Tuesday Sweep: 17 October 2017

Your weekly reminder to back up your data, update software and otherwise pay attention to your digital environment. (Oh, and to go to the CRASH Space meeting…)

Wow. After complaining about a lack of interesting last week, we got ourselves some pretty darn interesting news items to cover now! I can’t actually fit them all, but I did fit the one that came to my own personal emotional rescue!  Way to go global coalition of scientists for seriously leveling up our understanding of the universe! Again! It’s beautiful, and amazing and cannot be taken away. More in the Learn section…

Jump in Here

• Welcome. If you haven’t been following along, it’s okay. You’re not behind, you’re just where you are.
• I highly recommend the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
• Feeling more ambitious? Review the list of OneThing articles and pick one to catch up on.

Sweep

The basics.

• Updated software recently? Pick a new device to check on today.
• Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
• App and Password Gardening: Delete a low quality app from your phone or delete an account that you don’t need that doesn’t make you happy. Digital cruft builds up. Delete it. If you’re keeping it, can you move the password to your password manager (delete it from everywhere else) and add two factor authentication?
• Move to offline archive & delete your histories where you can find them.
• Double check privacy settings on your phone, social media accounts. The folks running the companies can change the TOS and add “features” before you notice them.
• Have you frozen your credit yet?

Learn

Where do you scan for news?

• What to know about the WPA2 vulnerabilities announced Monday or KRACK:
  • As an individual, don’t freak out. If you’ve been playing along here I’ve already likely already infected you with my reflex to treat any and all networks as hostile, anyway. (Device firewalls on, HTTPS everywhere, VPNs as necessary) And you’re already following the recommended advice, continuing to stay up to date on patches.  The biggest longer term concern doesn’t lie with laptops and phones, but with IoT devices that have no update path.
  • As an IT Admin for a company that depends on having the WiFi be a perfect walled garden? I’m so sorry. Perhaps look into using your company’s clout to put pressure on the IEEE to open their standards to researchers, or supporting alternate Open Standards.
  • As someone who wants to actually understand it? Many of the explanations are very acronym and jargon heavy, so my processes was to read Mathy Vanhoef’s website, watch some videos, then read Krackattack.com again.
    • Certified Wireless Network Professional YouTube Channel has some very helpful videos by Marcus Burton. They include one on WPA2 and on the 4-Way Handshake, the third step of which being the vulnerability.
    • Hot off the Press: Computerphile wades into fray
    • More information than you want to know right this second? Professor Messer has a CompTIA N10-006 Network+ Training Course  and a CompTIA SY0-401 Security+ Training Course  online, videos for free. From a retired course, but still useful the WEP, WPA, WPA2 video.
• Infineon “Trusted Platform Module” create a RSA key vulnerability. To be honest I haven’t spent enough time with this one yet but apparently not all keys are vulnerable. There is an initial post by researchers already available, with detection tools.  TPMs can be found in Acer, ASUS, Fujitsu, HP, Lenovo, LG, Samsung, Toshiba and Chromebook products.
  • What ArsTechnica says, What Threatpost says, what Schneier Says
  • What the heck is a coppersmith attack (It might help if you already understand Lattice Algorithms)???  The full paper will be released Nov. 2 at the ACM Conference on Computer and Communications Security. The good news, software patches will be possible.
  • The lecture on Side Channel Attacks from Computer Systems Security MIT Opencourseware might be relevant for just understanding RSA in general.
• The Cyber Security Economics course via EdX sounds really interesting via @jessysaurusrex
• Wanna freak yourself out about how much your mobile phone telco’s is selling you out? It’s crazy town. Can be circumvented with a VPN.
• <data&politics>I’ve got good news (California) and bad news (National)…</data&politics>
• I am not advocating defacing US currency.
• LASERS & PHYSICS & SPACE!!! I’m glued to @AstroKatie‘s twitter feed. #GW170817
  • What is LIGO? Why is it insane that it works?
  • Wait gravity waves?? Why do we care?
  • Some highlights from Monday’s announcement about a new gravity wave event detected at the same time as that event’s electromagnetic radiation reached Earth??
    • 1) No more doubt.
    • 2) It helps verify where certain heavy elements come from, including gold (one of the most conductive, not just a sparkly pretty face)
    • 3) Confirmation that gravity waves and electromagnetic radiation travel at the same speed
    • 4) Confirms estimates about the age of the Universe…

Reflect

Feeling dumb or stupid about how not-l33t you are? Angsting over some silly thing you “know better than to do.” Stop. That isn’t useful. Regret is only of use if it prompts an actual change in behavior. Maybe it’s NOT you that sucks. Could be it’s the technology and you could come up with a fix that would help lots of people. Look forward and make a plan.

Engage

We are a community. You are a welcome part of it.

•  Did you learn something cool in your sweep? Make something? Share it!
• Speak up
• Give
• Show up at CRASH Space tonight!