Week in Review 11th August 2017

August 11, 2017  |  Javvad Malik

It’s felt like a comparatively slow week for information security. Maybe it’s just because I’ve had my head down busy working, or maybe it’s the unusually wet August in good old London.

But, just because there may have been fewer stories to hit the news, it doesn’t mean they are any less interesting. As usual, the best ones that caught my attention have been curated with love, care, and cynical commentary. (bonus points for tweeting @AlienVault which rock band inspired todays titles).

Gimme (UK critical infrastructure) Shelter

The UK government has announced that businesses providing essential services like energy and transport could be fined as much as £17m or 4% of global turnover for failing to have effective security measures in place.

I blame GDPR for popularising the penalty of x% of global turnover. Maybe this is the regulators version of speaking softly and carrying a big stick.

Satisfaction

There’s something quite satisfying when you stumble upon a nice repository of data. Which is exactly what happened when I followed a tweet from Hack with GitHub to the appropriately named, awesome hacking GitHub repository. I found some nice tools – and clearly a lot of effort has gone into organising them all. Have a browse.

All Sold Out

An interesting read from an ex-NSA employee turned whistleblower William Binney, on how the NSA tracks you.

While all this data isn’t helping to stop attacks, having all the data gives the intelligence community the “power to manipulate anyone they want.” It’s like “J. Edgar Hoover on super steroids” — all the collected data gives intelligence agencies the means to target anyone. Then parallel construction is used after the fact to go back and build a separate basis for an investigation to cover up the fact that the data was obtained unconstitutionally.

Read the full article on CSOOnline

Good times, Bad times

As a security researcher, getting accepted and speaking at DEF CON is a pretty big deal. As one of the largest security conferences in the world, the opportunity to present to your peers, the media, and in effect, the world is cool.

However, two Salesforce security engineers, Josh Schwartz and John Cramb found themselves in a bit of a bittersweet situation as their employer texted them half an hour before their talk, that if the presentation went ahead, they would be fired.

Apparently, the two researchers didn’t see the text, gave their talk, and shortly after giving their talk were informed they were no longer in employment.

It’s a shame when security researchers are gagged from sharing their experiences, tools, and ideas. It’s even worse when they lose their job over it.

However, I get the feeling they won’t be out of a job for very long.

You can make it if you try

Illinois has signed a new legislation requiring that all state employees receive cybersecurity awareness training; becoming the 15th state requiring such training.

With attacks on the rise and no signs of slowing down, this sounds like a good initiative. The trick in awareness training though, is to make it relevant, engaging, and repetitive.

Illinois to require cybersecurity training for all state employees

Around and around

The threat of possible cyberwarfare attacks against ships sea is prompting the return of navigators using radio navigation technology like Loran, as opposed to modern GPS (Global Positioning System).

On one hand it’s good to see security actually being taken seriously and prioritised over convenience. On the other hand, it is a sobering reminder as to the inadequacy of protective security controls.

Next up, accountant buys an abacus, and eBay sets up a stall at the local Sunday market.

Get out of my clouds

The US military has reportedly banned the use of DJI drones, citing ‘cyber vulnerabilities. There aren’t that many details around what the vulnerabilities are, or it could be an inherent mistrust of the Chinese-made drones.

I hope my DJI drone isn’t spying on me and my holiday ‘dronies’!

Share this with others

Get price Free trial