Things I Hearted this Week – 3rd November 2017

November 3, 2017 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

It’s been another busy, interesting, and confusing week in the world of security and technology – so let’s just get down to it.

50k Aussie government and banks staff records breached

The personal details of more than 4,000 government employees have been exposed in a massive data breach of 50,000 staff records from various companies across Australia. It is believed to be the second-largest data breach in Australian history after the details of just over half a million blood donors were accidentally leaked by the Red Cross in 2016.

Wrestling student hacks grades

A former chemistry student allegedly used keystroke-logging gadgets to steal tutors' passwords, change classmates' grades and download copies of exams ahead of time. Amateur wrestler Trevor Graves, 22, who studied at the University of Iowa was arrested and indicted this month on two hacking charges – each of which could land him up to ten years in the clink if found guilty. In paperwork (pdf) submitted to an Iowa district court, FBI agent Jeffrey Huber recounted that in December of last year one of the university's teachers noticed that Graves' grades had mysteriously improved.

Hackers Using Default SSH Creds to Take Over Ethereum Mining Equipment

A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own. Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner.

Change your default credentials, kids. Or better still, manufacturers – force users to change default credentials on first use!

How to become a pentester

This one is from the archives, but equally relevant today as it was two years ago when published. Going through a lot of the methodology and answering most questions budding pen testers would have.

Circle with Disney web filter riddled with vulnerabilities

A ‘smart’ thing made by Disney has more holes in it than swiss cheese. Who could have ever predicted such a thing?

Circle with Disney is supposed to allow parents the ability to control their children's internet browsing activity and times. But those pesky researchers at Cisco Talos unmasked at least 23 vulnerabilities that can be used to hijack full families of devices.

The thought police are coming

As the case moved forward, the prosecution acknowledged that Walker was not suspected of plotting any kind of terrorist atrocity. The government was instead arguing that his mere possession of the book was a violation of the Terrorism Act’s Section 58 because it contained information that could have been useful to a terrorist if discovered. The book is freely available to anyone on the internet, and versions of it can even be purchased on Amazon. Regardless, prosecution lawyer Robin Sellers said it was possible a “radicalized” person could find Walker’s copy of the book and use it to prepare an attack.

We’re building a dystopia just to make people click on ads

We're building an artificial intelligence-powered dystopia, one click at a time, says techno-sociologist Zeynep Tufekci. In an eye-opening talk, she details how the same algorithms companies like Facebook, Google and Amazon use to get you to click on ads are also used to organize your access to political and social information. And the machines aren't even the real threat. What we need to understand is how the powerful might use AI to control us -- and what we can do in response.

How to become an infosec thought leader

Have you ever wondered what it would take to become a recognised thought leader in infosec? Well, wonder no more.

A short fun, satirical video I put together with Space Rogue on how to become an infosec thought leader

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL