{"href":"http://player.captivate.fm/services/oembed?url=http%3A%2F%2Fplayer.captivate.fm%2Fepisode%2F4df38a72-1322-44b4-8c08-8e62de183c7d","version":"1.0","provider_name":"Captivate.FM","provider_url":"https://www.captivate.fm","width":600,"height":200,"type":"rich","html":"<iframe style=\"width: 100%; height: 200px;\" title=\"Donut breach: Lessons from pen-tester Mike Miller\" frameborder=\"0\" scrolling=\"no\" allow=\"clipboard-write\" seamless src=\"http://player.captivate.fm/episode/4df38a72-1322-44b4-8c08-8e62de183c7d\"></iframe>","title":"Donut breach: Lessons from pen-tester Mike Miller","description":"When Mike Miller was hired by a client to run a penetration test on one of their offices, he knew exactly where to start: Krispy Kreme. Equipped with five dozen donuts (the boxes stacked just high enough to partially obscure his face, Miller said), Miller walked briskly into a side-door of his client's offices, tailing another employee and asking them to hold the door open. Once inside, he cheerfully asked where the break room was located, dropped off the donuts, and made small talk.\nThen he went to work.\nBy\u00a0hard-wiring\u00a0his laptop into the company's Internet, Miller's machine\u00a0received an IP address and, immediately after, he got online. Once connected, Miller ran a few scanners that helped him take a rough inventory of the company's online devices. He could see the systems, ports, and services running on the network, and gained visibility into the servers, the work stations, even the printers. Miller also ran a vulnerability scanner to see what vulnerabilities the network contained, and, after a little probing, he learned of an easy way to access the physical printers, even peering into print histories.\u00a0\nMiller's work as a penetration tester means he is routinely hired\u00a0by clients to do this exact type of work\u2014to test the security of their\u00a0own systems, from their physical offices to their online networks. And while his covert work doesn't always go like this, he said that it isn't uncommon for companies to allow basic flaws. Even when he shared his story on LinkedIn, several people doubted his story.\u00a0\n\"It\u2019s crazy because so many people say \u2018Well, there\u2019s no way you could\u2019ve just plugged in.\u2019 Well, you\u2019re right, I should not have been able to do that,\u201d Miller said.\nToday, on Lock and Code with host David Ruiz, we speak with Miller about common problems he's seen in his work as a pen-tester, how companies can empower their employees to provide better security, and what the relationship is between physical security and cybersecurity.\u00a0\nShow notes and credits:\nIntro Music: \u201cSpellbound\u201d by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/Outro Music: \u201cGood God\u201d by Wowa (unminus.com)","thumbnail_width":300,"thumbnail_height":300,"thumbnail_url":"https://artwork.captivate.fm/e955227d-271f-470e-8a10-0f4ab313afae/lock-and-code-logo-2021-ar2rs.jpg"}