But we’ve always done (in)security this way
Being an operator for the Twitter account for any large brand can be challenging and tough at the best of times. But it can be even more so when faced with security questions.
When security experts on Twitter questioned NatWest_help why the homepage wasn’t secure the Bank initially tried to downplay the issue. But the bullying on Twitter forced the changes. Troy Hunt led the charge with “Securittyyyyy” much like Mel Gibson declared “Freeedom” in Braveheart, and NatWest finally gave in and upgraded within 48 hours.
The Security Avengers (name pending) then fired a warning shot across other major banks which did not have secure homepages which has likely got many a security executive in a board room explaining likelihood and impact slides.
- I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important | Troy Hunt
- NatWest overhauls web security after online confrontation | Computing
- NatWest changes website security following heated exchange with cyber experts | ITPro
- NatWest bank spat prompts web security changes | BBC
Why incident response is the best cybersecurity ROI
Many times, there is little influence over what companies run and what it is run on. Chances are there will be failures or breaches – what is within the sphere of control is how well those incidents are responded to.
- Why incident response is the best cybersecurity ROI | CSO Online
Welcome to the hotel hackifornia
Christoph Brandstatter is managing director of the four-star Seehotel, Jagerwirt, in Austria's Alps.
His hotel's electronic door locks and other systems were hacked for ransom four times, between December 2016 and January 2017.
He paid a ransom of two bitcoins, at that time it was about €1,600 (£1,406: $1,882)".
He’s trained his staff to recognise phishing emails that may seem genuine but actually contain malware.
And he's moved back to traditional metal keys.
The restaurant that didn’t exist
People increasingly make decisions based on what they read on the internet. There’s an inherent trust about it. You book a cab through an app to take you to the airport where you board a plane which you booked online, to go and stay in a stranger's apartment you found through a different site.
But it’s a fragile ecosystem that’s open to abuse, as one freelance writer discovered when his unique restaurant beat out thousands to earn to ranking well on TripAdvisor for a time, drawing a flood of interest.
The problem was though, it didn’t exist.
- ‘The Shed at Dulwich’ was one London’s top-rated restaurant. Just one problem: it didn’t exist | The Independent
- Somewhat related, this article on how Smartphones are weapons of mass manipulation.
Learn Git fast
A post sprinkled with a generous dose of humour shows the minimum number of Git commands that you need to learn in order to start being productive.
Building Personal Brand: From One InfoSec Student to Another
A guest AlienVault blog by @CryptoCypher had me nodding in agreement all the way through, giving some solid practical tips on how to position yourself best to get into InfoSec.
It includes tips on writing your CV, the importance of business cards, blogging, attending conferences, certifications, and more.
- Building Personal Brand: From One InfoSec Student to Another | AlienVault blog
Do the crime, without the time
Brit teen Jack Chappell has avoided being sent to prison after pleading guilty to helping launch DDoS attacks against NatWest, Amazon and Netflix, among others.
According to the Manchester Evening News, Judge Maurice Greene said in his sentencing remarks: "It is a tragedy to see someone of undoubted talent before the courts... You were taken advantage of by those more criminally sophisticated than yourself."
- UK teen dodges jail time for role in DDoSes on NatWest, Amazon and more | The Register
- UK Teen Involved in Running vDOS DDoS Service Gets No Prison Time | Bleeping Computer
- Student spared jail for massive cyber attacks on Amazon, Vodafone and BBC | Metro
Manually mining bitcoin
This post is a few years old, but I only just came across it this week. It’s a great breakdown on how one could mine Bitcoin with pencil and paper. It’s obviously very slow, but a good way to understand exactly how it works.
No word on whether enterprising maths professors have been giving these as homework in order to mine bitcoins from their students.
- Mining Bitcoin with pencil and paper 0.67 hashes per day | Ken Shirriff