Things I Hearted this Week, 2nd Nov 2018

November 2, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

It’s November already, where has the year gone? I can almost still remember typing out the words for the years first ‘Things I hearted’ blog back in January. Re-reading it now, it feels as if not much has changed, big messes, breaches, an in-fighting seemed like the usual for the year.

I was speaking with my colleague Chris Doman a couple of days ago, and he did point out that 2018 overall has largely been better because we haven’t seen any large scale attack like WannaCry. He did pause and then add “yet” - so I suppose you could say we’ve improved because this year has caused less havoc than last year? Let’s chalk risk reduction down to a win and get on with it.

IBM Acquired Red Hat

A few weeks ago, prior to the announcement of the acquisition, IBM came up in discussion with a few friends and one of them said that IBM is one of those companies that everyone has heard of, but hardly anyone knows what they exactly do outside of a few services they use.

As the cool kids say, this may have been a statement designed to “throw shade” (young and hip people, please correct me if I’ve used the term incorrectly - I already embarrass my children enough by misusing lingo), but the fact is that the statement is rather true, only because most people are still trying to work out why IBM would shell out 33.4 Instagrams for Red Hat.

The Supply Chain

I won’t give any more air time to that ridiculous ‘grain of rice’ Bloomberg story. However, it did give everyone time to pause and think about the supply-chain and how fragile it is. It’s easy to overlook the reliance businesses have on partners and their security.

Dan Goodin took a peek behind the curtain of this shady practice and wrote on two supply-chain attacks.

Would you Compromise Privacy for $850m?

Under pressure from Mark Zuckerberg and Sheryl Sandberg to monetize WhatsApp, Brian Acton pushed back as Facebook questioned the encryption he'd helped build and laid the groundwork to show targeted ads and facilitate commercial messaging. Acton also walked away from Facebook a year before his final tranche of stock grants vested. “It was like, okay, well, you want to do these things I don’t want to do,” Acton says. “It’s better if I get out of your way. And I did.” It was perhaps the most expensive moral stand in history. Acton took a screenshot of the stock price on his way out the door—the decision cost him $850 million.

On the topic of money for ads

On the other side of privacy.

What are Everyone’s Kids Doing at School?

Another one to be filed under “what were they thinking?” - both the developers, and to be honest, do schools really need to share every minor detail via an online portal? What happened to good old-fashioned parent-teacher meetings?

Remini, a smartphone app that launched in 2013, aims to provide parents and educators with a social network to follow a child’s progress throughout school and their early life, documenting important milestones and letting parents share images with their child’s school.

But Remini exposed these, and the personal information of its users to the internet writ large, thanks to an API that let anyone pull the data without any sort of authentication. The data included email addresses, phone numbers, and the documented moments of the children as well as their profile photos, according to a researcher who discovered the issue.

Pakistani Bank Has Millions Taken

Apparently Bank Islami Pakistan was subject to a massive attack where many customers reported seeing transactions on their cards abroad. It’s alleged that attackers were able to breach the data centre of the bank and sold the customer details.

I found this interesting because Pakistani businesses probably have had lesser worries in the past. But as organisations such as banks go through a digital transformation, they are opening themselves up to a much broader range of threats. Something, they probably haven’t accounted for. It’s not too dissimilar to what we see in other parts of the world, where companies such as small or medium businesses didn’t used to get attacked as often, but now it’s pretty much a daily part of life.

Explain TLS Easily

A good way to explain TLS to someone.

How to Choose Which Conference to Attend

There’s no way to say this nicely, but there are just too many security conferences in the world today. I think it would be a good idea to try to emulate Tom Hanks from “The Terminal”, but instead of living in an airport, see if one can spend a whole year or half a year only going to conferences. Actually, that sounds like a terrible idea, don’t try it.

But what makes a conference worth attending or not? I found a good post by Valerie Lyons which may help you decide.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL