Things I Hearted this Week, 2nd Feb 2018

February 2, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

January 2018 finds itself in the rear view mirror, which probably means I can’t wish Happy New Year to anyone I haven’t spoken to since December. But if I haven’t spoken to someone for that long, I do begin to question why I even bother speaking to them at all…

One thing I don’t ever stop to question though is what’s going on in the world of security, so let’s take a look back over the most newsworthy items to come across my virtual desk.

Password manager vulnerabilities

You may remember a few weeks ago where Freedom to Tinker published findings about two scripts that exploit browsers built-in login managers to retrieve and exfiltrate ID’s.

The most commonly-asked question on the back of that was “which password managers should I use?”.

Luckily, my friend Adrian Sanabria has done the legwork for you and compiled a list of password managers across different browsers and whether they leak credentials or not.

The follower factory

A very well researched and presented piece by the NYTimes on the business of buying fake followers, what it means to those that buy it, the companies which broker fake identities, and the impact to social media platforms.

Somewhat related

Who will pay for Spectre? Probably you

What do Toblerone and Brexit have in common with Spectre? A whole lot more than you may think.

GDPR

Even my spellcheck knows not to question me whenever I type GDPR these days. But that’s not to say it isn’t a topic which generates good discussion. Two pieces that recently caught my eye were:

The great crypto-currency rush

Whether you believe that cryptocurrencies are a bubble, or the next big thing in online payments, there is no denying that it is a hot commodity at the moment.

So much so, that criminals are putting a lot of effort into trying to illegally gain a slice of the crypto-pie.

The attacks come from a variety of angles. A criminal was able to steal about $150,000 by tricking Experty users into sending their payments to fraudulent cryptocurrency wallet address.

In Tokyo, hackers stole roughly 58 billion yen, ($532.60m) from cryptocurrency exchange Coincheck, making it one of the largest cryptocurrency heists so far.

But it’s not just hi-tech methods that criminals are resorting to. An Oxfordshire-based cryptocurrency trader was forced at gunpoint to make a bitcoin transfer by four raiders.

Nonprofit guidelines for cybersecurity and privacy

Cybersecurity is no longer a concern just for large corporations and governments. Companies of every size feel the need to beef up their cybersecurity capabilities, and to help them along their journey, Microsoft has published a rather handy set of guidelines.

Securing your IoT stuff

Brian Krebs recently posted some basic rules on security IoT devices. It’s a pretty decent list of 6 steps to take.

Related to IoT and Strava’s heatmap

The UK's mass surveillance laws just suffered another hefty blow

Privacy advocates rejoiced as the Government’s mass surveillance programme to collect people's internet activity and phone records has been ruled unlawful by the Court of Appeal.

Judges said the Data Retention and Investigatory Powers Act (Dripa) 2014 breached EU law as it allowed the data to be harvested for reasons other than fighting serious crime.

While it’s a serious blow – it’s unlikely that it will be the last we hear on this topic.

Somewhat related

Why COOs should think like behavioural economists

“…a successful COO needed to think about the environment in which employees make choices. More broadly, this illustrates a point that all COOs should keep in mind: A successful COO needs to think like a behavioral economist. What does this mean, exactly? First, it means recognizing that employees are, well, people. They exhibit the complexities and biases that we all have. And managers need to understand what kinds of biases occur. Second, this means the COO needs to think not only about compensation packages and incentives but also about creating an environment in which employees are set up to make good decisions.”

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL