Tuesday Sweep: 16 May 2017
Weekly Round Up
Where do you scan for news?
- Ransomware provides a major motivation for keeping up with having a sweep. Having backed up data and systems repaired with the latest patches goes a long way to to prevent damage. I’ve enjoyed some of the instructive write ups of a RansomWare gone wrong this week, though. WannaCry or WannaCrypt, while destructive, seems to have been done by some folks with weak skills, enabled by tools written by the NSA. WCry may not have been the first to be based on those leaked tools, which is why some of us complain so hard when the government officials request back doors and the like. There is no such thing as a hacking tool that can only stay in government agency hands. I found the first person account from the researcher who thwarted the attack pretty instructive. If you’ve ever needed motivation to become a security researcher, how’s free pizza for a year?
- Op-ed: It’s time for Google to take responsibility for Android’s security updates. Yup. The developers should also read this review of an App called Privacy Assistant, that uses machine learning to help consumers get a better grip on what information the apps on there phone suck down in the background. Perhaps it ought to be baked in? Software CAN be better.
- If the world looks super stressful you out and you need to regress… how about making a animatronic lego sugar-skull while watching the Mr. Rogers Twitch Stream (all funds go to PBS, which is under attack) via Laughing Squid?
- While I disagree a bit about ternary operators (I like them, he doesn’t), I love Adam Fabio’s editorial on Hack-a-Day this week. The message? Don’t be a code tyrant be a mentor. It’s a value we hold dear here at CRASH Space. So, sorry WCry authors, we don’t mean to be nasty about how lame your malware was, but y’all, it WAS malware.
- The prescient book The Plot to Hack America demonstrates how some of the techniques we talk about in this series can be used not just to steal money from individuals but cause some serious cultural havoc. It’s work reading books like this because the best cybersecurity investment you can make is better training (via Jessey Irwin, she was the keynote at the ITWeb Security Summit today).
Sweep
This list will be getting longer, but lets keep it simple while folks are still setting up.
- Updated software recently? Pick a new device to check on today.
- Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
- Reduce your attack surface: Delete a low quality app from your phone. Delete an account.
- Add a password to your password manager… and delete it from everywhere else.
- Anywhere you could add two factor authentication?
- Double check privacy settings on your phone, social media accounts.
Reflect
What’s are the frictions keeping you from doing “what’s right”? Regret is only useful if it leads to a plan on how to improve.
Continuing Set Up
We’ve covered so much so fast. You’re not behind, you’re just where you are. Pick something to do.
- If you’re having trouble with all the set up, the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
- Review the list of OneThing articles so far and pick one to catch up on.
Engage
We are a community. You are a welcome part of it.
