LG: We should tell people to read your story.
LHN: Okay. Well, she got so deep, there’s like a really exciting own at the end.
LG: And sadly, this woman whose name was Rita Stran, she did pass away. I’m not spoiling the end.
LHN: No, that’s of course not the exciting end. That’s the sad part.
LG: Yeah. This was back in 2016. She did this in 2015 you said, or 2014?
LG: And then she died in 2016. But it sounds like Rita had some real talent for this sort of thing.
LHN: Totally. And I think from what I understand from her son, she definitely would have wanted to do other pen tests if she had been able to. And yeah, I think the story really illustrates how if you have a clipboard and some confidence, you can talk your way into a lot of stuff. And if companies and government institutions and organizations aren’t thinking about that possibility, what hackers call social engineering, for someone to just come in and say, “I have the authority to be here and I’m going to roam around.” You’re really screwed. But you can totally understand how it happened.
I mean, the guards at the door, they were trying to do their job. They were trying to comply with what they thought was an authority figure from the state. So we understand how it happened, but it’s just a really fundamental weakness.
LG: Do you think it says anything perhaps about these guards? I don’t want to say they’re biased, but how they perceived a woman approaching the prison saying, “I need to inspect something.” Versus perhaps a man.
LHN: Definitely possible. There was an anecdote that I didn’t put in the story about how Rita decided to call the Network Operations Center, which is NOC. It’s usually called a Noc. She kept calling it a nook, which also sounds like nuclear weapon, which is weird, meaning like N-O-O-K or something. She kept saying, “Where’s your NOOK? Where’s your NOOK?” Because she thought it would play into this idea that she wasn’t too savvy and she didn’t know too much she was just trying to do her job as a health inspector.
So definitely possible that she was sort of riding on all of that to subvert people’s expectations. But I think unfortunately security is still a male-dominated industry and most pen testers are men and they rock it out too, you know, get in all sorts of places. So yeah, that type of thing is definitely a factor, but it also is just a blind spot we all have when it comes to physical in-person confrontation and sort of perceived authority and pushing back against that or asking more questions without seeming rude. Yeah, it’s something in that area.
MC: Well that’s fascinating and I definitely encourage everybody to go read the story that you wrote about it on WIRED.com. And also all of the coverage that you’ve been doing this week and in perpetuity of everybody trying to keep us safe and the people that they are fighting.
LHN: Thanks. Yeah, stay safe out there everyone.
LG: Lily, are you going to do a join us for recommendations?
LHN: Yes, I do have a recommendation.
LG: All right. Hold that thought. We’ll be back after a quick break.
MC: All right. Welcome back, Lily. Let’s start with you. What is your recommendation?
LHN: Okay. My recommendation this week is for a product called Dangerzone. It’s not really a product, it’s a tool that’s being released from Micah Lee who is the Director of Information Security at The Intercept and he has a history of doing cool projects like this. What Dangerzone does, is it’s an application for your computer that scrubs PDFs. When you get like an attachment in an email or something, it sandboxes it, quarantines it and then goes through and combs for the malicious types of things that can be embedded in PDFs and cleans everything out and then spits out a version for you that you can be a lot more confident it’s safe. And I just think that’s a really cool tool. It’s something everybody could use. Just have it hanging out on your computer. Just use it occasionally when it comes up. And I think he’s releasing it in the next few weeks and just seems like a quick, easy way to be a little more secure.