Hello and welcome to a very special edition of things I hearted this week as this may be the last time you’ll read this column here on the AlienVault (AT&T Cybersecurity) blog. And I’ve probably already said too much.
Onwards with the things I hearted.
How to help dissidents with technology? “Lift all boats”
Alec Muffett has some interesting takes on many issues and whether I agree or not with all of his opinion, I do always listen to them and take something away. In this article about helping dissidents, he prefaces it by stating how he feels he is not qualified to tell a dissident what tools they need in order to communicate securely.
I find that in itself a mature approach which is sorely lacking in the information security space. One can be the foremost expert in one area of security, but it doesn’t mean they are experts in all aspects. The more people are open about this, the better the dialogue can be.
Normalise privacy for the general population. Normalise encryption. Implement it everywhere, and make it all of good, invisible and boring. Combat every single nannying agency or entity which attempts to quench those goals. Never stop.
- How to help dissidents with technology? “Lift all boats” | Medium, Alec Muffett
Tie up those supply chains
Facebook admitted a supply chain data leak in its new Oculus headsets resulted in the devices shipping out with secret messages reading “Big Brother Is Watching You,” “The Masons Were Here,” “This Space for Rent,” and “Hi iFixit! We See You!.”
Roses are red, violets are blue, if you send me spam, I will sue you
What happens when you receive unlawful spam messages from the football pools (a UK story so football means soccer).
Do what Andrew Walsh did and see them in court and win damages!
Every dog has its day | Walshipedia
Don’t do the crime if you can’t do the time
What has the world come to when someone can’t go on the dark web without getting phished and their bitcoins stolen?
The good news is that the perpetrator has been sentenced to a year and a day in prison and ordered to forfeit $325,000
On the other side of the pond, a UK-based criminal has been jailed for 6 years for extorting more than $915,000 via ransomware which claimed to be from the FBI.
- UK Hacker has been jailed for extorting ransom payments | This is Insider
And finally, the news of the week has been that Marcus Hutchins, aka MalwareTech, the British security research who shot to fame for stopping the WannaCry ransomware outbreak pled guilty to writing malware in the past.
- Security researcher MalwareTech pleads guilty | ZDNet
- Marcus Hutchins public statement | MalwareTech
Mysterious operative haunted Kaspersky critics
A great in-depth piece by Raphael Satter at the AP
The man seated in front of him at the London hotel claimed to live in Hong Kong, but didn’t seem overly familiar with the city. Then there was the awkward conversation, which kept returning to one topic in particular: the Russian antivirus firm Kaspersky Lab.
He also asked Giles to repeat himself or speak louder so persistently that Giles said he began wondering “whether I should be speaking into his tie or his briefcase or wherever the microphone was.”
Related article by Raphael on techniques to seek out ghost firms.
- Busting Ghost Firms | Medium, Raphael Satter
It would be a shame to waste space on this column without a bit of shameless self-promotion. But that’s only because I wrote about something I’ve been thinking about a lot over a long period of time. That is, that security practitioners, and businesses at large need to be more transparent in their approaches. A number of issues can be attributed to obscurity, or just attempts to bury bad news. People are wiser than that these days, and you can’t simply pull the wool over eyes so easily.
Security Through Transparency | AlienVault blog
In closing, I’ve thoroughly enjoyed contributing to this blog over the last few years. Aliens had me at, “We come in peace”. But now it’s on to the next chapter. Beam me up Scotty.