Tuesday Sweep: 4 April 2017

Where do you scan for news? I keep an eye out for recent exploits and breaches that have come to light, new tools, interesting idea’s, etc.

Only 6 topics this week:

Hack-a-Day won April Fools as far as I’m concerned, although the EFF newsletter is a strong runner up.
Brilliant idea of the week! Everyone should encrypt their email by knitting their messages into scarves and sending them via snail mail. Kniterate, a digital knitting machine based on OpenKnit, is the project to make it happen. Whose with me? Anyone anyone? Well, the Kickstarter is cool.
You know what’s better than this weekly post? SANS newsletters. The @Risk one last week highlighted the same Ars Technica article on Symantec that I picked out, so I might be a bit biased. However, for those of you trying to come up with a good recommendation for those who aren’t so tech savvy “OUCH” their newsletter for the common-user might be just the ticket.
Issue of the week: Symantec’s Stamp Tramp behavior for issuing https certificates makes them a persona non-gratta with private researchers and Google via Ars Technica (not for the first time)
Fresh off the Press from Krebs on Security: The Taylor Huddleston story. When is a software programmer criminally liable for the behavior of their users?
In the don’t freak out, but appreciate how clever the monkeys are category of exploits – Using sound to hijack devices with accelerometers is insane, clever, and how can this be a burning man art project this year???
Who knew? The cryptography literature has an extended universe with recurring characters and everything. I’m totally charmed.

What’s are the frictions keeping you from doing “what’s right”? Regret is only useful if it leads to a plan on how to improve.

This list will be getting longer, but lets keep it simple while folks are still setting up.

Updated software recently? Pick a new device to check on today.
Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
Reduce your attack surface: Delete a low quality app from your phone. Delete an account.
Add a password to your password manager… and delete it from everywhere else.
Anywhere you could add two factor authentication?
Double check privacy settings on your phone, social media accounts.

We’ve covered so much so fast. You’re not behind, you’re just where you are. Pick something to do.

If you’re having trouble with all the set up, the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
Review the list of OneThing articles so far and pick one to catch up on.

We are a community. You are a welcome part of it.