Tuesday Sweep: 21 Mar 2017
Weekly Round Up
Where do you scan for news? I keep an eye out for recent exploits and breaches that have come to light, new tools, interesting idea’s, etc.
Five topics for the week:
- Don’t cry if you still can’t explore Hyrule because you don’t have a Switch yet. Go out to our own desert for Desert X outdoor art show between now and the end of April. Then when you get home, play your Ocarina to unlock the door! (If you do get one, they do have a webkit vulnerability, which will likely get patched, but still worth watching excellent video going over how it would work)
- In the not news to anyone here category: Creepy IoT toys continue to be creepy. If you’re hoping to beable to throughly check out these nightmares for $19.99 check out a video with similar content from that webinar with Larry Pesce (@haxorthematrix) last week. Geared to people who want to learn how to reverse engineer, not builder, but useful. Also keep and eye on the IoTA page on the Ingaurdians site to stay posted. In good news, sometimes IoT makers do post updates like Dahua/HikVision this past week. Admittedly it comes under the avoidable and too little to late category, but progress. The FCC is taking an about face, no shocker, and hanging consumers out to dry in terms of requiring improved security.
- Motherboard is killing it this week with both a profile of Eva Galperin (EFF’s Director of Cybersecurity). She’s an example of an actual hero. They’ve also included an article about US farmers and Ukrainian firmware. I’ve linked to the EFF’s page on supporting the right to repair before.
- Written for designers, but works as a call to devs to take responsibility for advocating security and privacy best practices, too – Ethics can’t be a side Hustle. Sentiment echoed in by Scott Brody of Simply Secure in interviews on O’Reilly Security Podcast – “How to secure software by caring about humans, not security,” summary on boingboing
- “Forging the future of financial, banking & payments technology”? Then you might be at finDEVr. The finance people typically take security and verification systems seriously, so there might be something to learn here. If you want another excuse to go to New York for a conference try Hackers of Planet Earth (July). To get a taste, watch the proceedings from 2016 The O’Reilly Security Conference (October) has a name that it might be an easier to get Accounting to sign off on if that’s a concern.
Reflect
What’s are the frictions keeping you from doing “what’s right”? Regret is only useful if it leads to a plan on how to improve.
Sweep
This list will be getting longer, but lets keep it simple while folks are still setting up.
- Updated software recently? Pick a new device to check on today.
- Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
- Reduce your attack surface: Delete a low quality app from your phone. Delete an account.
- Add a password to your password manager… and delete it from everywhere else.
- Anywhere you could add two factor authentication?
- Double check privacy settings on your phone, social media accounts.
Continuing Set Up
We’ve covered so much so fast. You’re not behind, you’re just where you are. Pick something to do.
- If you’re having trouble with all the set up, the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
- Review the list of OneThing articles so far and pick one to catch up on.
Engage
We are a community. You are a welcome part of it.
