The Actuator - January 29th

This week's Actuator comes to you from the suddenly mild January here in the Northeast. I'm taking advantage of the warm and dry days up here, spending time walking outdoors. Being outdoors is far better than the treadmill at the gym.

As always, here's a bunch of links from the internet I hope you will find useful. Enjoy!

Jeff Bezos hack: Amazon boss's phone 'hacked by Saudi crown prince'

I don't know where to begin. Maybe we can start with the idea that Bezos uses WhatsApp, an app known to be unsecured and owned by the unsecured Facebook. I'm starting to think he built a trillion-dollar company by accident, not because he's smart.

New Ransomware Process Leverages Native Windows Features

This is notable, but not new. Ransomware often uses resources available on the machine to do damage. For example, VB macros embedded in spreadsheets. I don't blame Microsoft for saying they won't provide security service for this, but it would be nice if they could hint at finding ways to identify and halt malicious activity.

London facial recognition: Metropolitan police announces new deployment of cameras

Last week the EU was talking about a five-year ban on facial recognition technology. Naturally, the U.K. decides to double down on their use of that same tech. I can't help but draw the conclusion this shows the deep divide between the U.K. and the EU.

Security Is an Availability Problem

I'm not certain, but I suspect many business decision-makers tend to think "that can't happen to us," and thus fail to plan for the day when it does happen to them.

Apple's dedication to 'a diversity of dongles' is polluting the planet

Words will never express my frustration with Apple for the "innovation" of removing a headphone jack and forcing me to buy additional hardware to continue to use my existing accessories.

Webex flaw allowed anyone to join private online meetings - no password required

The last thing I'm doing during the day is trying to join *more* meetings.

Play Dungeons & Deadlines

You might want to set aside some time for this one.

Walking through Forest Park this past Sunday, after a rainstorm the day before and the temperature so perfect to catch the steam coming off the trees.

pastedImage_0.png

Anonymous
  • A new attack vector these days is to use an email address to send a link to a pdf on a google drive to your phone via SMS. 

    Being it may appear to be a name instead of a phone number some may open it and click the link without being suspicious.

    Being it came from an email address your phone can't block it as it can a number.  Makes it easy to

    Stay diligent folks....

  • Regarding Dungeons and Deadlines, my company's security filter denied me access to that site because it is a gaming site.  I'm OK with that.

  • While I can understand someone's desire to eavesdrop on a meeting to which they were not invited, I have better things to do with my time.  And better integrity and morals and honor than to try it.

  • Saying security is an availability problem doesn't seem to shine the spotlight where it belong, IMHO.  OK, if someone hacks a web site and the site becomes unavailable, that's a symptom of a security problem.

    It might also be thought of a problem with availability of security, budget to install and promote and test security, and with education about secure practices.

    But calling it an availability problem just doesn't sit right with me. Was the site's security unavailable?  Probably not; it was possibly available and present, but insufficient to the need, one way or another. 

    Maybe we should think of security as an availability problem with regards to integrity and morals and honor.  If one or more of those is missing in a person or a group or a company or a nation, well, you have a recipe for bad behavior.  So the problem is that bad behavior and opportunities for it to hurt others are excessively available, while good security coming from good behavior/morals/integrity/honesty are NOT available.  At least, not available in the quantities and locations required for good security.

    Yeah, this is all semantics.  I don't think one can call security an availability issue.