BSides Lisbon

It was my first time in Lisbon, it was my first time keynoting at a Bsides… what could possibly go wrong?

Thanks so much to the whole team and attendees at BSides Lisbon for a fantastic event!

You can read my full writeup on the event over on my AlienVault blog. It includes a link to my entire keynote.

 

GDPR Millionaire

via IFTTT Read the original blog by Rowenna here: http://ift.tt/2zgNKou

If PCI DSS paid off the mortgage, then GDPR looks well on its way to buy the yacht.

But how does one go about making some of that GDPR gangster money if they don’t know much about the regulation? Well, becoming a GDPR consultant is simple, with these seven simple steps.

Note: This is a parody video – it’s kinda sad I have to say that, but you never know who takes these things seriously!

How to be an infosec thought leader

Becoming a thought leader is the epitome of professional success. But a thought leader isn’t a title that one attains by going to Harvard, or Cambridge. No, it’s a title bestowed by your peers.

So how does one become known as a thought leader? Simple, just watch this video and follow the awesome advice given by me and @SpaceRog

@J4vv4D

Bsides Lisbon and the car door

I’m truly honoured to have been invited to keynote at Bsides Lisbon this year on November 10th.

It’ll be the first time I’ve visited Portugal, and the first time I’ve keynoted at a Bsides. Ordinarily I’d probably be feeling a bit apprehensive of speaking at a conference that I haven’t even attended, let alone keynote at.

But that’s one of the great things about BSides events – no matter where in the world you attend them, they have a familiar sense of community that welcomes you. Even if you walk in knowing no-one, you are sure to end the day having made half a dozen new friends.

So, it may be the first time I’ll be in Portugal, and the first time I’ll be attending BSides Lisbon – but it feels oddly familiar.

Hope to see you there.

Ransomware uses

via IFTTT Someone asked me if there are any unusual or legitimate uses for ransomware.

If you break down what ransomware is, it’s just encryption. But it’s more like “surprise” encryption where someone else does the encryption, and keeps the key.

So, I present five unorthodox ways to use ransomware in this video.

However, if you want to learn more about ransomware, and in particular open source ransomware, much of which is available freely on GitHub, then I recommend watching the Bsides London talk by Chris Doman on why sharing isn’t caring. https://youtu.be/tXJ5qxLyoVI

Hacking Conference Shirts

T-shirts are among the most popular giveaways at security conferences. They’re great, practical, and serve as walking advertisements.

But if you go to enough conferences, you’ll usually find yourself accumulating far too many shirts.

There are only so many shirts you can use to wear when working out, or doing DIY projects, or as rags to clean up spills.

I was looking for easy (no sewing involved) ways to upcycle some shirts, and in this video, this is what I came up with.

Digital Cemetery and the Myspace vulnerability

via IFTTT Recently, security researcher Leigh-Anne Galloway (@L_AGalloway) found a vulnerability on Myspace, my first thought was amazement that Myspace still existed.

It’s one of the sites that seems to have been lost in the digital abyss, like tears in the rain.

The details of the vulnerability (which appears to have been fixed now) can be found here: http://ift.tt/2thIfE3

While it’s easy to poke fun at an ancient website with a security flaw, there can be serious consequences as a result. Older sites like Myspace form something of a digital cemetery. Except, data isn’t dead, it’s just abandoned.

So what happens when a website that was once heavily used is left? In these situations, the best thing would probably be if the website shut down altogether.

However, in many cases a website like Myspace limps along. Sometimes trying to reinvent itself, other times acquired by a larger company, stripped of its assets, and thrown into the corner.

Without regular maintenance or monitoring, such websites can easily become derelict, like a building with a leaky roof, occupied only by squatters.

The onus on any website operator, regardless of popularity, or relevance is to maintain good security. Particularly around registration, forgotten password, and forgotten accounts.

The lack of maintenance can expose the data of legitimate users of the service. This could range anywhere from a mild inconvenience, to embarrassment, to being able to leverage for a full on attack.

As users, there is little power one has over how a website is maintained. But, if one has stopped using a service, they should look to move and delete any and all data that may be on there. It is usually not sufficient to simply disable or delete an account, as in some cases these can be reactivated.

It’s an interesting situation that is new to a generation of internet users. What digital ghosts will haunt a generation in their retirement from posts they made when they were full of youthful exuberance?

www.J4vv4D.com