Things I Hearted this Week – 30th March 2018

March 30, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Another week and social media giants Facebook and Google are under scrutiny by all and sundry as to the information they gather and the privacy implications. I know that something is big when my Dad asked me about the whole debacle over dinner this week – and he doesn’t even use, or fully understand Facebook.

Many years ago, my Dad used to run his own magazine, and so understands media and advertising very well. It made for interesting conversation as I explained how online ads are not static like he’s used to – but rather everything is a big information engine, designed to ingest information about you, and then push back tailored content designed to meet your needs. I was half-thinking he’d agree that it was a great innovation. But alas, he defaulted to his standard position that people have entrusted too many critical decisions to computers and nothing good will come of it.

He probably has a point.

#DeleteFacebook

The world seems upset at Facebook, to the point that the #DeleteFacebook campaign has been picking up momentum. But is it a genuine movement or a bandwagon that opportunists are taking advantage of?

Socialsafeguard took a look at the hashtag, where it’s trending, and the dollar value a user has for Facebook

Related:

But what if my password manager gets hacked?

Sometimes, the proverbial “WHAT IF IT GETS HACKED?!” question isn’t a question at all, it’s  a “Gotcha!” question/comment or attempt to get under my skin with a tired, washed out and predictable argument that I’ve heard about a million times before. Other times, though, especially with non-experts, it’s a legitimate, serious question that doesn’t have an easy “yes or no” answer.

Cyber, the short version

The man known as TheGrugq recently gave a keynote on cyber conflict, but was kind enough to extract the essence in this post

Find bugs and chill

Online video streaming company Netflix seems to be one of those companies that always seems to find its way into the technology news for the right reasons. It ran a private vulnerability disclosure program over the past five years, resulting in 190 issues being addressed. But now its opening its door to public bug bounty program through Bugcrowd.

Security scammers

There are many different types of scammers that operate on the internet. Security scammers approach website owners with claims that their website is infected or vulnerable and offer to fix the issues for a fee. However, would-be scammers should do their homework and not try to scam Troy Hunt, aka the Crocodile Dundee of IT Security.

What ensued what a humorous exchange.

Who and what is Coinhive?

Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices. This post looks at how Coinhive vaulted to the top of the threat list less than a year after its debut, and explores clues about the possible identities of the individuals behind the service.

But it seems that not everyone was pleased with the Krebs article, and retaliated, in a very unique way.

Investigating lateral movement paths with ATA

Even when you do your best to protect your sensitive users, and your admins have complex passwords that they change frequently, their machines are hardened, and their data is stored securely, attackers can still use lateral movement paths to access sensitive accounts. In lateral movement attacks, the attacker takes advantage of instances when sensitive users log into a machine where a non-sensitive user has local rights. Attackers can then move laterally, accessing the less sensitive user and then moving across the computer to gain credentials for the sensitive user.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT