Ransomware uses

via IFTTT Someone asked me if there are any unusual or legitimate uses for ransomware.

If you break down what ransomware is, it’s just encryption. But it’s more like “surprise” encryption where someone else does the encryption, and keeps the key.

So, I present five unorthodox ways to use ransomware in this video.

However, if you want to learn more about ransomware, and in particular open source ransomware, much of which is available freely on GitHub, then I recommend watching the Bsides London talk by Chris Doman on why sharing isn’t caring. https://youtu.be/tXJ5qxLyoVI

Hacking Conference Shirts

T-shirts are among the most popular giveaways at security conferences. They’re great, practical, and serve as walking advertisements.

But if you go to enough conferences, you’ll usually find yourself accumulating far too many shirts.

There are only so many shirts you can use to wear when working out, or doing DIY projects, or as rags to clean up spills.

I was looking for easy (no sewing involved) ways to upcycle some shirts, and in this video, this is what I came up with.

Digital Cemetery and the Myspace vulnerability

via IFTTT Recently, security researcher Leigh-Anne Galloway (@L_AGalloway) found a vulnerability on Myspace, my first thought was amazement that Myspace still existed.

It’s one of the sites that seems to have been lost in the digital abyss, like tears in the rain.

The details of the vulnerability (which appears to have been fixed now) can be found here: http://ift.tt/2thIfE3

While it’s easy to poke fun at an ancient website with a security flaw, there can be serious consequences as a result. Older sites like Myspace form something of a digital cemetery. Except, data isn’t dead, it’s just abandoned.

So what happens when a website that was once heavily used is left? In these situations, the best thing would probably be if the website shut down altogether.

However, in many cases a website like Myspace limps along. Sometimes trying to reinvent itself, other times acquired by a larger company, stripped of its assets, and thrown into the corner.

Without regular maintenance or monitoring, such websites can easily become derelict, like a building with a leaky roof, occupied only by squatters.

The onus on any website operator, regardless of popularity, or relevance is to maintain good security. Particularly around registration, forgotten password, and forgotten accounts.

The lack of maintenance can expose the data of legitimate users of the service. This could range anywhere from a mild inconvenience, to embarrassment, to being able to leverage for a full on attack.

As users, there is little power one has over how a website is maintained. But, if one has stopped using a service, they should look to move and delete any and all data that may be on there. It is usually not sufficient to simply disable or delete an account, as in some cases these can be reactivated.

It’s an interesting situation that is new to a generation of internet users. What digital ghosts will haunt a generation in their retirement from posts they made when they were full of youthful exuberance?


BBC Click and Tweetchats

Spent a day with the BBC, and hosted a tweetchat. Just an ordinary day, no biggie.Link to the tweetchat moment:

Tweetchat blog isn’t about, but keep your eye on http://ift.tt/1s8wHrF for info

RANT, Steelcon, and that shirt!

One man, two conferences, three days.

The conferences

My band, Host Unknown

The Ransomware Song

It’s a parody deliberately intended to be as bad as possible as a form of artistic expression depicting the state of security in the world today set against the backdrop of the rise of ransomware. Seeking to answer the mysteries of humans, life, and the universe.

Why hacking will increase

A theory based on macroeconomic factors. Clearly, bad people that want to do bad things will always find a way.