CuK8hv7WgAI68IH

Alien Eye in the Sky

Covering the infosec news from the week, so you don’t have to!

Links to stories in the video

 

  1. The beginning of the end(point): where we are now and where we’ll be in five years
  2. The strange way people perceive privacy online
  3. Tesla responds to Chinese hack with a major security upgrade
  4. Good cybersecurity can be good marketing
  5. Cyber: Ignore the penetration testers:

 

Other stories of interest

When automated bots were primed to sell the UK Pound

The ethics and morality behind APT reports

Scott Helme went wardriving.

Internet of things botnets – SSH just got real!

Lloyds combats call center fraudsters with new tech

F-Secure pens an open letter to businesses that block VPNs on their free WiFi

Sarah Clarke gives a perspective on GDPR, a personal and professional journey.

Akamai finds longtime security flaw in 2m devices.

 

jm hearted

Things I hearted last week (and the week before)

It’s been an interesting few weeks which is why I haven’t posted my usual updates. I was out in Vegas for Blackhat and BsidesLV, both of which were great as always. I also had a chance to pop off to visit the Grand Canyon with my partner-in-crime Adrian Sanabria. Video coming soon, but this vine will give an idea of how far we got into the wilderness.

 

Blackhat was also a blast. AlienVault had a brand new booth design and the interactions were as engaging as always.

DSC_0435DSC_0438

Now onto the business end of things.

Do whistleblowers ever win? Researcher who exposed VW gain little.

Remaining on the topic of cars, Auto group pushes best practices for vehicle security

Mozilla to block Flash in Firefox browser – about time.

Bypassing Win10 UAC by using disk cleanup.

A tutorial on Configuring NPS 2012 for Two-factor Authentication

New attack bypasses HTTPS protection on Macs, Windows, and Linux

TrustedSec released version 7.3 of the Social Engineer Toolkit (SET)

People care about privacy, so why won’t they pay for it?

Looking at the malicious side of bad UI. Dark Patterns are designed to trick you (and they’re all over the Web)

Microsoft REST API Guidelines – a good set of principles.

Do you like using a VPN? Well, if you plan on using it in the UAE, you could end up with jail time and a $545,000 fine.

Am I saying that EMET was written to stop Metasploit sourced shellcode? Yup. Pretty much.

Not directly security related, but I found it interesting to read how Starbucks has more money on customer cards than many banks have on deposit. Probably a lot easier to rob than banks too… just saying.

Something that reads like the bug equivalent to national novel writing month. Good writeup on high frequency security bug hunting with 120 bugs in 120 days.

Post-conference season we always get a rash of opinion posts about why conferences are broken or bad. Here’s Alex Stamos’s take Addressing security blindspots through culture

Teen hacker flies to Black Hat on his one million free airmiles

 

Vuln disclosure

CRASS – Vulnerability Disclosure

After a very slow 2014, Cynical Rants About Security Stuff – or CRASS for short (unfortunate and unintentional) is my attempt at being more regular in publishing content. The idea is that once a week I’ll ramble for a couple of minutes on any given topic.

This week I rant about the vulnerability disclosure process and how Google and Microsoft arguing publicly doesn’t really help anyone. There are some football (soccer) references that I’m sure all my US-based friends will totally understand.

I won’t write up all my thoughts on the topic as I’ll be covering ground that many have already written about. If you’re interested in finding out more, or exploring other opinions on the subject, then I recommend checking out the following

Rob Graham: A call for Better Vulnerability Response

 Space Rogue: In the beginning there was full disclosure

and Steve Ragan: Microsoft blasts Google for vulnerability disclosure policy

jimmy hat
,

A friend with photoshop is all you need

Jimmy is a good guy – I like him, he works in security and trains MMA. Which means if he can’t gain access to your server, he’ll simply beat the password out of you.

Then he posted this picture on twitter in a cowboy hat. Ridiculous cowboy hat

As they say, a little photoshop is a dangerous thing – and the temptation was too great to not take advantage of the opportunity.

1 brokeback

Which led to the birth of Jimmy Sozé

2 usual suspects

This got Jimmy a bit worked up, so I challenged him to a duel.

3 duel

He said he’d kill me – to which I said that’s a crime punishable by hanging till he’s dead, dead, dead!

4 hang em high

The subsequent barrage of messages proved that Jimmy was indeed unchained. Read more

The greatest story ever told

It’s December – and it’s kind of a tradition that every year I get together with the fine folk at Twist and shout to make a Christmas video.

This year, however we decided to do something different, so along with my Host Unknown companions Thom and Andy, we set out to do something serious that captures a great story.

The Greatest Story Ever Told from Twist and Shout on Vimeo.

 

To see where the Christmas tradition started, check out Santa gets hacked and it’s sequel below.

 

Santa Gets Hacked! from Twist and Shout on Vimeo.

 

 

Santa Gets Hacked – Aftermath from Twist and Shout on Vimeo.