Tuesday Sweep: Jan 24 2016
Reflect
What’s are the frictions keeping you from doing “what’s right”? Regret is only useful if it leads to a plan on how to improve.
Confessional: I posted pictures on a non-anonymous twitter account at a rally while I was there. Some would argue that this is a mistake. I say that if you’re a cis hetero white woman like me, it’s essential. White ladies get insidiously punished when we break the mold of the genteel, soft spoken, pleasant helpmate. But we can use that expectation to shield those that society implicitly labels as threatening and scary. If all the pleasant little white ladies are here, it must be the done thing. If this blondish, make-up wearing, pie-baking, hat-knitting, smiling married lady who’s never gotten more than a speeding ticket is worried about privacy and security, it must be normal. Just relax and go along, all you market-based, vote depending folks who get worried when someone mentions the H word. Here’s just a “normal person with legitimate concerns” by your own messed up definition. Sometimes refusing to take certain types of precautions, if you have the privilege, might be the protest. That’s what I went with. Your milage may vary.*
* this goes for putting yourself at risk, not others. If the information you’re handling isn’t yours, opting to not to take precautions is not your call.
Continuing Set Up
We’ve covered so much so fast. You’re not behind, you’re just where you are. Pick something to do.
- If you’re having trouble with all the set up, the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
- Review the list of OneThing articles so far and pick one to catch up on.
Sweep
This list will be getting longer, but lets keep it simple while folks are still setting up.
- Updated software recently? Pick a new device to check on today.
- Backups still up and running? When was the last time you made a clean disk image?
- Reduce your attack surface: Delete a low quality app from your phone. Delete an account.
- Double check privacy settings on your phone, social media accounts.
Learn
Where do you scan for news? I keep an eye out for recent exploits and breaches that have come to light, new tools, interesting idea’s, etc.
- ART: Christophe Bruno’s Adwords Happening via Glenn Zuckmann “we pay the least for what we value the most.”
- The single most important item on the Tuesday sweep list is UPDATE. Update. Update. Update. The Heartbleed bug is still active to the tune of 200,000 servers and devices. Is one of them yours?
- There is a Women in AppSec program from OWASP, which I bring up because AppSec Cali 2017 is happening now. Increasing women in STEM helps everyone.
- Mentioned in last week’s round up, the Guardian’s coverage of WhatsApp continues to be an issue. A growing list of who’s who in cryptography have signed a letter calling out the poorly researched article. Even the folks behind Signal came out against The Guardians coverage. The EFF has also weighed in.
- Related, apparently you can take steps to inoculate yourself slightly against fake news in the future by becoming aware that troll armies and bot nets exist and have been in your subreddit and twitter feeds. This seems related to the concept of having a threat model that doesn’t start and end with firewalls. Remember to inoculate against overblown terrorism coverage with some Schneier this week. In the mean time, I’m going to wonder who owns the giant twitter botnet that been lying dormant since 2013.
- In addition to Safe(r) Security, there is the google doc Introduction to Digital Security for Journalists by Martin Shelton (@mshelton), Matthew Mitchell (@geminiimatt), & Mike Tigas (@mtigas)
- Fascinating long read on tracking down the author of the Mirai Worm.
- Take it from Microsoft, New DOJ doesn’t respect privacy any more than old DOJ.
Engage
We are a community. You are a welcome part of it.
