►
From YouTube: Between Two Ferns - GitLab Cyber Awareness Month 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
B
C
Hello,
everybody
I'm
Eric,
Rubin
I'm,
the
senior
manager
of
I.T
security
operations
here
at
kitlab.
D
Hi
Rob
Ray
it
operations
director
here
again
love
just
over
a
year
now
Wicked
lab
I
was
thinking
of
wearing
my
stormtrooper
helmet,
but
I
couldn't
get
a
working
with
my
headset.
A
All
right
well,
thank
you
both
for
being
on
the
call
today.
I
really
appreciate
it,
so
today's
topics
are
going
to
be
patching
mobile
device,
security,
personal
security
awareness,
a
bunch
of
topics
that
we
think
are
really
important
for
for
everybody
to
learn
and
and
understand
more
more
about
so
we're
going
to
dive
into
some
of
the
questions,
and
hopefully
we'll
be
entertaining
conversation.
So,
let's
start
off
with
patching
so
Rob
and
Eric.
How
do
you
know
when
to
patch
your
your
laptops,
your
phones,
any
of
your
devices?
D
Sure
yeah
I
can
take
that
for
your
corporate
laptop,
your
your
max
MacBook.
Certainly
it
will
generally
push
a
notification
to
your
laptop,
which
will
tell
you
when
a
patch
is
available
and
usually
we'll
time
down
that
as
well
and
say
hey
if
we
give
you
a
number
of
days
to
install
it
and
then
after
that
point
you
push
the
patch
to
your
system
if
it
hasn't
been
installed,
yeah,
okay,
so
that's
generally.
A
C
D
Happen
we
would
we
appreciate
everybody
that
takes
heat
of
it
and
and
does
it
quickly
it's
most
appreciated.
Yeah.
D
A
D
Like
you
could
certainly
take
advantage
of
the
fact
that
we
for
for
Apple
devices
that
we'll
we'll
notify
your
core
you
when
your
corporate
device
needs
to
be
patched,
that's
probably
good.
You
know
idea,
then,
to
go
and
Patch
your
your
personal
devices.
Eric.
Have
you
got
any
other
tips,
maybe
on
other
places
where
you
might
see.
C
Sure
yeah
what
I've
been
seeing,
especially
lately
with
apple-
and
this
may
not
always
all
true,
but
the
latest
rounds
of
Apple
patches
have
also
been
at
the
same
time
patches
for
iPhones
and
iPads.
So
that's
a
good
time
to
go
check
when
you
know
you
patch
your
work
device
go
check
those
devices
to
see
it
under
settings
General
to
see
if
there's
a
patch
available.
A
C
B
C
Yeah
maybe
like,
if
they,
the
Rings,
start
to
fall
off
because
you've
slid
them
up
and
down
so
much.
You
might
need
to
have
to
go
to
the
Pat,
the
physically
patch
it
with
like
a
piece
of
wood
or
something
you
could
create.
Like
a
for
your
Abacus
I.
D
A
All
right
so
switching
topics
here,
a
little
bit
talking
about
personal
phones.
How
do
you
protect
iPhones
and
Androids.
C
Yeah,
so
best
practices
obviously
is
to
set
a
passcode
the
longer
the
more
complex,
the
better
utilize,
the
biometric
things
offered
by
the
device
so
face.
Id,
Touch,
ID,
the
the
Android
equivalents,
those
have
been
tested
and
are
really
pretty
good.
You're
correct.
Don't
worry
your
fingerprint
and
your
face
print.
They
stay
local
on
the
device
they
don't
get
shipped
off
to
Apple
and
they're
just
used
to
unlock
the
secure
Enclave
to
gain
access
to
those
credentials.
C
So
those
are
good
techniques,
just
curiously
access
your
phone
and
access
other
sites
as
well,
and
we
would
advise
also
don't
root
your
Android,
don't
jailbreak
your
iPhone
I
believe
for
your
iPhones,
that's
becoming
less
and
less
popular
these
days
they
haven't
upgraded
the
jailbreak
stuff
in
a
while,
but
you
know
best
practices
just
stay
within
the
software
provided
by
either
Apple
or
Google.
A
Okay
and
what
is
I
guess,
what
is
the
best
practice
for
passcodes
right
like
easy
enough
to
remember
my
birth
date
should
I
be
putting
that,
as
my
passcode
should
I
be
putting
my
kids
birthdays
as
a
passcode.
My
debit
card
pin
number
what's
what's
the
best
practice
for
for
setting
and
creating
passcodes
on
your
phone.
C
The
longer
and
the
more
complex,
the
better
right,
especially
if
you're,
don't
wish
to
share
that
with
everybody
around
you,
family
and
friends.
Obviously,
it's
better
to
use
something
unique
and
special
for
you.
A
Do
they
still
have
those
on
Android,
where
you
can
like
move
your
finger
around
and
you
make
some
cool
designs
and
that's
how
you
unlock
your
phone?
Do
they
still
have?
That
is
that
is
that
better
than
a
passcode.
D
Yeah
since
I
used
an
Android
but
yeah
yeah,
let's
think
of
Android
as
well.
You
know,
particularly
when
you're
installing
software
remember
when
he
installs
from
software.
Your
Android
device
will
will
generally
tell
you
the
various
things
that
the
Android
the
application
wants
to
have
access
to,
which
can
be
quite
Illuminating,
so
be
very
careful.
I
think
when
something
is
asking
for
access
to
something
you
wouldn't
expect
it
to
do.
I
think
it
might
be
a
sign
that
maybe
you
don't
want
this
application.
D
Think
of
all
the
sort
of
smart
wallpaper
and
you
know
dubious
type
of
applications
that
are
available
on
Android
I.
Don't
feel
that's
as
big
a
problem
on
iPhone
I.
Don't
think
those
applications
tend
to
get
onto
the
to
the
App
Store.
So
much
but
I,
don't
know
what
your.
B
Experience
you
mentioned,
you
mentioned
dubious
applications.
D
Do
you
like
plants,
do
I
like
plants
I'm,
not
create
a
growing
plants,
but
yeah
plants
are
good
I,
don't
think
he
has.
B
D
D
C
I'm
running
for
the
Barren
deserts
of
Las,
Vegas
or
Nevada,
where
there's
the
plants
are
very
seem
very
fixed
to
the
ground.
So
as
long
as
I
can
avoid
them,
I
think
I'd
be.
Okay
is.
D
Yeah,
the
I
actually
think
of
Plants
versus
Zombies
game,
cool
yeah.
B
D
A
On
that
topic,
talking
about
app
stores
and
and
applications,
is
it
safe
to
download
apps
outside
of
the
standard
app
stores?
Is
that
something
that's
recommended?
Is
you
know
if
you
find
plant
machete
app
and-
and
you
think
it's
something
cool
that
you
want
to
install
and
it's
it's
from.
You
know
some
website
or
you
is
it
safe
to
download
and
install
from
that
website
or
Is
it?
Is
it
not
recommended.
C
Yeah,
so
that
would
not
be
recommended
if
you
get
it
from
an
application
outside
of
the
standard
app
stores,
Google
Play,
Store
you're,
missing
out
on
the
protection
that
those
providers
are
providing
to
make
sure
that
they're,
secure
and
validated
and
not
trying
to
steal
all
your
data.
Without
your
permission,.
D
There's
probably
reasons
they're
they're,
avoiding
that
scrutiny,
but
maybe
occasional
exceptions
where
they're
doing
it
for
the
best
reasons.
But
in
most
cases
they
probably
don't
have
your
best
interests
at
heart.
A
C
Yeah,
so
that's
when
someone
goes
to
your
provider
and
has
them
steal
your
phone
number
put
it
on
a
device
that
they
control.
They
often
want
to
do
that
because
they
want
to
use
your
phone
number
as
a
password
reset
tool
or
otherwise
gain
access
to
your
accounts.
Maybe
they
already
have
your
password,
but
you
have
SMS
two-factor
authentication.
So
then
they
when
they
go
to
get
into
that
account,
you
need
to
receive
a
one-time
code
on
your
phone.
C
This,
especially,
has
been
seen
a
lot
with
cryptocurrency.
So
for
those
Bitcoin
millionaires
out
there
I'd
be
very
concerned
about
a
Sim,
swap
account.
A
Okay,
so
I'm
a
big
crypto
guy,
you
know
I
got
my
Bitcoin,
my
my
ether
and
and
whatnot.
What
can
I
do
to
protect
against
someone
trying
to
steal
my
my
my
phone
number
and
and
Port
it
over
to
another
phone
or
something
like
that?
What
can
I
do.
C
A
C
C
C
Finally,
and
probably
the
best
sort
of
defense
against
this
type
of
attack
is
to
use
more
secure
type
of
two-factor,
so
use
an
app
app-based
authenticator
such
as
authy
or
Google
Authenticator,
which
has
a
rotating
code
or
even
better.
If
you
can
go
up
a
tier
to
like
push
or
web
authen
more
advanced
types
of
two-factor,
so
that
if
someone
was
to
steal
your
phone
number,
they
still
wouldn't
be
able
to
gain
access
to
these
accounts.
A
Okay:
okay,
great!
Thank
you
for
that.
I
appreciate
it.
What
do
what
do
I
do?
If
somebody
steals
my
social
security
number
right,
I
mean
that's!
That's
pretty
prevalent
now,
I
feel
like
a
lot
of
a
lot
of
a
lot
of
criminals
and
and
and
nefarious
individuals
are
going
after
people's
socials
they're
trying
to
steal
it.
They're
trying
to
you
know,
open
credit
cards
in
my
name
or
do
all
these
other
things.
What
what
do
I
do?
A
C
Yeah,
so
the
best
thing
you
can
do
is
you
can
freeze
your
credit
report
with
each
of
the
major
providers
that
does
make
a
plan
when
you
go
to
apply
for
a
new
credit
card,
it
makes
it
much
more
of
a
hassle
but
that'll
prevent
them
from
opening
new
accounts
in
your
name,
without
your
permission
prior
to
that
in
what
we
should
all
do
on
a
regular
basis
is
Monitor
our
in
the
lease
in
the
US
monitor
our
credit
using
websites
like
creditkarma.com.
C
That
will
give
you
I.
Let
you
pull
your
report
pretty
much
unlimited
times.
Each
of
the
bureaus
also
offer
one
free
credit
report
per
year,
so
you
can
kind
of
monitor,
even
if
you
don't
believe
your
social
security
number
hasn't
yet
been
taken
or
used
nefariously,
you
can
monitor
for
new
accounts,
for
example
Credit
Karma
when
I
my
personal
experiences
I
have
applied
for
a
credit
card
within
like
the
next
morning.
C
I
get
an
email
saying:
hey
was
this
you
applying
for
credit
card
here,
so
they
have
really
good
monitoring
real
time,
and
obviously
that
would
enable
you
to
take
quick
action
before
the
Thief
would
even
be
able
to
really
get
the
account
open
and
do
any
real
damage.
C
C
Probably
need
some
real
professional
help
with
that,
if
it
actually
happens,
we
should
look
to
see
if
gitlab
has
a
program
for
that
sort
of
thing.
We.
A
Should
I
should
check
if
there's
a
handbook
page
on
Stolen,
Social,
Security
numbers
I'll,
give
that
a
run
through
later?
What
do
I
do
if
I'm
traveling
am
I
supposed
to
hop
on
the
hotel,
Wi-Fi
and
and
do
some
work,
am
I
supposed
to
go,
sit
in
Starbucks
and
and
get
on
their
Wi-Fi?
What's
what's
what's
a
recommended
technique
for
security,
while
traveling.
C
Yeah,
so
you
know
we
understand
everyone
travels,
we
all
love
to
travel
and
go
everywhere
meet
me
especially,
but
you
should
definitely
pay
attention
to
the
network
that
you're
on
and
make
sure
that
you're
communicating
securely
with
your
service,
so
you're
using
your
work,
laptop
you're,
communicating,
for
example,
with
OCTA.
C
You
can
always
double
check
in
the
upper
left
corner
to
make
sure
of
the
URL
bar
make
sure
you're
using
https.
So
that
means
all
your
traffic
is
encrypted.
Thankfully,
that's
becoming
pretty
common
on
most
websites
on
the
internet,
but
if
you're
in
a
location
outside
of
your
house,
oftentimes
they'll
at
least
be
even
they
will,
they
won't
be
able
to
see
the
actual
traffic
they'll
be
able
to
see
the
different
websites
that
you
went
to,
because
DNS
itself
is
often
unencrypted.
C
That's
changing,
but
typically
right
now,
most
DNS
is
unencrypted,
so
how
gitlab
recommends
best
practice
to
use
a
VPN
while
traveling,
so
gitlab
will
reimburse
you
for
a
VPN
solution
and
the
easiest
way
to
get
one
is
the
fact
that
we
make
Nord
layer
available
to
all
of
our
employees
and
there's
a
handbook
page.
We
can
link
that
can
show
you
how
to
get
a
nordlayer
account.
It's
super
easy
app
to
use
installs
very
easily
on
your
Mac.
D
Only
thing
that
I
thought
is
any
sort
of
public
setting,
it's
appropriate,
probably
to
use
a
VPN
so
think
of
your
co-work
facility
or,
as
you
said,
if
you're
working
from
Starbucks
anywhere,
that's
potentially
a
public
setting
where
you're
on
a
shared
network.
B
Good
job,
so
my
mother
is
the
is
my
kids
call
her
Kai
Kai
found
out.
I
was
meeting
with
with
leadership
in
I.T,
which
is
scary,
right.
Guy
doesn't
understand
a
lot
of
the
nuances
of
the
new
technological
world
that
we
live
in,
and
she
had
five
questions
coming
at
y'all
really
fast,
fast,
five
to
wrap
this
up.
First.
B
A
Oh
I'm
answering
questions
too:
okay,
I'm
gonna
be
different,
I'm
gonna,
say
eight
I
think
I
think
we're
good.
You.
A
D
D
D
B
D
B
If
he's
a
computer
sign
me
out
all
right,
finally,
if
the
computers
revoked
human
access
to
the
internet,
do
you
think
you
could
rebuild
it?
Rob.
B
B
Like
where
you're
going
with
this
that's
interesting,
you.
D
Would
be
honest,
applications
I'd
be
out
of
a
job
Etc.
That's
not
going
to
be
very
positive,
but
you
know
yeah
well,
I
I'm
the
wrong
person
I
could
build.
Maybe
you
know
point
zero:
zero,
zero,
zero!
One
percent
off
I'd
be
relying
on
smarter
people
to
to
help
me
reconstruct.
C
B
D
Not
have
you
got
any
robots
in
your
house,
got
a
Roomba
just
my
children.
A
Right
well,
I
thought
this
was
a
really
productive.
Conversation
covered
a
wide
array
of
topics,
everything
from
questioning
our
own
reality
to
to
robots
to
patching
mobile
device,
security
and
personal
security
awareness,
so
Rob
Eric.
Thank
you
very
much
for
joining
us
Ty.
Thank
you.
As
always-
and
this
has
been
the
first
edition
of
Between
Two,
Ferns,
gitlab
style
and
hope
to
see
you
all
again,
bye
everybody.