@jerry I have a bunch of fun IOT garbage *and* I filter/block the hell out of it so it ostensibly only communicates to minimal functionality, if I let it talk to the Internet or anything else at all.
My LG TV doesn't need to talk to the Internet unless I want a firmware update, and I only want that if I'm having picture issues or if they decide to add eARC. So it doesn't need to go outside, even though it *really* wants to.
Purple Squad Security - Episode 49 – The Red Team Life with Curtis Brazzell
Curtis Brazzell from Pondurance joins me to talk about red teaming and managing red teams.
I was on Paul's Security Weekly in early January. Here's my interview segment. I was actually on the whole show, which went 3+ hours...
I’ve been in IT for decades, worked as an industrial engineer, programmer, sysadmin, network engineer, and now in #infosec. Being selective makes sense, but I like my electronic locks, Nest thermostats and doorbells, i can turn my air compressor on with my phone, and find OpenWRT to be more trouble than its worth (ubiquiti unifi all the way).
Smart speakers seem a bit much, though.
“After leaving her job at the NSA in 2014, Lori Stroud worked as a contract intelligence operative for the UAE. Stroud, now living in an undisclosed location in America, said the mission crossed a line when she learned her unit was spying on Americans.” Photo by Reuters/Joel Schectman
An interesting note on the ex-NSA mercenaries working for the United Arab Emirates story: the third party software they used to easily root iPhones via iMessage sounds very similar to exploits described by Lookout researchers at #ShmooCon when they recently exposed an unnamed nation state's attempt to purchase spying tools (and named the names of the vendors selling those tools). Point is, these 0-day phone exploits are available to the highest bidder.
For people that are into #AppSec, here's a blog with some useful resources. I regularly update it. If you have good resources that are missing please contribute!
Everybody Does It: The Messy Truth About Infiltrating Computer Supply Chains
Not strictly #infosec related, but this is a very big deal. The main hurdle facing the plaintiffs' bar on these suits was this standing/injury issue. If your company has been playing fast and loose with #biometric data...you may want to get on top of that. https://capitolfax.com/2019/01/25/supreme-court-rules-against-six-flags-on-state-biometric-law/
I’m after some advice from the #infosec community, I’ll be publishing #security advised and best practices for regular people in an easy to understand way, mostly via a blog and facebook. I would like to get feedback on what topics, also why that topic. If you know of a great example already please let me know. The aim is to help regular people be more aware of the pitfalls of computers and security, making the internet a safe place for all.
I’m open to all suggestions.
Got a Nest security camera? Enable two-step verification now.
What on *earth* could Jenny Radcliffe be describing in the new episode of "Smashing Security" out tonight (Weds 7pm EST, Midnight UK)?
Subscribe in your favourite podcast app to make sure you don't miss out.
*sigh* GDPR compliant shredder? Visitor cards? Oh well, I'm quite sure someone will buy it because of that, but ..... https://www.theregister.co.uk/2019/01/22/gdpr_compliant_shredder_book/
A Mastodon instance for info/cyber security-minded people.