Things I Hearted this Week, 3rd Aug 2018

0
[ This article was originally published here ]

It’s August already. The kids are off on their summer vacations telling me how bored they are every 5 minutes, and the annual security gathering in Las Vegas of Blackhat, Defcon, and BsidesLV is all but upon us.

There will be no recap next week because I’ll probably be getting ready to fly home – but normal service should resume the following week.

The Red Pill of Resilience in InfoSec

Another insightful write up by Kelly Shortridge, which happens to be the full text of her keynote on resilience. It touches on, and expands many concepts to uncover what it really means to be resilient in infosec, and what the industry can do.

VDBIR Data

The Verizon Data Breach Report has become the staple go-to report for security professionals wanting to understand the breach landscape. But a once-a-year report is usually too long for most of us to wait to see what’s new.

So the good folk have created an interactive portal where you can explore the most common DBIR patterns.

Reddit Breached

Reddit disclosed a breach and say they’re still investigating. It appears that the attacker was able to bypass SMS-based two-factor (two-step) authentication.

It’s worth revisiting this blog by Paul Moore on the difference between two-factor and two-step authentication.

Alex Stamos off to Academia

Facebook chief security officer Alex Stamos is leaving the social network to work on information warfare at Stanford University. The social network has not named any replacement.

CISCO + DUO = DISCO!

Cisco has announced it will be acquiring DUO Security for $2.35bn in cash it found lying behind the sofa.

Farcial Recognition

Amazon’s face surveillance technology is the target of growing opposition nationwide, and today, there are 28 more causes for concern. In a test the ACLU recently conducted of the facial recognition tool, called “Rekognition,” the software incorrectly matched 28 members of Congress, identifying them as other people who have been arrested for a crime.

Secure Design

Part 3 of an ongoing series of articles by Tanya Janca on secure system development lifecycle. Worth reading all parts with fun titbits such as, Threat modelling (affectionately known as ‘evil brainstorming’)

Randomness

Other stories from broader tech and beyond that I enjoyed reading this week