Things I Hearted this Week, 2nd March 2018

March 2, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

This week London has been in the midst of snowmageddon! An inch of snow ground the city to a halt with schools closed and the capital on red alert. Fortunately, one of the perks of working from home is that I get to stay on top of the security news regardless of the weather, so put on your snow boots and jump right in.

snow in london

Trading stocks in the wake of breaches

The US securities and Exchange Commission (SEC) has waned high-ranking executives not to trade stocks before disclosing beaches, major vulnerabilities and other cybersecurity related incidents.

Tracking your sold hardware

Many devices now come with tracking features to help you find it if it gets lost or stolen. It started predominantly with phones, but now is in most laptops, desktops, and plenty of smart devices.

The trouble is that location tracking isn’t something we intuitively ask for when buying or selling an item. We just assume that the seller has disabled it, or it wasn’t enabled in the first place. Will we get to a point where before buying a smart teddy, a kid will ask if its been factory-wiped and all credentials removed?

Cover your own assets

John Carroll wrote an interesting blog post on influencing business layers that might not get infosec.

Cybersecurity Style Guide

How many times have you wished you had a cybersecurity style guide to help you understand how to pronounce security phrases, or write a word, or the definitive meaning of a term. Well, your wishes have all been answered as Bishop Fox has created a style guide for you.

Revenge Hacking

Well, at least the motive was easy to establish.

Teach a man to Phish… on second thoughts

The NCSC posted a somewhat polarising post on the trouble with phishing. While it raises some good points about the limitations of phishing and how user awareness is one layer among many to protect organisations. It does make some broad assumptions and makes user awareness sound almost futile.

The market is taking a slightly different view, with a number of acquisitions in the user awareness space in recent months. I wrote a recap over at my blog.

Phish of the week

How to hack any Facebook account

A nice writeup on how researcher Anand Prakash found a vulnerability in Facebook that allowed access to any account, which earned him a $15k bounty.

It relied on the fact that you could reset a Facebook password with a 6 digit code that could be brute-forced as there wasn’t a rate limit.

In other Facebook news.

Influencing Security Policy

Instead of criticizing cybersecurity policy, Robert Knake has some advice on how you can more effectively influence it.

What are the benefits of ISO27001?

ISO27001, the cornerstone of most security programmes. But what are the benefits and how can you make it work?

Fortunately, Brian Honan is a man that knows a thing or two about the ISO standard they call 27001 and shares his wisdom.

Somewhat related because Brian helped me put this together a few years ago

Random assortment of news

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL