Tuesday Sweep: 20 June 2017

Welcome to your weekly reminder to back up your data, update software and otherwise pay attention to your digital environment. (Oh, and to come to the CRASH Space meeting…)

Jump in Here

• Welcome. If you haven’t been following along, it’s okay. You’re not behind, you’re just where you are.
• I highly recommend the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
• Feeling more ambitious? Review the list of OneThing articles and pick one to catch up on.

Sweep

The basics.

• Updated software recently? Pick a new device to check on today.
• Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
• Reduce your attack surface: Delete a low quality app from your phone or delete an account that you don’t need that doesn’t make you happy. Digital cruft builds up. Delete it.
• Anywhere you could add two factor authentication? While you’re at it, move the password to your password manager… and delete it from everywhere else.
• Double check privacy settings on your phone, social media accounts. The folks running the companies can change the TOS and add “features” before you notice them.

Weekly Round Up

Where do you scan for news?

• To beat the heat, get your browser ready at 9AM this Thursday to buy the Museum of Ice Cream extended run. According to LAist tickets for the last extension sold out in 24hours.
• I feel bad about going to websites I like with my blockers going full blast. And when those site turn around and block me, I respect that. I even buy subscriptions. Every time I’m prepared to lighten up I read an article like the long read  “How a Company You’ve Never Heard of Sends You Letters about Your Medical Condition” (Install Privacy Badger (ad blocker survey), use a search engine that respects your privacy)
• Shout out to LA Denizen Ben Esposito made Ars Technica’s top 10 list from E3 for Donut County. You may have seen a short walk through in a 2015 video posted by South Korean experimental game festival Out of Index. (Polygon 2017 E3 review by @doomquasar)
• TIL: There is an Internet of Ships.
• If you care about this security stuff and aren’t subscribed to SANS Newsbites, you should be. Imagine a Tuesday Sweep, but written by folks who have experience and are paid to think about this stuff all week.  An excerpt (below) from this week newsletter ties us into our weekly proof that regular updates matter. (Don’t forget to check your ChromeBook hacks…)
• Also worth noting from the SANS Newsbites, Deep Root Analytics, hired by the RNC, stored data on 198 million Americans an Amazon S3 server wide open and flapping in the breeze. Wired says it best: “Think of it as leaving your valuables in a high-end safe with the door propped open.” Before I let my smugness carry me too far… I’m just going to leave these here for all of us. Anyone can be defeated by the lack of check list.
  • Secure Coding Guidelines
  • From the mouth of the Amazon – AWS Security Best Practices 2016 White Paper, SlideShare and Security Hub
  • And for those who like paper: Identity and Data Security for Web Development: Best Practices 1st (2016) Edition

Excerpt from SANS Newsletter:

Stack Clash Vulnerability

(June 19, 2017)

A memory management vulnerability affecting a number of open source operating systems (OSes), including Linux, OpenBSD, NetBSDm FreeBSD, and, and amd64, could be exploited to corrupt memory and allow arbitrary code execution. Dubbed Stack Clash, the flaw was discovered by researchers at Qualys. Patches for seven known affected OSes have been released and users are urged to upgrade as soon as possible. Other OSes may be affected as well.

Read more in:

– https://threatpost.com: Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access
– https://arstechnica.com: Serious privilege escalation bug in Unix OSes imperils servers everywhere

– https://www.scmagazine.com: Stack Clash exploits spotted in Linux, OpenBSD, NetBSD, FreeBSD and Solaris
– https://blog.qualys.com: The Stack Clash

Reflect

Feeling dumb or stupid about how not-l33t you are? Angsting over some silly thing you “know better than to do.” Stop. That isn’t useful. Regret is only of use if it prompts an actual change in behavior. Maybe it’s NOT you that sucks. Could be it’s the technology and you could come up with a fix that would help lots of people. Look forward and make a plan.

Engage

We are a community. You are a welcome part of it.

•  Did you learn something cool in your sweep? Make something? Share it!
• Speak up
• Give
• Show up at CRASH Space tonight!