Safety, Security, and Late Night Ramblings

February 20, 2024 00:21:38
Safety, Security, and Late Night Ramblings
WPMotivate
Safety, Security, and Late Night Ramblings

Feb 20 2024 | 00:21:38

/

Show Notes

Last week one of the biggest WordPress product vulnerabilities was discovered, but by the time word got out, thousands of sites had been compromised. Kathy is a security specialist and talks a bit about what that meant to many sites around the world, which led to a discussion about personal security, online security, and how a late night visitor trying to access Michelle's house (mistakenly) can lead to better safety decisions. Oh, and we laughed a lot!

View Full Transcript

Episode Transcript

[00:00:01] Speaker A: Start your week smiling with your friends Kathy Zant and Michelle Frichat. It's time to get ready for some weekly motivation with WP motivate. Happy Thursday night, Kathy. [00:00:15] Speaker B: It's Thursday night. It was so cool because I was just like, all right, I'm going to chill out and I'm just going to lie on the sofa because I just did a meetup and stuff. And I was just like, oh, I got to send Michelle this Insta reel. It was Insta real time. [00:00:29] Speaker A: It was like, let's talk, let's record. [00:00:31] Speaker B: And I'm like, okay, I got enough makeup on. Let's just do it. So it's Thursday night. It's like almost my bedtime, but I'm here. [00:00:41] Speaker A: It's like almost 1030 a night here. I don't go to bed till like midnight or 01:00 things like that. I'm a night owl. So I was like, let's just do it now. [00:00:49] Speaker B: Why not? [00:00:50] Speaker A: Yeah, why not? Well, you and I were talking a little bit before we hit the record button. I mean, we can't share everything we talk about because it's not all for other people's consumption. Some of it's just because you and I have things that we talk about. But yes, we started talking about the security issues that are happening right now. With bricks. Oh, my God. Yeah. [00:01:12] Speaker B: And quickly, too. It's not just bricks, it's quickly. And, oh, my gosh, I've lived through a lot of, like, oh, my gosh. A lot of times they happen in February. Like, one of the first, like, oh, my gosh, I am dealing. It was the WordPress four seven rest API vulnerability, where all people had to do is basically type something into the browser and they could just rewrite a page. And so I was hacksych at that time, and it was in February. It was this time of year, so this is like February. Must have the vibe of, hey, hackers, let's get busy. [00:01:49] Speaker A: It's cursed. [00:01:50] Speaker B: Oh, my gosh, what a day vulnerability. So it's an unauthenticated remote code execution vulnerability, which means you can basically just send a command to a website. You don't have to be logged in nothing. You just send a command and remote code execution. Just like, hey, website get hacked. And it's hacked like that. [00:02:13] Speaker A: And that's not terrifying at all. [00:02:15] Speaker B: Not terrifying at all. And so my friend who's also into security, actually, my friend who found the vulnerability in Brooks is like, oh, you should go check out what's happening in the Brooks community. So I went in there and I'm like, oh my. Like, I'm sitting there like the dog with the hat on, but the fire is everywhere. [00:02:37] Speaker A: This is fine. Everything's fine. It's Bedlon. [00:02:44] Speaker B: And then I'm reading some posts, like, just security is hard. Like, if you're not in security and you haven't seen this kind of stuff year after year, month after month, February after February, it's like, oh, my gosh, what's going on? And so everybody's just like flipping out. So I was trying to be like a voice of reason. And then in one case I was like, y'all better be not telling people to do some of this stuff. Like, oh, here's how you fix it. You just delete WP admin and then you just delete WP includes and make. [00:03:16] Speaker A: Sure you do this. [00:03:18] Speaker B: Don't tell people to do this. Going to mess up their sites like charm. Like there's a. Anyway, it has been a crazy week. [00:03:36] Speaker A: Well, I've never used bricks. I just haven't. Right? But I have a client, a personal client, who is now going to have somebody else redesign their website and do a whole marketing campaign. And they were a little nervous about telling me because I built the site like ten years ago, and I get on the phone with them today, I'm like, it's really okay. I said, this is not what I do as my primary. I didn't want to say you've been a burden the last three years, that kind of thing. But when I set up this site, maybe it was not ten years ago. It's probably more like eight years, though, when I set up this site, I had listened to somebody at that point in time, which of course, we don't do a lot now, but say you should redirect your WP admin, hide your login page, and there's this plugin that'll do that for you, right? So he says to me, could you back up the site so that after a year, if it's not working, we can go back to the site that you built? I said, absolutely. Do you think I could remember what this page was that I log in? And I literally just did an update for him, like in October. But because I had to think of it right then because they needed me to do stuff and give him a log into the site, I'm like, I built the site so secure, even I couldn't get into it. I had to log into the hosting, change the name of the plugin so that I could actually log into the site. At least I knew how to do that. And it wasn't like, sorry, I can't help you. But, yeah, I felt really stupid. Nobody else knew. And now I'm telling the entire, well, I don't know how much of the WordPress community is listening this far into our podcast, but potentially everybody now knows that I made that really funny blunder. [00:05:25] Speaker B: Yeah. [00:05:26] Speaker A: But it made me think about our personal security too, right? So I'm not even just talking web security, but personal security. And I think most people know. I live alone. I'm divorced. This is me working at home, living at home by myself. And so I have security measures on my home. I have a ring doorbell. I have a front door that I can lock remotely. I can tell if anybody's come and gone with a keypad because it logs every entrance, right? So I can see who's coming. Like when the cleaning people have come, if my neighbor grabs packages and brings them in, I can see all that's happened. And I got this message popped up. I'm laying in bed last night and just scrolling TikTok as one does. Yeah, or reels in your case, whatever. And I get this pop up from Scythely, which is the door lock that I have on my front door. And at 11:00 at night, getting a pop up from your front door is terrifying because I'm like, who's trying to get in my house, right? And so I go to open it, literally, my heart's starting to race faster. And it's like, oh, you might want to consider upgrading to XYZ. And I was like, f you, scythe Lee. Like, this is not an alert. This is an email or an in app notification, not a, let's put this broadcast the front part of her phone. I was like, oh, it scared me. But it also reminded me of an episode that happened. Gosh, I think it was October. It was September, October. So I lock my windows at night, even if I do have them open during the day, because I live on the first floor and I don't want people coming in through my windows. But I think it was already had started to get cold. And I'm laying in my bed at night because this happened at 1130 at night. I get a notification from my ring doorbell, which happens a lot because my door, my neighbor's door, because I'm in a condo, are like, literally side by side, right? So like an l shape, I can see their door from my ring doorbell. But 1130 at night is an unusual time to get a notification for that. So as it pops up on my phone. I click it, and I'm watching two people try to get in my house, in my front door. And I was like, holy shit, right? So I'm like, do I talk to them through my doorbell? Do I kind of watch and see what happens? The whole thing's recording. So at least if they breach my door, at least I've got something to show the police. And I watch the guy jump up because I have, like, at the very top of my door is a window. Like just little, two little windows. I can hardly reach them standing because they're that high up on the door. This guy jumps up to look in my house and my lights were still on because I hadn't turned them off. They are all on Amazon Echo. So I turned them off from my phone or whatever, from my room. And so he could literally hear my cats meowing. I could hear them talking. And he's like, I can't get in. He says to this other person, it's locked. And she's like, we'll try again. And he's like trying to my door handle. And she takes a few steps back and she looks up and down the road and she says, and he says, do you think we're in the wrong house? She goes, no, this is the right house. And she takes a step back and looks, she goes, oh, wait a minute. I think it's this other house down the road. And so he goes to leave and he back, he looks at my ring doorbell and he goes, sorry, we had the wrong house. I was like, do I down on one? What's going on? These people are trying to break into my home. But yeah, that's then that I have. Whoever thought in a million years that ten years ago, 20 years ago, never would have thought that we'd have the Richie rich televisions on our phones and be able to talk to each other face to face like we're doing right now between New York and Texas. It's like camera phones were only things in fiction. It wasn't something that we really had and that your doorbell could show you who's literally standing at your door and that you could talk to the person right through your doorbell. These are things that were so Sci-Fi when we were growing up. And I'm just really grateful that we have these things that we can put in places to feel more secure. Now, could somebody break into my house if they really wanted to? Yeah, of course they could. It's just a house, right? It's like, I'm not in Fort Knox, there is. I'm not a gated community. I just live in a little town, and it's a condo, and there's people upstairs, there's people next door. But if somebody really wanted to breach, I think obviously they're going to be able to do that. But thank goodness you at least have measures in place when somebody. If I hadn't had that door locked, they literally would have walked right into my home. [00:10:17] Speaker B: Wow. That's always scary. [00:10:19] Speaker A: It is scary, for sure. But we put these kinds of things into place to be safe, and we have to protect our websites much the same way. Now, I don't have to update the firmware on my lock very often. [00:10:30] Speaker B: Right? [00:10:30] Speaker A: That doesn't happen. But your website is a different story, and you are the security person more than I am. So you could speak to that more closely than I can. [00:10:39] Speaker B: I get into it. I'm a little excited about stuff like this whenever there's, like, a big event like this. Well, I find hacking very interesting because it's like breaking outside. [00:10:49] Speaker A: Because you're a nerd. [00:10:51] Speaker B: I am a geek. I'm a nerd. I loved Defcon. Went to two different Defcons, and I love it. Enjoyed both of them. They were so much fun. Brought my kids to Defcon. Had just a blast. Yeah. So security, physical security. I don't worry. My husband used to worry about all that stuff. We got a security system on the house, cameras and all of that fun stuff. But it's like, it was never something that I was super worried about. I had a husband, he was armed. Right now I'm armed, but I don't know what to do with any of this stuff. It's like there's a box of bullets, throw them at someone. I don't know how to work any of this stuff. I've got a neighbor who's like, let me come over. [00:11:37] Speaker A: I'll show you. [00:11:37] Speaker B: I'm just like, yeah, they're going in the hiding secret spot, and I don't know what to do with all that stuff, but I never worry about that kind of stuff. [00:11:47] Speaker A: How hard do I have to throw a bullet for it to actually do damage? [00:11:51] Speaker B: Well, a box of bullets is really heavy. [00:11:54] Speaker A: That's true. You could give somebody a concussion. I mean, you're not going to pierce the skin, but you could definitely concuss them. Yeah. [00:12:03] Speaker B: I'm not equipped for that kind of stuff. Me either. Away all my secrets. I shouldn't be talking about this publicly. [00:12:12] Speaker A: Well, I put cameras in my home. I got them for Christmas. But here's the funny part. The cameras in my home are not security cameras there, so I can watch my cats when I'm not here. I have one in the living room. And sometimes I'll be in my room at night, and I'll just check that, and I'll see that one of the cats is laying on the back of the couch. And I can talk to her through the camera, and I'll be like, stella. And she looks up like, who is that? And then I'll move the camera, and she's, like, watching it, and then she gets bored. But I feel like, God, for just a minute there. [00:12:44] Speaker B: Yeah. I have one on the husband for, like, if I have to run a quick. So, like, I can just, like, if I'm in, know, checking out somewhere, I can check on him. Well, he woke up, and so I'll say, I'm at so and so store. I'll be home in just a little bit. Just hang tight. You're safe. I'll say that to him. Then I'll come home and he's like, you talked to me through the tv. I did. Because the camera is right next to the tv. [00:13:16] Speaker A: He thinks it's the tv? [00:13:17] Speaker B: Yeah. Like, have some kind of godlike powers. I've taken over the television. [00:13:24] Speaker A: I'm everywhere. [00:13:29] Speaker B: He thinks it's magical. [00:13:32] Speaker A: I was watching a TikTok the other day. I love the ones that are put on by the doorbell people, whether it's ring or another one, people will submit their cameras. And there was one where a little girl comes up on the porch, and I think it was the dad saw it at the alert. And so she's with the mom, like, they're coming up on the porch, and he know. I don't know. Her name is like, hey, Sarah, how's it going today? And she looks like this. She looks back and forth, she looks at her mom. She goes, is that God? She's like, no, it's daddy. That was cute, too. Funny. [00:14:12] Speaker B: It's so crazy. How many more? Like, when I was a kid, we didn't have any of this. Kind of like, now security is everywhere. [00:14:26] Speaker A: When you were growing up, were you the remote control? Kathy, go change the channel. [00:14:32] Speaker B: Oh, my. The first of all, the remote control was called the channel, right? [00:14:40] Speaker A: That's right. [00:14:43] Speaker B: And our tv was this my dad wanted or something. It was this giant zenith, the size of like a small car, right? [00:14:52] Speaker A: Rear projection, huge. [00:14:54] Speaker B: And it had a telephone in the tv. [00:14:57] Speaker A: Oh, my. [00:14:58] Speaker B: Let's call people on the tv. And so we'd call people and they're like, you sound like crap. You sound like you're underwater. It was like the worst. [00:15:08] Speaker A: It's my tv phone, but yeah, the tv phone. [00:15:12] Speaker B: And then the tv, if I sneezed, it would change the channel. I don't know what it was about my sneezing. That's funny pitch of it, for some reason would change the channel. So then people would yell at me to stop sneezing. Now I feel like I have to sneeze. [00:15:31] Speaker A: I remember we had the aerial antenna on top of the house, and there was this brown box on top of the tv with a dial, and you would turn it to try to reposition the antenna, and you'd hear it go. And then you were trying to get the better picture. And then, of course, then it was like every tv had the antenna built into the back. And you'd put. There are times when we were trying to watch something, mom would be like, go stand there and hold the antenna because it would get better reception of a person. [00:16:00] Speaker B: Oh, my God. [00:16:01] Speaker A: Holding it. Yeah. And then you would put the aluminum foil on it to try to get better reception. All before. And now it's like we stream things. It's coming in. Then it was cable where you literally had cables coming in. And then now it's just like your wifi. So funny. In our lifetime, so much has been. Yeah. [00:16:19] Speaker B: When that was very little, we only had like three stations. Like three television stations. And you waited for the show. [00:16:32] Speaker A: This was my favorite thing is, on Sunday night, tv was crappy. And so it was either the Lawrence Welk show or mutual of Omaha's Wild Kingdom watching. [00:16:50] Speaker B: Yeah. [00:16:50] Speaker A: The lovely Boyland sisters from the Finger lake. Yes. [00:16:59] Speaker B: Yeah. [00:16:59] Speaker A: Oh, my gosh. People that are listening to this now are like, oh, my God, these women are ancient. [00:17:04] Speaker B: These old ladies talking about their old tv that came through the airwaves. [00:17:13] Speaker A: Yeah. [00:17:14] Speaker B: Well, you know what? I wouldn't change it any other way because I really appreciate what we have because I don't have to live through that. I had the fun of discovering MTV and when it was actually music television and just loving all of that early 80s music, those were the good old days, and I'm glad I got to live through that and I'm glad I'm living now. [00:17:40] Speaker A: And none of it's on Facebook. We don't have to worry about covering any social media history from our teenage years. [00:17:48] Speaker B: Thank God. Yeah. [00:17:49] Speaker A: There's a benefit of being Gen X. Yeah. [00:17:52] Speaker B: Now it's just Gen X memes. I just saw one on Facebook yesterday. It was like, adamant, like, this picture of Adamant. [00:18:00] Speaker A: Did you ever like Adamant? [00:18:03] Speaker B: We waited in line outside the place, the music place, the metro center. It was what they called it. We waited overnight for adamant tickets. I look back at that, I'm like, boy. Well, I mean, we had fun because it was like every teenager in our town was like waiting wait for adamant tickets. And then I ended up in the fifth row or something like that. And he had a soapy leg warmer and he threw it in the audience and it hit us in the face. At the time we thought it was great, but now I look back and I'm just like, that's so gross. [00:18:42] Speaker A: Yeah. [00:18:46] Speaker B: Leg warmer. I got hit with a wet leg warmer from animat. [00:18:51] Speaker A: I had so many pairs of leg warmers in the 80s. Like I wore them under prairie skirts. Do you remember leg warmers with prairie skirts? That was me. I looked like I should have been on little house in the prairie but. [00:19:06] Speaker B: With leg warmers, of course. Probably the poopy hair too. [00:19:11] Speaker A: Oh, gosh. Yeah. Like if your hair was big, if your hair wasn't big, like you were sick or, I don't know, poor. But like an aquanet, it was like the cheapest hairspray ever. Definitely. [00:19:26] Speaker B: Oh my gosh. Just. [00:19:27] Speaker A: Those are the days. Hey, they were. Those are the days. They really were. That's the title of this episode. Those are the days. [00:19:35] Speaker B: Oh my. [00:19:37] Speaker A: With I'm not going to be Archie. [00:19:39] Speaker B: I'd be in Texas, but I'm not Archie. [00:19:42] Speaker A: Thank goodness. Thank goodness. We have gone so straight so far from our topic today. But I went to a wedding about, I don't know, 1520 years ago. And so I'm sitting in this church with my then husband and this woman comes out, the canter comes out and she's going to sing. I don't even remember what song it was. Some church song or whatever. And we're all just sitting there and this woman, it's before the ceremony and she's starting to sing this song. Me, my husband at the time and some friends that I knew that were sitting in the seat behind us. We are all trying so hard not to laugh and giggle because this woman just sounded so much like Edith Bunker. Really? [00:20:28] Speaker B: Oh, my gosh. [00:20:30] Speaker A: For a wedding. And I was like, literally had my hand over my mouth so that I would not laugh out loud. So fun. Well, we have really meandered. We are so far off the beaten path. But I have enjoyed this episode immensely. [00:20:46] Speaker B: And security. It's late at night. We're a little punchy. [00:20:51] Speaker A: I think there's a connection there somewhere. We got there somehow. It's all good anyway. Well, if you've listened, I hope that you have some fun memories, too, and that if not, you have lived vicariously through two women laughing at 1044 at night on a Thursday about WordPress technology and everything that made our youth what it was. Anyway, I have to stop now because my face hurts from laughing. So we'll see you all next week. Bye. This has been WP motivate with Kathy Zant and Michelle Freshette. To learn more or to sponsor us, go to wpmotivate.com.
Previous Episode
Next Episode

Other Episodes

Episode 0

June 03, 2023 00:24:01
Episode Cover

Open Source is Freedom

Kathy and Michelle have a sneaking suspicion that eventually, we all end up going for freedom... and that freedom starts with WordPress.

Listen

Episode 0

December 18, 2023 00:21:38
Episode Cover

Being Uniquely You

There are some family holiday traditions that are 100% unique. They may start out as cultural traditions and then evolve into things passed down...

Listen

Episode 0

April 03, 2023 00:21:02
Episode Cover

Coming into WordPress: I Found My People

In this episode we talk about the importance of community and welcoming everyone as a part of the WordPress mission of giving everyone a...

Listen