January 2018 finds itself in the rear view mirror, which probably means I can’t wish Happy New Year to anyone I haven’t spoken to since December. But if I haven’t spoken to someone for that long, I do begin to question why I even bother speaking to them at all…
One thing I don’t ever stop to question though is what’s going on in the world of security, so let’s take a look back over the most newsworthy items to come across my virtual desk.
Password manager vulnerabilities
You may remember a few weeks ago where Freedom to Tinker published findings about two scripts that exploit browsers built-in login managers to retrieve and exfiltrate ID’s.
The most commonly-asked question on the back of that was “which password managers should I use?”.
Luckily, my friend Adrian Sanabria has done the legwork for you and compiled a list of password managers across different browsers and whether they leak credentials or not.
The follower factory
A very well researched and presented piece by the NYTimes on the business of buying fake followers, what it means to those that buy it, the companies which broker fake identities, and the impact to social media platforms.
- The follower factory | NYTimes
Who will pay for Spectre? Probably you
What do Toblerone and Brexit have in common with Spectre? A whole lot more than you may think.
- Who will pay for Spectre? Probably you | Owen Rogers, Medium
Even my spellcheck knows not to question me whenever I type GDPR these days. But that’s not to say it isn’t a topic which generates good discussion. Two pieces that recently caught my eye were:
- Things to consider before publishing an article about GDPR | Rowenna Fielding / LinkedIn
- Data Protection, Security, and the GDPR: A fuzzy and fraught relationship | Infospectives
The great crypto-currency rush
Whether you believe that cryptocurrencies are a bubble, or the next big thing in online payments, there is no denying that it is a hot commodity at the moment.
So much so, that criminals are putting a lot of effort into trying to illegally gain a slice of the crypto-pie.
The attacks come from a variety of angles. A criminal was able to steal about $150,000 by tricking Experty users into sending their payments to fraudulent cryptocurrency wallet address.
In Tokyo, hackers stole roughly 58 billion yen, ($532.60m) from cryptocurrency exchange Coincheck, making it one of the largest cryptocurrency heists so far.
But it’s not just hi-tech methods that criminals are resorting to. An Oxfordshire-based cryptocurrency trader was forced at gunpoint to make a bitcoin transfer by four raiders.
Nonprofit guidelines for cybersecurity and privacy
Cybersecurity is no longer a concern just for large corporations and governments. Companies of every size feel the need to beef up their cybersecurity capabilities, and to help them along their journey, Microsoft has published a rather handy set of guidelines.
- Nonprofit guidelines for cybersecurity and privacy | Techsoup referencing Microsoft PDF
Securing your IoT stuff
Brian Krebs recently posted some basic rules on security IoT devices. It’s a pretty decent list of 6 steps to take.
- Some Basic Rules for Securing Your IoT Stuff | Krebs on Security
- An Internet of Things 'crime harvest' is coming unless security problems are fixed | ZDNet
Related to IoT and Strava’s heatmap
- IoT and the law of unintended consequences | Network world
- U.S. Soldiers are Accidentally Revealing Sensitive Locations by Mapping Their Exercise Routes | Time
- The US Military’s IoT Problem Is Much Bigger Than Fitness Trackers | The security ledger
The UK's mass surveillance laws just suffered another hefty blow
Privacy advocates rejoiced as the Government’s mass surveillance programme to collect people's internet activity and phone records has been ruled unlawful by the Court of Appeal.
Judges said the Data Retention and Investigatory Powers Act (Dripa) 2014 breached EU law as it allowed the data to be harvested for reasons other than fighting serious crime.
While it’s a serious blow – it’s unlikely that it will be the last we hear on this topic.
- The UK's mass surveillance laws just suffered another hefty blow | Wired
- UK mass surveillance programme ruled unlawful as campaigners call for overhaul of 'snooper's charter' | Independent
- UK keeps up its legal losing streak over mass surveillance | Tech Crunch
Why COOs should think like behavioural economists
“…a successful COO needed to think about the environment in which employees make choices. More broadly, this illustrates a point that all COOs should keep in mind: A successful COO needs to think like a behavioral economist. What does this mean, exactly? First, it means recognizing that employees are, well, people. They exhibit the complexities and biases that we all have. And managers need to understand what kinds of biases occur. Second, this means the COO needs to think not only about compensation packages and incentives but also about creating an environment in which employees are set up to make good decisions.”