Here's an idea.
Have convicts in prison manually mine cryptocurrencies.
Call it, <wait for it> the blockchain gang!
Thank you very much, I'll be here all week.
Now on to the serious stuff.
10 THINGS TO KNOW BEFORE GETTING INTO CYBERSECURITY
You may know Kevin Beaumont as @GossiTheDog on twitter. He won the 2018 EU blogger awards for best tweeter. But apparently, he's a man of more talents than just twits, he also blogs, and has put together a good list of 10 things you should know if you're considering getting into cybersecurity.
- 10 things to know before getting into cyber security| Double Pulsar
Related, if you're looking to break into security, then you'll want to know which locations offer the best salaries (US-based).
HACKERS WILL GET HACKED
Of course we trust the Government to maintain backdoors and hacking tools... they're the Government. I, for one, am shocked that gambling takes place in this casino.
From Cellebrite, to Shadow Brokers, to the CIA dump, so many recent data breaches have shown there is a real risk of exposure to government hacking tools.
- Your Government's Hacking Tools Are Not Safe | Motherboard
In related news, NSO sells its potent iPhone malware to governments, including Mexico and the United Arabs Emirates. But according to a newly released indictment, a disgruntled employee stole the company's code and tried to sell it for $50 million worth of cryptocurrency.
IT IS COMING HOME
While the tide of outsourcing seems to be on the rise, does BP represent an undercurrent of some companies wanting to get their arms around exactly what they have, why they have it, and who manages it?
BP is looking to bring the majority of its IT back in-house as part of a wider modernisation programme across the entire energy group, which comprises of a massive 74,000 employees.
Speaking at the London leg of AppDynamic’s World Tour, Andy Sturrock, head of modernise IT transformation at BP, admitted that the energy company had been too reliant on outsourcing in the past.
“We looked at ourselves and realised that we had become an IT organisation which didn’t really do IT, we facilitated other companies doing IT to us," he said. "So we wanted to get back to us being an IT organisation and developing our own capability again."
DECENTRALISING THE INTERNET
No, this isn't a story plot out of the show Silicon Valley - Fixing the internet can look like mission impossible, even in the West. A Jeffersonian reform in the form of Web 3.0 appears a long way off, and its regulatory equivalent, a vigorous antitrust policy, does not look much more promising. Online, humanity seems bound to sink ever deeper into a Hamiltonian hole. But such an outcome is not inevitable.
BYPASSING WEB-APPLICATION FIREWALLS BY ABUSING SSL/TLS
A nice write up - I enjoy and am appreciative of when people take the time to go through how they do what they do.
"I was given access to the WAF for different tests and apart from other methods I found to bypass it, an interesting one was by abusing SSL Ciphers. The first time I logged in the WAF the Unsupported SSL Ciphers alert caught my eye really quick. Once I saw the alert description I started digging more in the documentation of the product and managed to find all the supported SSL ciphers."
POLISH CHARITY GETS HUGE PHONE BILL THANKS TO STORK
From the category of, "My threat model is not your threat model" we have this story whereby a Polish charity will have to pay 2,700 Polish zloty because someone stole the tracker from a stork it was tracking, and used the SIM card to rack up hours of phone calls.
According to official broadcaster Radio Poland, the environmental EcoLogic Group placed a tracker on the back of a white stork last year to track the bird's migratory habits.
It travelled some 3,700 miles (6,000kms), and was traced to the Blue Nile Valley in eastern Sudan before the charity lost contact.
EcoLogic told the Super Express newspaper that somebody found the tracker in Sudan, removed the sim card and put it in their own phone, where they then racked up 20 hours' worth of phone calls.
HOW A DORM ROOM MINECRAFT SCAM BROUGHT DOWN THE INTERNET
THE MOST DRAMATIC cybersecurity story of 2016 came to a quiet conclusion Friday in an Anchorage courtroom, as three young American computer savants pleaded guilty to masterminding an unprecedented botnet—powered by unsecured internet-of-things devices like security cameras and wireless routers—that unleashed sweeping attacks on key internet services around the globe last fall. What drove them wasn’t anarchist politics or shadowy ties to a nation-state. It was Minecraft.
A few other stories I enjoyed reading recently.
- Facebook patent would turn your mic on to analyze how you watch ads | Are technica
- Marketing firm Exactis leaked a personal info database with 340m records | Wired
- First-Ever Person Sentenced for Malicious Use of Coinhive Library | Bleeping Computer
- Gentoo hack caused by three rookie mistakes | The Register