Another week and social media giants Facebook and Google are under scrutiny by all and sundry as to the information they gather and the privacy implications. I know that something is big when my Dad asked me about the whole debacle over dinner this week – and he doesn’t even use, or fully understand Facebook.
Many years ago, my Dad used to run his own magazine, and so understands media and advertising very well. It made for interesting conversation as I explained how online ads are not static like he’s used to – but rather everything is a big information engine, designed to ingest information about you, and then push back tailored content designed to meet your needs. I was half-thinking he’d agree that it was a great innovation. But alas, he defaulted to his standard position that people have entrusted too many critical decisions to computers and nothing good will come of it.
He probably has a point.
The world seems upset at Facebook, to the point that the #DeleteFacebook campaign has been picking up momentum. But is it a genuine movement or a bandwagon that opportunists are taking advantage of?
Socialsafeguard took a look at the hashtag, where it’s trending, and the dollar value a user has for Facebook
- #DeleteFacebook – what it means for social media security | Social Safeguard
- Force Multipliers, Facebook and PR – How to influence everything | Mulley Communications
- What the Cambridge Analytica scandal means for big data | Information Age
- Mozilla’s new Firefox extension keeps your Facebook data isolated to the social network itself | Techcrunch
But what if my password manager gets hacked?
Sometimes, the proverbial “WHAT IF IT GETS HACKED?!” question isn’t a question at all, it’s a “Gotcha!” question/comment or attempt to get under my skin with a tired, washed out and predictable argument that I’ve heard about a million times before. Other times, though, especially with non-experts, it’s a legitimate, serious question that doesn’t have an easy “yes or no” answer.
- But what if my password manager gets hacked? | Jessysaurusrex
Cyber, the short version
The man known as TheGrugq recently gave a keynote on cyber conflict, but was kind enough to extract the essence in this post
- Cyber, the short version | The Grugq, Medium
Find bugs and chill
Online video streaming company Netflix seems to be one of those companies that always seems to find its way into the technology news for the right reasons. It ran a private vulnerability disclosure program over the past five years, resulting in 190 issues being addressed. But now its opening its door to public bug bounty program through Bugcrowd.
- Launching the Netflix Public Bug Bounty Program | Netflix, Medium
- Netflix bug bounty program | Bugcrowd
There are many different types of scammers that operate on the internet. Security scammers approach website owners with claims that their website is infected or vulnerable and offer to fix the issues for a fee. However, would-be scammers should do their homework and not try to scam Troy Hunt, aka the Crocodile Dundee of IT Security.
What ensued what a humorous exchange.
- A Scammer Tried to Scare Me into Buying Their Security Services - Here's How It Went Down | Troy Hunt
Who and what is Coinhive?
Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices. This post looks at how Coinhive vaulted to the top of the threat list less than a year after its debut, and explores clues about the possible identities of the individuals behind the service.
- Who and what is Coinhive? | KrebsOnSecurity
But it seems that not everyone was pleased with the Krebs article, and retaliated, in a very unique way.
- Angry Users Donate $120K to Cancer Research After Brian Krebs' Coinhive Article | Bleeping Computer
Investigating lateral movement paths with ATA
Even when you do your best to protect your sensitive users, and your admins have complex passwords that they change frequently, their machines are hardened, and their data is stored securely, attackers can still use lateral movement paths to access sensitive accounts. In lateral movement attacks, the attacker takes advantage of instances when sensitive users log into a machine where a non-sensitive user has local rights. Attackers can then move laterally, accessing the less sensitive user and then moving across the computer to gain credentials for the sensitive user.
- Investigating lateral movement paths with ATA | Microsoft