Things I Hearted this Week – 1st December 2017

December 1, 2017 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Welcome back after a week’s hiatus to give people time to be thankful for all the good in their life. The best things in life: SIEM and log management, crowd-based threat intelligence, vulnerability assessment, asset discovery, and intrusion detection.

I am Root

Apple found itself in the headlines as it was revealed that anyone could log in with root credentials without a password. I’m sure employees Geniuses at Apple stores were delighted with customers trying out the hack on display units.

While many experts bemoaned the irresponsible disclosure of the vulnerability, it was apparently known on the Apple developer forums and thought of more as a bug.

Perhaps one of the most impressive aspects of this debacle was how quickly Apple turned it around and issued a patch within a day. I don’t know what they put in their coffee at Apple HQ, but I’ll have two!

Anyone can hack MacOS High Sierra just by typing “root”. | Wired

New security update fixes macOS root bug | ars Technica

Apple releases update to fix critical macOS High Sierra security issue | The Verge

Portable Faraday Cage

Twisties Faraday Cage

This story caught my attention because of its simplicity.  A man in Australia was sacked from his job after it was discovered the 60-year old electrician blocked his whereabouts by storing his personal digital assistant, that has a GPS inside, in an empty foil packet of Twisties, a puffy cheese-based snack that is popular in Australia.

I can only imagine how the prosecution kept a straight face claiming the man was using an elaborate Faraday cage while holding up an empty packet of crisps (chips).

Employee used crisp packet as ‘Faraday cage’ to hide his whereabouts during work | Telegraph

Net Neutrality

Net neutrality is a hot topic at the moment, there are some strong proponents and a lot of dialogue ongoing. To coin a phrase, everything is fair in love, war, and online comments.

Jeff Kao used natural language processing techniques to analyse net neutrality comments submitted to the FCC from April-October 2017 – and at the risk of sounding like a Buzzfeed article – the results were pretty disturbing.

net neutrality on social

More than a Million Pro-Repeal Net Neutrality Comments were Likely Faked | Hackernoon

Holiday Cybersecurity guide

The lovable reprobate Rob Graham posted a great guide for anyone visiting relatives during the holidays, and what you can do to help them become more secure.

It’s a very decent list that’s worth checking out.

Your holiday cybersecurity guide | Errata Security

Uber breach

Ride share company Uber can’t seem to find itself in a good story at all these days. After having 57 million users details breached, the company hid the fact for over a year.

The company allegedly paid $100k to the attackers as a form of hush money. It’s not confirmed whether the money was extorted from Uber, or if it was a bug bounty that went too far.

What it did remind everyone of is that many companies are still woefully poor at securing cloud infrastructure.

Of course, most companies get breached at some point or another – hiding from regulators and customers won’t make it any better.

Uber is going to have to explain to Congress why it hid the 2016 data breach that affected 57 million users | recode

Uber hid data breach that exposed info for 57 million users | engadget

Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data | NY Times

Three things you need to hear about Information security

It’s easy in any line of work to become a bit jaded after a while. The same challenges can feel like Groundhog Day. That turns to cynicism, and anger, and despair.

But it doesn’t need to be like that, as Stefan Friedli reminds us in Information Security: Three things you need to hear.

Random nugget

I can’t remember how I came across this insanely useful list by Ming Chow where he has a list of ransomware and who paid the ransom amongst other things.

References for Political Science, International Relations, and Law | Ming Chow Github 

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT