Things I Hearted this Week – 19th Jan 2018

January 19, 2018  |  Javvad Malik

Happy Friday wonderful people. It’s been a busy week in infosec with a flurry of activity, so let’s jump right in.

The 100 Billion Dollar Infosec Question

If someone gave you 100 billion dollars to improve information security, how would you spend it?

No, seriously, please. Give it some thought.

This question spurred Dan Klinedist to pen his thoughts in a thought-provoking post that will probably leave you with more questions than answers.

Putting the bug in bounty

I’m a big fan of bug bounties, I think that they have a lot of benefits. But, as with any emerging service, there will be issues. One of them is differentiating between Bug Bounty and Security Consulting or Testing. And that can cause some problems, which are very well articulated by John Carroll.

Mirai Okiru botnet targets ARC-based IoT devices

For those of you who don't know, ARC (Argonaut RISC Core) processors are the second most widely used processors in the world and can be found in all manner of unassuming connected devices, from car tech to storage, home and mobile devices.

The new Mirai botnet, known as Mirai Okiru, is going after them with the aim knock them offline with distributed denial of service (DDoS) attacks.

Mental Models & Security: Thinking Like a Hacker

Is it weird that I’m including one of my own articles from this week? Is that the equivalent of someone liking their own facebook posts?

I’ve been reading up on mental models lately a lot and thought a lot could be applied to security, or as is often said, to think like a hacker. I listed seven of my favourite models in this Dark Reading contributed article.

LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials

Canadian authorities have arrested and charged an Ontario man for operating a website that collected 'stolen' personal identity records and credentials from some three billion online accounts and sold them for profit.

According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com—a major repository that compiled public data breaches and sold access to the data, including plaintext passwords.

What exploits are prevalent in the wild?

I contributed to my colleague Chris Doman’s blog which is the first of a three part series where we took a look at telemetry gathered from our customers, and from other security vendor reports.

In this first part, we looked at which exploits attackers are using the most in the wild.

How a tiny dot lets criminals impersonate most banks online

“A small, rarely used special character is potentially helping criminals trick people into falling prey to all sorts of online scams, and businesses -- including some of the world's leading media companies and financial institutions -- appear to be woefully unprepared.”

Some good observations and recommendations by Joseph Steinberg on the use of Latin characters to create hard-to-spot phishing sites.

Ex-employee destroys and corrupts data

Edward Soybel, a former contractor for W.W. Grainger, Inc. maintained the computer servers for Grainger’s network of industrial vending machines from November 2014 through February 2016, when his services were terminated. Upon termination, Soybel, lost his trusted insider status — and his access to those Grainger servers.

That didn't stop him from getting back in, though.

Soybel successfully hacked into the Grainger servers in July 2016 and gained unfettered access to the Grainger inventory management program that supports some 18,000 customers throughout the U.S. and intentionally damaged the data within.

The impromptu Slack war room where ‘Net companies unite to fight Spectre-Meltdown

When Spectre and Meltdown hit, it was a surprise for anyone that wasn’t a Tier1 company.

It was a full-on panic for most companies, so, to overcome the chaos, these companies did something kind of novel: they decided to work side by side. A group of second-tier service providers banded together to formally share information about patches from various vendors, metrics on their impact, and best practices for rolling them out.

For many companies, security is a non (or mildly) competitive area. Incidents like this showcase the importance of collaboration and sharing to help one and other get better.

Share this with others

Featured resources



2024 Futures Report

Get price Free trial