Tuesday Sweep: 25 April 2017

Weekly Round Up

Where do you scan for news?

• Disney Land’s Space Mountain will be returned to it’s classic theme starting June 1 after doing some Star Wars Cos Play for the past couple of years. This year marks the ride’s 40th anniversary as well as the anniversary of Star Wars A New Hope coming up on May 25th.(via curbed)
• Call your congress people, notify the DHS – We must not require passwords at the border!
• When can you see “apple.com” in the URL bar of your browser and have it not be “apple.com”? When its some other crazy unicode URL that gets rendered as “apple.com” for …reasons? If you type the URL directly, there should be no problem. What I love about it, is this URL bar hijacking exploit provides a wonderful excuse to remind yourself or learn how a numeric based system like computers can display words and letters at all. Watch Computerphile’s “Characters, Symbols and the Unicode Miracle.”
• Carnegie Mellon University has released a comprehensive list of C++ secure-coding best practices. via Schneier
• For me, sustainable processes allow better long term planning and therefore security.  Right on time for Earth Day last week Apple announced its aim to develop a “closed loop supply chain” that uses no newly mined materials.  (also via Ars Technica.)
• I have no military background. I was unfamiliar until today with the phrase “kill chain,” which apparently simply means the chain of events that needs happen for a target to be destroyed. It’s a bit emo as a phrase, but it is useful as a concept. If you happen to be on defense, like any of us with computers on the internet are, your job is to disrupt that chain anywhere you can because destroying even just one link will wreck the plans of bad actors poking around on your network.  This phrase caught my eye was all tangled up with one of the buzz phrases I keep an eye out for, “Internet of Things,” in an article where author thinly rehashed a Lockheed Martin (now Leidos) white paper.  A better introduction would be the talk Marissa Kimball of Palantir gave at GovCon 2013: “Up Against APT: Dissecting the Kill Chain” which breaks this subject down well. This line of searching lead me also to thephrase “Anomaly Detection” and Elizabeth (Betsy) Nichols Ph.D. excellent “Anomaly Detection 101” talk as well.

Reflect

What’s are the frictions keeping you from doing “what’s right”? Regret is only useful if it leads to a plan on how to improve.

Sweep

This list will be getting longer, but lets keep it simple while folks are still setting up.

• Updated software recently? Pick a new device to check on today.
• Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
• Reduce your attack surface: Delete a low quality app from your phone. Delete an account.
• Add a password to your password manager… and delete it from everywhere else.
• Anywhere you could add two factor authentication?
• Double check privacy settings on your phone, social media accounts.

Continuing Set Up

We’ve covered so much so fast. You’re not behind, you’re just where you are. Pick something to do.

• If you’re having trouble with all the set up, the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
• Review the list of OneThing articles so far and pick one to catch up on.

Engage

We are a community. You are a welcome part of it.

• Speak up
• Give
• Show up at CRASH Space tonight!