Things I Hearted this Week, 11th May 2018

May 11, 2018  |  Javvad Malik

Growing up in London, I don’t think we ever got Mister Rogers on TV. With the new movie coming out on his life, there have been many articles and columns discussing him. An interesting fact I came across was that Mister Rogers always mentioned out loud that he was feeding his fish because a blind viewer once asked him to do so. She wanted to know the fish were OK.

First I thought it’s a lovely gesture. But then I started wondering about system designs and notifications, particularly in security operations. The mentioning out loud that the fish is being fed is akin to the tuning of a SIEM so that a user receives alerts and gains visibility into the things that matter to them the most.

So, thought of the day is, if you’re Mister Rogers, what is the fish in your organization? And how will you let your execs (viewers) know that you are feeding it?

World Password Day

Last Thursday was world password day. Usually, it’s a day where people throw out reminds that one should use a strong password, and some marketing departments like Nutella offer up some truly bad advice.

But Twitter took world password day to a whole new level, by advising all of its 330 million users (or 100m users and 230m bots) to change passwords after it was found they were lying around in plaintext.

The real digital danger

“Total victory for the monopoly is not over economics or politics. It’s over assumptions, ideas and possible futures. Because when that happens, Big Tech won’t need to lobby or buy out competitors. They will have so insinuated themselves in our lives and minds, that we won’t be able to imagine a world without them.”

Gooder Writing

I’ve been an advocate for security professionals to invest time into honing their communication skills. Be that presentations, writing, or general communications...

So, I liked Lenny Zeltser’s post which has some nice tips on becoming a better technical writer.

US extradites Romanian Hackers

“A pair of Romanian men face charges in the US after netting $18 million in a vishing and smishing scheme targeting US citizens. Teodor Laurentiu Costea and Robert Codrut Dumitrescu have been extradited from Romania to the US and have been charged with wire fraud conspiracy, wire fraud, computer fraud and abuse, and aggravated identity theft.”

All these vulnerabilities, rarely matter

“The most interesting and unexplored question to me these days is NOT the sheer size of the vulnerability problem, or why so many issue remain unresolved, but instead figuring out why all those ‘serious’ website vulnerabilities are NOT exploited.”

+ A Week of Web Application Hacks and Vulnerabilities | Contrast Security

Digital Dumping Grounds

Sneaking in a bit of self-promotion here by sharing one of my own opinion articles on Infosecurity magazine on preventing the cloud from becoming a digital dumping ground.

Patch it yourself

A large number of South Korean-produced Dasan routers were suffering from a bunch of zero-day vulnerabilities.

Researchers became impatient waiting for the manufacturer to release a patch, so they made an unofficial patch themselves.

Putting CISSP into perspective

Security certifications are often a hot topic of debate. In particular, CISSP, one of the most popular of security certs gets a lot of unfair criticism in my opinion.

Paco Hope has a lot of experience with them, and shares his perspective.

  • And I’m still here kicking down doors yelling “Freeze! CISSP” | YouTube

Build security into software up front

“You can pay me now, or you can pay me later” was the tagline of a 1981 ad promoting oil filters.

Seems simple, but the implied message was much stronger: It wasn’t about paying the same amount now or later. It was about paying a little now for an oil change or vastly more for an engine rebuild later—which made the choice pretty much a no-brainer.

Share this with others

Get price Free trial