Growing up in London, I don’t think we ever got Mister Rogers on TV. With the new movie coming out on his life, there have been many articles and columns discussing him. An interesting fact I came across was that Mister Rogers always mentioned out loud that he was feeding his fish because a blind viewer once asked him to do so. She wanted to know the fish were OK.
First I thought it’s a lovely gesture. But then I started wondering about system designs and notifications, particularly in security operations. The mentioning out loud that the fish is being fed is akin to the tuning of a SIEM so that a user receives alerts and gains visibility into the things that matter to them the most.
So, thought of the day is, if you’re Mister Rogers, what is the fish in your organization? And how will you let your execs (viewers) know that you are feeding it?
World Password Day
Last Thursday was world password day. Usually, it’s a day where people throw out reminds that one should use a strong password, and some marketing departments like Nutella offer up some truly bad advice.
But Twitter took world password day to a whole new level, by advising all of its 330 million users (or 100m users and 230m bots) to change passwords after it was found they were lying around in plaintext.
- Twitter advising all 330 million users to change passwords after bug exposed them in plain text | The Verge
- Twitter CTO: “We didn’t have to” tell users about the password debacle | Fast Company
- Twitter to All Users: Change Your Password Now! | Krebs on Security
- The upside of the Twitter password bug | Decipher / DUO
The real digital danger
“Total victory for the monopoly is not over economics or politics. It’s over assumptions, ideas and possible futures. Because when that happens, Big Tech won’t need to lobby or buy out competitors. They will have so insinuated themselves in our lives and minds, that we won’t be able to imagine a world without them.”
- Here’s the real danger that Facebook, Google and the other tech monopolies pose to our society | TED
Gooder Writing
I’ve been an advocate for security professionals to invest time into honing their communication skills. Be that presentations, writing, or general communications...
So, I liked Lenny Zeltser’s post which has some nice tips on becoming a better technical writer.
- How to Become a Better Technical Writer | Zelster.com
US extradites Romanian Hackers
“A pair of Romanian men face charges in the US after netting $18 million in a vishing and smishing scheme targeting US citizens. Teodor Laurentiu Costea and Robert Codrut Dumitrescu have been extradited from Romania to the US and have been charged with wire fraud conspiracy, wire fraud, computer fraud and abuse, and aggravated identity theft.”
- US Extradites Romanian Hackers Charged with Vishing, Smishing | Dark Reading
- Romanian hackers extradited to U.S. over $18m vishing scam | Threat Post
All these vulnerabilities, rarely matter
“The most interesting and unexplored question to me these days is NOT the sheer size of the vulnerability problem, or why so many issue remain unresolved, but instead figuring out why all those ‘serious’ website vulnerabilities are NOT exploited.”
- All these vulnerabilities, rarely matter | Jeramiah Grossman
+ A Week of Web Application Hacks and Vulnerabilities | Contrast Security
Digital Dumping Grounds
Sneaking in a bit of self-promotion here by sharing one of my own opinion articles on Infosecurity magazine on preventing the cloud from becoming a digital dumping ground.
- Preventing the Cloud from Becoming a Digital Dumping Ground | Infosecurity Magazine
Patch it yourself
A large number of South Korean-produced Dasan routers were suffering from a bunch of zero-day vulnerabilities.
Researchers became impatient waiting for the manufacturer to release a patch, so they made an unofficial patch themselves.
- Unofficial Patch Released for Zero-Days Affecting Dasan Routers | Security Week
Putting CISSP into perspective
Security certifications are often a hot topic of debate. In particular, CISSP, one of the most popular of security certs gets a lot of unfair criticism in my opinion.
Paco Hope has a lot of experience with them, and shares his perspective.
- And I’m still here kicking down doors yelling “Freeze! CISSP” | YouTube
Build security into software up front
“You can pay me now, or you can pay me later” was the tagline of a 1981 ad promoting oil filters.
Seems simple, but the implied message was much stronger: It wasn’t about paying the same amount now or later. It was about paying a little now for an oil change or vastly more for an engine rebuild later—which made the choice pretty much a no-brainer.