The Actuator - December 4th

Good morning! By the time you read this post, the first full day of Black Hat in London will be complete. I share this with you because I'm in London! I haven't been here in over three years, but it feels as if I never left. I'm heading to watch Arsenal play tomorrow night, come on you gunners!

As always, here's a bunch of links I hope you find interesting. Cheers!

Hacker’s paradise: Louisiana’s ransomware disaster far from over

The scary part is that the State of Louisiana was more prepared than 90% of other government agencies (HELLO BALTIMORE!), just something to think about as ransomware intensifies.

How to recognize AI snake oil

Slides from a presentation I wish I'd created.

Now even the FBI is warning about your smart TV’s security

Better late than never, I suppose. But yeah, your TV is one of many security holes found in your home. Take the time to help family and friends understand the risks.

A Billion People’s Data Left Unprotected on Google Cloud Server

To be fair, it was data curated from websites. In other words, no secrets were exposed. It was an aggregated list of information about people. So, the real questions should now focus on who created such a list, and why.

Victims lose $4.4B to cryptocurrency crime in first 9 months of 2019

Crypto remains a scam, offering an easy way for you to lose real money.

Why “Always use UTC” is bad advice

Time zones remain hard.

You Should Know These Industry Secrets

Saw this thread in the past week and many of the answers surprised me. I thought you might enjoy them as well.

You never forget your new Jeep's first snow.

jeepsnow.jpg

Parents
  • I worked for a government agency in Washington when ILOVEYOU hit. Yes, I received an email from the governor saying he loves me.

    The state email team blocked access to the Exchange servers until they got a script in place to remove the attachment from any email with that worm. But, before doing so, one supervisor I worked with violated state IT policy by demanding subordinate passwords then again by logging into her workstation and opening her email program. When that subordinate returned from vacation, she asked us about the worm before starting her work for the day. Then she found the email, found the attachment, and opened it!

    Ever since then I've been convinced that such foolish actions need to become cause for termination, along with leaving your password on a Post-It next to your monitor. Such policies, along with user training regarding standards and policies, may significantly reduce the risk of ransomware in government and corporate environments. This would have saved Louisiana and Boston.

Comment
  • I worked for a government agency in Washington when ILOVEYOU hit. Yes, I received an email from the governor saying he loves me.

    The state email team blocked access to the Exchange servers until they got a script in place to remove the attachment from any email with that worm. But, before doing so, one supervisor I worked with violated state IT policy by demanding subordinate passwords then again by logging into her workstation and opening her email program. When that subordinate returned from vacation, she asked us about the worm before starting her work for the day. Then she found the email, found the attachment, and opened it!

    Ever since then I've been convinced that such foolish actions need to become cause for termination, along with leaving your password on a Post-It next to your monitor. Such policies, along with user training regarding standards and policies, may significantly reduce the risk of ransomware in government and corporate environments. This would have saved Louisiana and Boston.

Children
No Data
Thwack - Symbolize TM, R, and C