The Security Digest: Week 26
Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- Today is the 25th anniversary of the movie Hackers! No joke, this movie is in part why I’m in security today.
- Watch along with IGN and Matthew Lillard aka Cereal Killer tonight at 5 PM PT / 8 PM ET. #HackThePlanet More info here.
- Microsoft published a report on “new cyberattacks targeting U.S. elections”. The majority of what they published relate to account takeovers using techniques like brute force and password spray. One of the more interesting details they included was how one group performing these attacks cycled “through more than 1,000 constantly rotating IP addresses.” Accounts ranged from official election accounts for both major candidates, personal accounts from people associated with the candidates and policy and think groups as well. Please use a password manager and 2FA wherever possible.
- Geoff White has a brand new book out called Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global. Wired has published an excerpt of the book all about the Love Bug Virus from 2000 and has finally gotten the full story on who released it and why. I’m hooked from the excerpt and plan on checking out the full book soon.
- Portland passed the strongest ban on facial recognition in the US. The ordinances ban both public and private usage. The ban is the first that bans stores etc to use the technology. San Francisco had already banned but in July the EFF found that police accessed a downtown camera network to spy on protesters. Read more about Portland’s ban at CNET.
- Meanwhile, according to the San Diego Tribune, San Diego residents can rejoice now that the Mayor will not be handing over control of the city’s 3000 streetlight cameras to the police until proper laws can be passed by the city council. You can see where they’re all installed here.
- Lastly, because 2020 is what it is, Oracle is “buying” TikTok which doesn’t include the algorithm. Microsoft seems to have actually wanted to buy the assets and lost out. In June, you may have been reminded about Oracle when their marketing company BlueKai leaked billons of records. They have been making major inroads for awhile now, see this 2017 article. Also, have you ever noticed the “AddThis” buttons? Those are used for tracking, owned by Oracle and will be shutdown in Europe thanks to recent lawsuits and GDPR. Thankfully all of our data will be safe in massive US based Oracle advertising databases. Install Privacy Badger. Thanks for coming to my Ted Talk.
Owl fun and facts:
The above is a Blakiston’s fish owl. In an article in 2013, Jonathan Slaght talked to the NYTimes about this owl. “Nearly a yard high, weighing up to 10 pounds and with a wingspan of six feet, Blakiston’s is the world’s largest owl.” Jonathan works for the Wildlife Conservation Society and spoke to them about his new book, Owls of the Eastern Ice.
A Shout Out:
Marco Lancini just released the latest post in his series Continuous Visibility into Ephemeral Cloud Environments. The latest is Tracking Moving Clouds. In it he takes a deep dive into utilizing Lyft’s Cartography to monitor every AWS account and GCP project they manage. Along the way, he created a bunch of tools for ingestion, dashboards, queries and more that have also been released as well. This is super interesting if you have ever needed to monitor across multiple cloud providers. Kudos!
That’s owl for now!
The Security Digest: Week 27
Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, …
Secure Early and Often
In 1981, Barry Boehm published Software Engineering Economics, a look at the relative costs to fix an error at various stages of software development. In …