Welcome back after a week’s hiatus to give people time to be thankful for all the good in their life. The best things in life: SIEM and log management, crowd-based threat intelligence, vulnerability assessment, asset discovery, and intrusion detection.
I am Root
Apple found itself in the headlines as it was revealed that anyone could log in with root credentials without a password. I’m sure
employees Geniuses at Apple stores were delighted with customers trying out the hack on display units.
While many experts bemoaned the irresponsible disclosure of the vulnerability, it was apparently known on the Apple developer forums and thought of more as a bug.
Perhaps one of the most impressive aspects of this debacle was how quickly Apple turned it around and issued a patch within a day. I don’t know what they put in their coffee at Apple HQ, but I’ll have two!
New security update fixes macOS root bug | ars Technica
Portable Faraday Cage
This story caught my attention because of its simplicity. A man in Australia was sacked from his job after it was discovered the 60-year old electrician blocked his whereabouts by storing his personal digital assistant, that has a GPS inside, in an empty foil packet of Twisties, a puffy cheese-based snack that is popular in Australia.
I can only imagine how the prosecution kept a straight face claiming the man was using an elaborate Faraday cage while holding up an empty packet of crisps (chips).
Net neutrality is a hot topic at the moment, there are some strong proponents and a lot of dialogue ongoing. To coin a phrase, everything is fair in love, war, and online comments.
Jeff Kao used natural language processing techniques to analyse net neutrality comments submitted to the FCC from April-October 2017 – and at the risk of sounding like a Buzzfeed article – the results were pretty disturbing.
Holiday Cybersecurity guide
The lovable reprobate Rob Graham posted a great guide for anyone visiting relatives during the holidays, and what you can do to help them become more secure.
It’s a very decent list that’s worth checking out.
Your holiday cybersecurity guide | Errata Security
Ride share company Uber can’t seem to find itself in a good story at all these days. After having 57 million users details breached, the company hid the fact for over a year.
The company allegedly paid $100k to the attackers as a form of hush money. It’s not confirmed whether the money was extorted from Uber, or if it was a bug bounty that went too far.
What it did remind everyone of is that many companies are still woefully poor at securing cloud infrastructure.
Of course, most companies get breached at some point or another – hiding from regulators and customers won’t make it any better.
Three things you need to hear about Information security
It’s easy in any line of work to become a bit jaded after a while. The same challenges can feel like Groundhog Day. That turns to cynicism, and anger, and despair.
But it doesn’t need to be like that, as Stefan Friedli reminds us in Information Security: Three things you need to hear.
I can’t remember how I came across this insanely useful list by Ming Chow where he has a list of ransomware and who paid the ransom amongst other things.
References for Political Science, International Relations, and Law | Ming Chow Github