systems to basically stay persistent and move
W. Curtis Preston:around laterally within the organization.
W. Curtis Preston:We talked about lateral movement and minimizing lateral movement in.
W. Curtis Preston:What podcast, when we had, uh, snorkel.
W. Curtis Preston:Do you have, do you have the titles up there?
Prasanna Malaiyandi:We did two, one was called security expert rips
Prasanna Malaiyandi:Okta for the response to hack, which probably isn't as respo, uh, isn't
Prasanna Malaiyandi:as relevant, but the next one is snorkel 42 security expert from Reddit
Prasanna Malaiyandi:explains his security cadence series.
Prasanna Malaiyandi:It is, it was done back in may of this year of
W. Curtis Preston:He talked about the idea of, one of the things that you
W. Curtis Preston:want to do is minimize lateral movement.
W. Curtis Preston:So in this, it's talking about living off the cloud, which basically
W. Curtis Preston:just sounds like the, the cloud version of living off the land
Prasanna Malaiyandi:It is a, it, it sounds reasonable.
Prasanna Malaiyandi:I think the one thing they mentioned is.
Prasanna Malaiyandi:With the cloud, right?
Prasanna Malaiyandi:Living off the land, you have access to certain resources and everything else.
Prasanna Malaiyandi:Cloud, you can just spin up things so quickly and use that as a staging
Prasanna Malaiyandi:point for so many other attacks, right.
Prasanna Malaiyandi:That it is.
Prasanna Malaiyandi:Um, a lot more scary than something that's just within
Prasanna Malaiyandi:the corporate network, right?
Prasanna Malaiyandi:Because a cloud might not be like.
Prasanna Malaiyandi:What's to prevent someone from spinning up an EC two instance, an AWS right.
Prasanna Malaiyandi:Forgetting and accidentally leaving it open to the internet.
Prasanna Malaiyandi:And now all of a sudden you have connectivity into
Prasanna Malaiyandi:that cloud instance, right?
Prasanna Malaiyandi:An attacker could.
Prasanna Malaiyandi:And from there, depending on how the networks are configured, they could
Prasanna Malaiyandi:easily get access to your internal data centers to other internal services,
Prasanna Malaiyandi:just because you misconfigured something in your cloud environment,
W. Curtis Preston:And then they also talked about.
W. Curtis Preston:Enterprises tend to trust, uh, their, their own cloud provider.
W. Curtis Preston:So if I want to attack you, and I know who your cloud provider is, I can
Prasanna Malaiyandi:go through
W. Curtis Preston:own environment inside that cloud provider and potentially
W. Curtis Preston:allowing me not direct access, but, um, you know, just slightly easier because
W. Curtis Preston:I'm coming from a place you trust.
W. Curtis Preston:Um, which I would think is relatively easy to protect against,
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:I don't know.
Prasanna Malaiyandi:It
W. Curtis Preston:again, not an information security because I, I'm
W. Curtis Preston:not gonna trust you just because you came from AWS, I'm gonna trust you
W. Curtis Preston:because you came from an IP address range or known IP addresses from AWS.
Prasanna Malaiyandi:But, but even those known IP address ranges, just because
Prasanna Malaiyandi:you're spinning up and down so quickly, if their private IP address is sure.
Prasanna Malaiyandi:But if their public IP addresses, given how I can quickly spin up, spin down,
Prasanna Malaiyandi:spot instances, everything else, like I don't actually know what IP range I
Prasanna Malaiyandi:will necessarily get for those instances
W. Curtis Preston:Well, again, I'm not running a corporate it
W. Curtis Preston:network, but I would think that there's a way to deal with that.
Prasanna Malaiyandi:
:there is, but it may be.
W. Curtis Preston:I think that's the point of this, of this thing is
W. Curtis Preston:to say, address that concern, right?
Prasanna Malaiyandi:Cloud makes it easy to do all these dynamic things, but make
Prasanna Malaiyandi:sure you're thinking about how to still secure, even though things could be
Prasanna Malaiyandi:dynamic, don't just leave it all open.
W. Curtis Preston:right.
W. Curtis Preston:And then the next is attacks against multifactor authentication.
W. Curtis Preston:And I've seen this.
W. Curtis Preston:First off, there are many different types of multifactor authentication.
W. Curtis Preston:There are different factors as they're called there is there's SMS.
W. Curtis Preston:There's email.
W. Curtis Preston:There are the little, um, the, to, you know, the little tokens,
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:uh, and then there are like apps like
W. Curtis Preston:authy or Google authenticator.
W. Curtis Preston:There's also just in my life.
W. Curtis Preston:I know I also use the Symantec app, like one of my financial vendors,
W. Curtis Preston:I have to download the Symantec MFA app as well as the, um, uh, oh.
W. Curtis Preston:And my, my bank has its own authenticator app.
Prasanna Malaiyandi:And since we're talking about RSA earlier, right.
Prasanna Malaiyandi:Remember back in the day, all the key fobs that you would have, right.
Prasanna Malaiyandi:Which would give you the six digit code, which you then use for MFA.
Prasanna Malaiyandi:And now everyone's moving away from that to, like you said,
Prasanna Malaiyandi:SMS or one of these apps.
Prasanna Malaiyandi:And I think the challenge is some of these methods are not as secure as others.
Prasanna Malaiyandi:And so someone can impersonate can spoof can acquire those MFA codes that are
Prasanna Malaiyandi:being sent to supposedly you Curtis, but they're intercepting it if you will.
Prasanna Malaiyandi:And using it to register their own devices.
Prasanna Malaiyandi:And once their own device is registered, now they have full access to everything.
W. Curtis Preston:Exactly.
W. Curtis Preston:And then, and then there's also just a concern when it is a physical
W. Curtis Preston:token or when it is an app on a phone or when it is an SMS to a phone.
W. Curtis Preston:What process do you have in place for when someone loses their, their token?
Prasanna Malaiyandi:No one ever loses their stuff, Curtis,
W. Curtis Preston:Right.
Prasanna Malaiyandi:or when they trade in their phone.
W. Curtis Preston:I don't know what you're talking about.
W. Curtis Preston:The, um, so, and, and do you have backup authentication mechanisms in
W. Curtis Preston:place for when somebody loses their, their primary authentication mechanism?
W. Curtis Preston:And do you have a way to disable the, you know, whatever, whatever I think
W. Curtis Preston:you should have like, like a more secure method, like an app or the token?
W. Curtis Preston:If you're attempting a direct attack on a person or on a company and
W. Curtis Preston:you've targeted a person, you can very easily target the physical
W. Curtis Preston:thing that they're using as a token.
W. Curtis Preston:Right.
Prasanna Malaiyandi:Your phone, right?
Prasanna Malaiyandi:This is what happens often with a lot of the crypto heists that you're seeing
Prasanna Malaiyandi:is people call into the cell phone provider, pretend to be the person,
Prasanna Malaiyandi:port the number over to another carrier.
Prasanna Malaiyandi:Do the MFA, get the code and then clear out their crypto wallet.
W. Curtis Preston:I went to a talk with, uh, Kevin Mitnick once, and
W. Curtis Preston:I know not, everybody's a huge fan of Kevin Mitnick, but I learned a
W. Curtis Preston:lot in that talk about things like.
W. Curtis Preston:How, how he gets, you know, how he hacks into physical, physical.
W. Curtis Preston:He, he has a lot more social engineering and physical
W. Curtis Preston:hacking than I would've thought.
W. Curtis Preston:And like, and he, he does white hat hacking.
W. Curtis Preston:Right.
W. Curtis Preston:And he talked about getting into a bank by using a, um, what,
W. Curtis Preston:what are, what are they called?
W. Curtis Preston:The little badges.
W. Curtis Preston:There's a name for that?
W. Curtis Preston:The,
Prasanna Malaiyandi:Oh,
Prasanna Malaiyandi:the key card,
W. Curtis Preston:that you,
W. Curtis Preston:what.
Prasanna Malaiyandi:the key card swipe
W. Curtis Preston:Well, like it's key card.
W. Curtis Preston:There's a, there's a name for that type of key card.
W. Curtis Preston:But anyway, he, he has a scanner that he can scan that if he's he, he has two
W. Curtis Preston:different ones, ones that he can scan from really close and the ones that he
W. Curtis Preston:can scan from like several feet away.
W. Curtis Preston:And he talked about going into a bathroom.
W. Curtis Preston:the men's bathroom in a bank where he needed to go and just waited for
W. Curtis Preston:a dude to come in, guys, you know, go into the bathroom and he's sitting
W. Curtis Preston:there scanning the guy's card.
W. Curtis Preston:Next thing you know, he's got a badge to get into the thing.
W. Curtis Preston:Again.
W. Curtis Preston:That's why we have MFA.
W. Curtis Preston:Right.
W. Curtis Preston:So, you know, you need something more than
Prasanna Malaiyandi:Digest that.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:plus a digit,
W. Curtis Preston:right?
Prasanna Malaiyandi:Or a picture.
W. Curtis Preston:Yeah.
W. Curtis Preston:Face
W. Curtis Preston:thumbprint.
Prasanna Malaiyandi:Something else?
W. Curtis Preston:Hopefully, he's not cutting off anybody's
W. Curtis Preston:thumbs, but all right.
Prasanna Malaiyandi:So the fourth one is attacks involving
Prasanna Malaiyandi:stalkerware against mobile devices.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:So.
W. Curtis Preston:Yeah.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Well, if you think about this, this is a lot around, like
Prasanna Malaiyandi:there is the NSO group, right?
Prasanna Malaiyandi:You're starting to see a lot of these sort of things being used, where people
Prasanna Malaiyandi:are able to leverage zero day bugs and other things to install spyware.
Prasanna Malaiyandi:If you will, on mobile devices.
Prasanna Malaiyandi:And they can do it without requiring any interaction from the user.
Prasanna Malaiyandi:They're now able to track where the user's going, what they're doing,
Prasanna Malaiyandi:read your emails, read all your text messages, pull out your MFAs.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:It's all scary stuff.
Prasanna Malaiyandi:And before we used to think, oh, it's only in spy movies and it
Prasanna Malaiyandi:won't happen to the common user.
Prasanna Malaiyandi:Now there's, there's like groups and companies, which this is what they do.
Prasanna Malaiyandi:And it's
W. Curtis Preston:Yeah, that, that that freaks me out.
W. Curtis Preston:Right?
W. Curtis Preston:The idea of people just sort of randomly grabbing my,
W. Curtis Preston:somehow these, these exploits.
W. Curtis Preston:That's why I will say like in my personal life, when, whenever.
W. Curtis Preston:Apple comes out with, and they're like, this is a security
W. Curtis Preston:update and I'm like, boom, I'm
Prasanna Malaiyandi:Uh,
W. Curtis Preston:done.
W. Curtis Preston:I've already like, I'm halfway through reading the article and
W. Curtis Preston:I've already started installing it
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:I think apple is the, yeah, I think apple products are the
Prasanna Malaiyandi:only one that I, oh, sorry.
Prasanna Malaiyandi:iOS products are the only ones that I immediately install.
Prasanna Malaiyandi:My laptop.
Prasanna Malaiyandi:I'm a little out of date
W. Curtis Preston:Yeah.
W. Curtis Preston:of course I, I'm not, I'm not dragging my laptop around.
W. Curtis Preston:Like I used to.
W. Curtis Preston:Right.
W. Curtis Preston:I'm look, I'm looking at my laptop right now, which for the record
W. Curtis Preston:is never on top of my laptop.
W. Curtis Preston:It just sits there.
W. Curtis Preston:Right.
W. Curtis Preston:Um,
W. Curtis Preston:yeah.
W. Curtis Preston:So that's, that's kind of, so I, I guess the biggest thing there is again,
W. Curtis Preston:secure your personal mobile device.
W. Curtis Preston:Um,
Prasanna Malaiyandi:be careful if you plug in, like, I've seen a lot of people,
Prasanna Malaiyandi:they go and they just take the USB cable and they're like, oh, there's a USB port.
Prasanna Malaiyandi:Let me plug it in.
Prasanna Malaiyandi:Or they see a cable like plugged in or just standing there.
Prasanna Malaiyandi:And they're like, oh, let me charge my phone quickly.
Prasanna Malaiyandi:And they plug it in.
Prasanna Malaiyandi:It's like, don't do those sort of things.
W. Curtis Preston:we, we, we talked a couple episodes ago.
W. Curtis Preston:I think we talked about this, about the, the dropping of the USB
W. Curtis Preston:thumb drives and stuff like that.
W. Curtis Preston:But again, that same talk that, uh, that I went to with Kevin Mitnick.
W. Curtis Preston:He had a, he had a guy come up on stage and he handed him a, a USB cable, a
W. Curtis Preston:USB charging cable for his iPhone.
W. Curtis Preston:And he's like, I want you to examine this cable.
W. Curtis Preston:He's.
W. Curtis Preston:I'm examining it.
W. Curtis Preston:And he's like, okay, you know, and he is like, does it look any different?
W. Curtis Preston:And he's like, Nope.
W. Curtis Preston:He goes, okay, we're gonna plug it in over here.
W. Curtis Preston:And he plugged it and he plugged it into the wall.
W. Curtis Preston:He plugged it into the wall and then he, and then he pulled up his laptop on
W. Curtis Preston:the screen and we could see that he was reading the guy's data off his phone.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:I'm.
W. Curtis Preston:Damn that's.
W. Curtis Preston:Yeah.
W. Curtis Preston:So stay away from, you know, stay away from strange devices.
W. Curtis Preston:This is also why you don't enable the USB, you know, the USB, uh,
W. Curtis Preston:the data access on the USB ports.
W. Curtis Preston:When you put in a strange device, this is why you don't just randomly
W. Curtis Preston:use random chargers out there.
W. Curtis Preston:Bring your own charger.
W. Curtis Preston:Um, Know thy cable.
W. Curtis Preston:Um, so the, the next one is another one.
W. Curtis Preston:That's that's kind of, and again, this is one of these, like, um, this is sort
W. Curtis Preston:of like the cloud, the cloud is not bad, but the cloud is being used in bad ways.
W. Curtis Preston:Bitcoin is not bad, but being Bitcoin is being used in bad ways.
W. Curtis Preston:And there's a couple different articles that I saw in this, this.
W. Curtis Preston:The the, the CRN article doesn't specifically mention Starlink, but
W. Curtis Preston:the other article did, and they were saying that that Starlink
W. Curtis Preston:enables a lot of really cool stuff.
W. Curtis Preston:And they were talking about how they were able to re enable
W. Curtis Preston:access in Ukraine, for example.
Prasanna Malaiyandi:When the modems got wiped and they lost access and
W. Curtis Preston:right.
W. Curtis Preston:J just similar to.
W. Curtis Preston:To that DR story that we had with, uh, the island that, uh, they, they had to
W. Curtis Preston:use wireless internet, or they had to use satellite internet, which I'm guessing
W. Curtis Preston:was not as good back then as it is now.
W. Curtis Preston:But what he was saying was be concerned about nation state hacking and With
W. Curtis Preston:the advent of things like Starlink, you could be dealing with a nation state
W. Curtis Preston:that doesn't look like a nation state.
Prasanna Malaiyandi:yep.
Prasanna Malaiyandi:The lines get blurred right between.
W. Curtis Preston:So it's
W. Curtis Preston:not E it's not as easy as like, well, I'm just gonna, like, I don't do
W. Curtis Preston:any business with anybody in Russia.
W. Curtis Preston:I'm just gonna block off all access from Russia.
W. Curtis Preston:Right.
W. Curtis Preston:Um, you know, I dunno if I ever told you, but I, the backup central got hacked once.
Prasanna Malaiyandi:Oh
W. Curtis Preston:Did I tell you that it was a just years ago, but
W. Curtis Preston:it was a SQL injection attack.
W. Curtis Preston:And for, for a relatively short period of time, I was flying some country's flag
W. Curtis Preston:on the, on the front page of my website.
W. Curtis Preston:And also, uh, I was, there was some stuff in my metadata that was.
W. Curtis Preston:Bad stuff.
W. Curtis Preston:I don't remember what it was, but it, they had inserted stuff in my
W. Curtis Preston:metadata, which didn't need to be there.
W. Curtis Preston:Um, and that was the, that was the biggest evidence that, that that's actually how
W. Curtis Preston:I, something, something clued me in.
W. Curtis Preston:But, um, yeah, it was SQL injection attack recovered via backups.
W. Curtis Preston:Of course.
Prasanna Malaiyandi:Nice.
W. Curtis Preston:Um, good news is backup central.
W. Curtis Preston:Doesn't have like A huge.
W. Curtis Preston:Change rate
Prasanna Malaiyandi:yeah.
W. Curtis Preston:it's like once a week I put in a new episode.
W. Curtis Preston:So,
W. Curtis Preston:um,
Prasanna Malaiyandi:And since you were talking about backups, since
Prasanna Malaiyandi:we're talking about Ukraine, I can't remember where I was reading this
Prasanna Malaiyandi:article, but they were mentioning, they were talking about Ukraine and
Prasanna Malaiyandi:how they got hit with these attacks.
Prasanna Malaiyandi:Like, and they were talking about how because they've been so like the it
Prasanna Malaiyandi:industry there has gotten so used to dealing with disruptive operations,
Prasanna Malaiyandi:they're actually really, really good at restoring their environments.
Prasanna Malaiyandi:Because they're kind of doing it all the time.
Prasanna Malaiyandi:Like when not Petya hit.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:And other things like that, they're able to like quickly get up and running
Prasanna Malaiyandi:in like hours rather than like weeks that most other companies take, because
Prasanna Malaiyandi:they're like, oh yeah, we just drill.
Prasanna Malaiyandi:We practice, we practice, we practice.
Prasanna Malaiyandi:and so they have it down.
W. Curtis Preston:and I think the same is true of me.
W. Curtis Preston:It's like the reason why I got so good at backup is because it, you
W. Curtis Preston:know, partly because I had a job and that was all I did was backups.
W. Curtis Preston:But then I left that job to become a quote, real sysadmin.
W. Curtis Preston:And they put me at the headquarters of Amoco and they had the,
W. Curtis Preston:the, the actual headquarters part, which is where I was at.
W. Curtis Preston:They.
W. Curtis Preston:They had an it department that was kind of had been ignored.
W. Curtis Preston:And so I was, I was in there doing the, the person that was running
W. Curtis Preston:the it department, uh, just, wasn't a very strong CIS admin.
W. Curtis Preston:And, uh, and so they brought us in to, to assist and, and so we started
W. Curtis Preston:doing things like crazy things, like loading the most recent, uh,
W. Curtis Preston:patches and rebooting the servers once in a while and things like that.
W. Curtis Preston:But.
W. Curtis Preston:But they were dying left and right.
W. Curtis Preston:and so, so I just got really good at not only like just doing backups and restores,
W. Curtis Preston:but doing bare metal backups and restores,
Prasanna Malaiyandi:and doing quickly and pain free.
W. Curtis Preston:yeah,
W. Curtis Preston:exactly.
W. Curtis Preston:And, uh, you can hear all about that in the episode.
W. Curtis Preston:Uh, how I, what is something about how I got the nickname crash?
W. Curtis Preston:I think
Prasanna Malaiyandi:Uh, sure.
W. Curtis Preston:there's a, we have an episode we talked.
W. Curtis Preston:How I used to be called crash,
W. Curtis Preston:Well, anyway, it's up there somewhere.
W. Curtis Preston:One of those episodes, we'll find it, see if I can figure it out.
W. Curtis Preston:But, um, yeah, that's how I got the nickname crash, cuz I was
W. Curtis Preston:like, I was rebooting servers and they weren't coming back up and
W. Curtis Preston:then, so I got really good at it.
W. Curtis Preston:So that's interesting.
W. Curtis Preston:So
Prasanna Malaiyandi:the last one, your favorite
W. Curtis Preston:and the last one we need, we need a drum roll sound.
W. Curtis Preston:You boo.
W. Curtis Preston:The fifth one is attacks against system backup
Prasanna Malaiyandi:
:No one ever does that.
W. Curtis Preston:Right.
W. Curtis Preston:And you know, this has become huge, you know, and they're saying here that backups
W. Curtis Preston:were the last line of defense, but they're also becoming the first line of attack.
W. Curtis Preston:And, you know, they're saying that the back the software used to create
W. Curtis Preston:the backups have flaws and the backup software vendors have had
W. Curtis Preston:to address these vulnerabilities.
W. Curtis Preston:And, and I would say it's, it's.
W. Curtis Preston:It it's less of a flaw generally in the backup software itself, but more
W. Curtis Preston:in the overall infrastructure, right?
W. Curtis Preston:Yes.
W. Curtis Preston:There's also, I'd say that historically backup software was not written
W. Curtis Preston:with information security in mind.
W. Curtis Preston:Back in the day, you had to be root to run your backups.
W. Curtis Preston:You had to be root everywhere.
W. Curtis Preston:So I used to joke a lot about the back.
W. Curtis Preston:You know, backup admin is like trust your backup admin because they can delete
W. Curtis Preston:everything, including your backups.
W. Curtis Preston:So that's no longer the case.
W. Curtis Preston:And, and I will say this, if you're I say it all the time, if your backup
W. Curtis Preston:software still requires you to have root on servers that you're backing
W. Curtis Preston:up and or root on the backup server.
W. Curtis Preston:In order to just run the backups, then you need to run.
W. Curtis Preston:Don't walk from that backup software product.
W. Curtis Preston:The, you should be able to put a junior person in charge of the backups,
W. Curtis Preston:which you shouldn't do, but I'm just saying you should be able to do that.
W. Curtis Preston:Put someone who does not have sysadmin privileges in charge of the backups and,
W. Curtis Preston:and they should be able to do everything that they need to do without needing
Prasanna Malaiyandi:Operate root.
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:I'm just trying
W. Curtis Preston:Because you wanna limit the blast radius, right.
W. Curtis Preston:And the backup user itself is powerful enough, but the, you know, just limit
W. Curtis Preston:the blast radius wherever you can.
W. Curtis Preston:But the, but the biggest thing I think, um, is, as I said earlier,
W. Curtis Preston:is we talk about it a lot is . How people are storing their backups.
Prasanna Malaiyandi:So because all this data, right?
Prasanna Malaiyandi:There's a lot of data.
Prasanna Malaiyandi:There are a lot of systems you're backing up, right?
Prasanna Malaiyandi:Typically you end up writing to something, some other storage
Prasanna Malaiyandi:device for your backups.
Prasanna Malaiyandi:And a lot of people just dump it out over a standard protocol,
Prasanna Malaiyandi:like NFS or SMB . Right.
Prasanna Malaiyandi:great because now I can just bring in any storage array.
Prasanna Malaiyandi:I just plug it in.
Prasanna Malaiyandi:I now start backing up to it.
Prasanna Malaiyandi:Easy peasy.
Prasanna Malaiyandi:The downside is it's an open protocol, right?
Prasanna Malaiyandi:It's an open endpoint that anyone else can also access.
Prasanna Malaiyandi:So
W. Curtis Preston:Emphasis on open
Prasanna Malaiyandi:yeah, it is open.
Prasanna Malaiyandi:Um, and so anyone can access it, which means if ransom, if a attacker.
Prasanna Malaiyandi:exploits, it's not even your backup server, but even any other server in
Prasanna Malaiyandi:the environment, they could potentially gain access to that Mount and start
Prasanna Malaiyandi:accessing, deleting, exfiltrating, which is probably even a bigger issue, right.
Prasanna Malaiyandi:Your data.
Prasanna Malaiyandi:And you could be in trouble.
W. Curtis Preston:Yeah.
W. Curtis Preston:And I would say, I would add to that just like the default installation
W. Curtis Preston:of a lot of disk space backup products is, is not an NFS target.
W. Curtis Preston:It's just a regular disc target race, just a, you know, SQL back slash backups.
W. Curtis Preston:Um, that's not good either, especially if it's a windows box, you know?
W. Curtis Preston:Yes.
W. Curtis Preston:I prefer Unix and Linux and yes, I think they're more secure.
W. Curtis Preston:They're not perfect, but it is a stating a fact saying that windows is
W. Curtis Preston:the number one target for ransomware.
W. Curtis Preston:It's not the only one, but it's definitely the number one.
W. Curtis Preston:And so for your backups to be sitting on a Windows server, And, and then
W. Curtis Preston:the backups are inside that server
W. Curtis Preston:you know, so
Prasanna Malaiyandi:
:That's probably not a good
W. Curtis Preston:attacked, you can, you can do that.
W. Curtis Preston:There are ways to address all of these concerns
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:Which we talked about in numerous.
W. Curtis Preston:yeah,
W. Curtis Preston:we have.
W. Curtis Preston:Yeah.
W. Curtis Preston:So, but, but I just do, I do find it interesting cuz we talk about
W. Curtis Preston:it a lot and sometimes I, I feel like I live in the, you know,
Prasanna Malaiyandi:Can I bubble
W. Curtis Preston:of, of a backup company and I'm like, yes, but it's nice to see.
W. Curtis Preston:vindication of the RSA conference saying that one of the top
W. Curtis Preston:five data risks right now
W. Curtis Preston:Is the, you know, the loss of your
Prasanna Malaiyandi:
:attacks on your backups
W. Curtis Preston:you're doing them.
W. Curtis Preston:And, you know, and, and the, and I've said it before, but I'll say it again.
W. Curtis Preston:The reason this is the case, I'd say two things.
W. Curtis Preston:One is.
W. Curtis Preston:Hacking, you know, and, and, and all, and, and ransomware and
W. Curtis Preston:all that's creating an industry.
W. Curtis Preston:So there's resources and stuff that, that, that the bad folks
W. Curtis Preston:just didn't have back in the day.
W. Curtis Preston:But the other is the, in the backup industry's move from tape to disc as
W. Curtis Preston:their primary protection mechanism.
W. Curtis Preston:And so it makes it really easy to get access to it.
W. Curtis Preston:If you haven't done the right things, um, go.
Prasanna Malaiyandi:One of the articles on the SANs list of
Prasanna Malaiyandi:bad backups is from tech target.
Prasanna Malaiyandi:And there was a quote from the, one of the presenters, right?
Prasanna Malaiyandi:Backups are boring.
Prasanna Malaiyandi:Boring is good.
Prasanna Malaiyandi:Keep it boring.
W. Curtis Preston:Yeah, yeah.
W. Curtis Preston:Backups are boring.
W. Curtis Preston:That's why nobody wants to be the backup person, but you know, it is what it is.
W. Curtis Preston:And, you know, you know, I saw that quote and I was like, I
W. Curtis Preston:don't know how I feel about that.
W. Curtis Preston:And I don't mean that like, Like I'm being insulted
Prasanna Malaiyandi:Yeah, I think, I think instead of boring,
Prasanna Malaiyandi:I think it's what is it simple or
W. Curtis Preston:Yeah,
Prasanna Malaiyandi:easy or something like that,
W. Curtis Preston:Yeah.
W. Curtis Preston:The problem is the, and again,
W. Curtis Preston:to a hammer, everything looks like a nail, but, and I work for a.
W. Curtis Preston:Cloud backup vendor.
W. Curtis Preston:But to me, the only way to do backups today, easy is to use the
W. Curtis Preston:SaaS product that does backups.
W. Curtis Preston:Everything else is hard, right?
W. Curtis Preston:Buy a box, secure that box, buy some backup software, secure that backup
W. Curtis Preston:software, buy a backup target, secure that and all that stuff.
W. Curtis Preston:You know, just all of that.
W. Curtis Preston:That is not simple.
W. Curtis Preston:It used to be simple.
W. Curtis Preston:It is not simple anymore.
W. Curtis Preston:And you can't just hand the keys to the backup kingdom, to the, to the new person
W. Curtis Preston:and expect them to figure all that out.
W. Curtis Preston:Right.
W. Curtis Preston:They're
Prasanna Malaiyandi:Here you go.
Prasanna Malaiyandi:Good luck.
W. Curtis Preston:Good luck, please, please keep the keys to
W. Curtis Preston:our kingdom secure from all the bad, you know, hackers out there.
W. Curtis Preston:Uh, the only way to do that in my opinion is to use SaaS service and,
W. Curtis Preston:and, and, by the way, it, it, you know, let me rephrase what I'm saying
W. Curtis Preston:is the only way to do it simply.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:We've had the guys from Veeam on here.
W. Curtis Preston:Right.
W. Curtis Preston:I'm not anti Veeam and they've got answers to these concerns.
W. Curtis Preston:It's simple if you know what you're doing, but to me, um, and
W. Curtis Preston:I'm not saying it's, I don't know.
W. Curtis Preston:I, I'm not attacking these folks.
W. Curtis Preston:I'm just saying there's nothing simpler than just put in an agent and point.
W. Curtis Preston:Right.
W. Curtis Preston:You don't have any of the backend security
Prasanna Malaiyandi:Issue story
W. Curtis Preston:stuff to worry about, right?
W. Curtis Preston:Yeah.
W. Curtis Preston:Anyway.
W. Curtis Preston:All right, well, um, you know, I'm gonna go maybe have a beer and, uh, think
W. Curtis Preston:about my, all those people yelling at me over the over the, over the election.
Prasanna Malaiyandi:not just gonna start.
Prasanna Malaiyandi:Oh, about the election.
Prasanna Malaiyandi:Okay.
Prasanna Malaiyandi:Yeah, no, I thought you were going to be like, yeah, I'm gonna go call all those
Prasanna Malaiyandi:people who told me I was wrong in the past and you just have like a book somewhere
Prasanna Malaiyandi:and you're just going through it.
Prasanna Malaiyandi:Crossing out line by line,
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um,
Prasanna Malaiyandi:awkward silence.
Prasanna Malaiyandi:He didn't deny it.
Prasanna Malaiyandi:He might actually have a book.
W. Curtis Preston:I don't know.
W. Curtis Preston:Maybe I might have a book.
W. Curtis Preston:I'm just saying maybe I got it all up in here.
W. Curtis Preston:You know, maybe
Prasanna Malaiyandi:good with names.
Prasanna Malaiyandi:You're not good with names.
Prasanna Malaiyandi:I
W. Curtis Preston:Okay, dang it.
W. Curtis Preston:Dang it.
W. Curtis Preston:I am busted.
W. Curtis Preston:I suck at names like literally.
W. Curtis Preston:I mean people that I know and talk to all the time, it, it hasn't
W. Curtis Preston:happened to me with you yet, but I've had people that I've known for
W. Curtis Preston:years and then I'll be talking to 'em and I'll be in the middle of a
W. Curtis Preston:conversation with him and I'll realize, I can't remember this person's name.
Prasanna Malaiyandi:This happened to me the other day, I was on a video
Prasanna Malaiyandi:call and I was talking to the person.
Prasanna Malaiyandi:And for some reason, my mind just went blank.
Prasanna Malaiyandi:And luckily though they had the name of the person at the bottom of the screen.
Prasanna Malaiyandi:I was like, oh, thank God.
Prasanna Malaiyandi:It's like someone I interacted with so much.
Prasanna Malaiyandi:Like I was like, I should know this.
W. Curtis Preston:Yeah.
W. Curtis Preston:And I met a, I met a new person, one of the folks that worked with me at the
W. Curtis Preston:election and, uh, his name is, is Allen.
W. Curtis Preston:I had to think about it for a minute.
W. Curtis Preston:And the reason I had to think about it was because somebody else started
W. Curtis Preston:calling him, Larry, his name's not Larry.
W. Curtis Preston:They, they reminded him of Larry.
W. Curtis Preston:And so they started calling him Larry, and then halfway through the election.
W. Curtis Preston:He just turns his badge over and he puts his, puts his name as
W. Curtis Preston:Larry I'm like, okay, for a guy like me, that is not helpful.
W. Curtis Preston:Like, I
Prasanna Malaiyandi:You're like it's already hard enough keeping track
W. Curtis Preston:it's already hard enough.
W. Curtis Preston:And then he added another he's like, well, my dad always called
W. Curtis Preston:me Bob or something like that.
W. Curtis Preston:I was like, grrrr, like stop.
Prasanna Malaiyandi:That's why like,
W. Curtis Preston:Yeah.
W. Curtis Preston:Anyway.
W. Curtis Preston:All right.
W. Curtis Preston:Well, thanks
W. Curtis Preston:for discussing the, the RSA conference with me
Prasanna Malaiyandi:how's it going?
Prasanna Malaiyandi:Anytime, Curtis, and go enjoy your beer.
W. Curtis Preston:I will definitely do that.
W. Curtis Preston:And remember folks out there.
W. Curtis Preston:Thanks for listening.
W. Curtis Preston:And remember to subscribe so that you can restore it all.