The purpose of ransomware
Although monetary gain is the ultimate goal for most cyber criminals, there are multiple scenarios that are possible.
In this post, Bart goes over such tactics as:
- Deployed as ransomware, extortion;
- Deployed as smokescreen;
- Deployed to cause frustration;
- Deployed out of frustration;
- Deployed as a cover-up;
- Deployed as a penetration test or user awareness training;
- Deployed as a means of disruption and/or destruction.
On The (Perceived) Value of EV Certs, Commercial CAs, Phishing and Let's Encrypt
When Troy Hunt tackles an issue, you’re pretty much guaranteed an in-depth view, and he doesn’t disappoint with his post on Extended Validation (EV) certs, commercial certificate authorities, and let’s encrypt.
- Life is about to get a whole lot harder for websites without HTTPS
- Let’s encrypt with DNS Round Robin
- How to revoke a Let’s Encrypt certificate
Securing an Amazon S3 Bucket
There have been several so-called breaches involving AWS S3 servers. However, the common element in all of these stories has been user error. It’s been the users that have been making the data public, then scratching their heads wondering what went wrong when millions of records were viewable by anyone with an internet connection.
Mark Nunnikhoven has written a great easy guide on how to secure an Amazon S3 bucket.
Steal millions in ether with one simple trick
Someone tricked would be investors during an ethereum ICO into sending their cryptocurrency to the wrong address. Ether is a popular cryptocurrency alternative to Bitcoin.
It’s not entirely surprising though, given the rapid rise in popularity of cryptocurrency, companies are jumping on the bandwagon – prioritising speed over security. With an estimated market value of $100bn in a completely unregulated environment – we’ll likely see more of these occurences.
Burglary in mind? Easy, just pwn the home alarm
IoT and smart devices are the slow-heating pan, and consumers are the frogs, oblivious to the change in temperature.
Despite many high profile breaches involving so-called smart devices, it doesn’t appear as if manufacturers are improving the security of the devices.
Archimedes once said, “give me a lever long enough and a fulcrum on which to place it, and I will move the world”.
If he was alive today, he’d probably say, “give me enough smart devices and a reliable internet connection, and I will hack the world.”
Data protection down under
The Australian government is going through the same debates many other countries are having as to how to obtain access to user data from technology companies. Earlier this year Australia passed a metadata retention law that requires ISPs to keep records of IPs, phone, SMS, and email use.
There are a lot of details around it, so fortunately Patrick Gray has done us all a favour and summed up many of the key points on both sides, No encryption was harmed in the making of this intercept.
The GDPR tweetchat
Still confused about GDPR? We hosted a tweetchat on the topic and had some wonderful discussions that clarified many aspects.