Things I Hearted this Week, 6th July 2018

July 6, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Here's an idea.

Have convicts in prison manually mine cryptocurrencies.

Call it, <wait for it> the blockchain gang!

Thank you very much, I'll be here all week.

Now on to the serious stuff.

10 THINGS TO KNOW BEFORE GETTING INTO CYBERSECURITY

You may know Kevin Beaumont as @GossiTheDog on twitter. He won the 2018 EU blogger awards for best tweeter. But apparently, he's a man of more talents than just twits, he also blogs, and has put together a good list of 10 things you should know if you're considering getting into cybersecurity.   

Related, if you're looking to break into security, then you'll want to know which locations offer the best salaries (US-based).

HACKERS WILL GET HACKED

Of course we trust the Government to maintain backdoors and hacking tools... they're the Government. I, for one, am shocked that gambling takes place in this casino.

From Cellebrite, to Shadow Brokers, to the CIA dump, so many recent data breaches have shown there is a real risk of exposure to government hacking tools.

In related news, NSO sells its potent iPhone malware to governments, including Mexico and the United Arabs Emirates. But according to a newly released indictment, a disgruntled employee stole the company's code and tried to sell it for $50 million worth of cryptocurrency.

IT IS COMING HOME

While the tide of outsourcing seems to be on the rise, does BP represent an undercurrent of some companies wanting to get their arms around exactly what they have, why they have it, and who manages it?

BP is looking to bring the majority of its IT back in-house as part of a wider modernisation programme across the entire energy group, which comprises of a massive 74,000 employees.

Speaking at the London leg of AppDynamic’s World Tour, Andy Sturrock, head of modernise IT transformation at BP, admitted that the energy company had been too reliant on outsourcing in the past.

“We looked at ourselves and realised that we had become an IT organisation which didn’t really do IT, we facilitated other companies doing IT to us," he said. "So we wanted to get back to us being an IT organisation and developing our own capability again."

DECENTRALISING THE INTERNET

No, this isn't a story plot out of the show Silicon Valley - Fixing the internet can look like mission impossible, even in the West. A Jeffersonian reform in the form of Web 3.0 appears a long way off, and its regulatory equivalent, a vigorous antitrust policy, does not look much more promising. Online, humanity seems bound to sink ever deeper into a Hamiltonian hole. But such an outcome is not inevitable.

BYPASSING WEB-APPLICATION FIREWALLS BY ABUSING SSL/TLS

A nice write up - I enjoy and am appreciative of when people take the time to go through how they do what they do.

"I was given access to the WAF for different tests and apart from other methods I found to bypass it, an interesting one was by abusing SSL Ciphers. The first time I logged in the WAF the Unsupported SSL Ciphers alert caught my eye really quick. Once I saw the alert description I started digging more in the documentation of the product and managed to find all the supported SSL ciphers."

POLISH CHARITY GETS HUGE PHONE BILL THANKS TO STORK

From the category of, "My threat model is not your threat model" we have this story whereby a Polish charity will have to pay 2,700 Polish zloty because someone stole the tracker from a stork it was tracking, and used the SIM card to rack up hours of phone calls.

According to official broadcaster Radio Poland, the environmental EcoLogic Group placed a tracker on the back of a white stork last year to track the bird's migratory habits.

It travelled some 3,700 miles (6,000kms), and was traced to the Blue Nile Valley in eastern Sudan before the charity lost contact.

EcoLogic told the Super Express newspaper that somebody found the tracker in Sudan, removed the sim card and put it in their own phone, where they then racked up 20 hours' worth of phone calls.

HOW A DORM ROOM MINECRAFT SCAM BROUGHT DOWN THE INTERNET

THE MOST DRAMATIC cybersecurity story of 2016 came to a quiet conclusion Friday in an Anchorage courtroom, as three young American computer savants pleaded guilty to masterminding an unprecedented botnet—powered by unsecured internet-of-things devices like security cameras and wireless routers—that unleashed sweeping attacks on key internet services around the globe last fall. What drove them wasn’t anarchist politics or shadowy ties to a nation-state. It was Minecraft.

RANDOMNESS

A few other stories I enjoyed reading recently.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT