2019 is flying by fast, and there were many developments in cybersecurity during the third quarter. From the rise of deepfakes and AI to the controversy over extended validation—read on to get yourself up to date on the most interesting news and ideas in cybersecurity.
One of our field’s biggest mysteries is the true identity of Satoshi Nakamoto, the creator of bitcoin. Evan Ratliff had once come to a conclusion and then convinced himself otherwise. In this fascinating investigation, he goes over the evidence once again.
In this article, Dan Goodin discusses DataSpii, a newly documented privacy issue that has resulted in the publication of links to home surveillance videos hosted on Nest, tax returns, billing invoices, vehicle identification numbers, travel itineraries, and more.
3. Josh Taylor: “Major breach found in biometrics system used by banks, UK police and defence firms”
The biometric information of over 1 million people was found on a publicly accessible database. Josh Taylor covers the incident, which includes the alarming number and sensitivity of information the researchers involved were able to access.
From the article: “If you are somehow under the impression that you — the customer — are in control over the security, privacy and integrity of your mobile phone service, think again. And you’d be forgiven if you assumed the major wireless carriers or federal regulators had their hands firmly on the wheel.”
Many companies insist that they don’t help harmful organizations (but they do). But Cloudflare backed up their stance by terminating their service for 8Chan after it came to light that the El Paso gunman seemed to have been inspired by the forum.
After a string of complaints about bank password security, Troy Hunt discusses both sides of the argument. But in short, as the title indicates: it really doesn’t matter.
Sad, but true. Many companies wait months or years before disclosing a breach. Even worse, some may try to obfuscate the disclosure. In this article, David Murphy offers advice on how to stay secure even if the breached company isn’t acting forthright.
If you keep your browsers up to date, you may have noticed that secure webpages no longer boast a bright green padlock in the URL bar, but a subtler gray one. Michal Špaček discusses why this was a good move.
9. Scott Helme: “Extended Validation not so… extended? How I revoked $1,000,000 worth of EV certificates!”
The title says it all. In this article, Scott Helme goes into detail on how he was able to find over 4,000 EV certificates that needed to be revoked, corrected, and re-issued by the CA in question. (You’ll be glad to know that the issues he highlights have since been resolved.)
From the article: “In a privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data.”
In this article, Bruce Schneier argues that there is no longer any difference between consumer devices and business products/critical infrastructure/military products. So the fact that Attorney General William Barr wants to weaken encryption systems for consumer devices is troubling indeed.
Textbooks can get insanely expensive, so many students look for electronic versions of their required reading to save money. Unfortunately, this exposes students to a wide range of malicious attacks, as Sergiu Gatlan discusses in this article.
Ever wonder how people could possibly fall for those mistake-riddled phishing emails? As it turns out, it’s beneficial for scammers to include those mistakes. In this article, Joseph Steinberg explains why.
From the article: “A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors.”
Read the previous roundup articles of 2019
Want to read up on the other big news and ideas for cybersecurity in 2019? Here are our previous roundup posts: