Tuesday Sweep: 11 April 2017
Weekly Round Up
Where do you scan for news? I keep an eye out for recent exploits and breaches that have come to light, new tools, interesting idea’s, etc.
Topics this week:
- The Huntington Library and Gardens in Pasadena has launched an exhibition on the life of Octavia Butler, a fine SoCal native SciFi author. It opened this past weekend and will stick around until August. Definitely worth a trip.
- Amazon 3rd party sellers have been hit by an attack where attackers are logging in and changing the seller’s bank deposit information to the attacker’s own using previously acquired credentials. Even if you don’t sell on Amazon, it’s a nice little reminder to use unique passwords for each site and keep them in a password manager.
- Thankfully DHS has dropped it’s request for information about a Twitter account that has been critical of the current president. (previous) Twitter can get its hooks into your data, so it takes exceeding care and diligence to create a twitter account that would be hard to trace. The care it takes reminds me of Lesley Carhart Is Digital Privacy a Privilege Of The Wealthy? Still a worthy read.
- If it bugs you that ISP privacy rules and net neutrality have been gutted… go visit your congress person. They should be in district for the next two weeks.
- So this phrase happened “vintage malicious code” (Wired, blocks ad-block warning). The article is a redux of this paper & presentaion on how a trick from the ’90s exploiting a backdoor in Linux, still in use. Watch the emo-techno-backed video with awesome graphics, some also from the 90s. So what does this mean for you 1) Update yo sh*t, yo. 2) Support the foundations that catch and patch security flaws in widely distributed libraries and core infrastructure with actual $$$.
- OWASP has a release candidate for its first updated best practices for app developers in 4 years. If 4 years seems like a long time between updates, OWASP agrees, it’s just that we also keep making the same mistakes in the same ways so a lot of it stays relevant.
Reflect
What’s are the frictions keeping you from doing “what’s right”? Regret is only useful if it leads to a plan on how to improve.
Sweep
This list will be getting longer, but lets keep it simple while folks are still setting up.
- Updated software recently? Pick a new device to check on today.
- Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
- Reduce your attack surface: Delete a low quality app from your phone. Delete an account.
- Add a password to your password manager… and delete it from everywhere else.
- Anywhere you could add two factor authentication?
- Double check privacy settings on your phone, social media accounts.
Continuing Set Up
We’ve covered so much so fast. You’re not behind, you’re just where you are. Pick something to do.
- If you’re having trouble with all the set up, the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
- Review the list of OneThing articles so far and pick one to catch up on.
Engage
We are a community. You are a welcome part of it.
