2019 is flying by fast, and there were many developments in cybersecurity during the third quarter. From the rise of deepfakes and AI to the controversy over extended validation—read on to get yourself up to date on the most interesting news and ideas in cybersecurity.
1. Evan Ratliff: “Was Bitcoin Created by This International Drug Dealer? Maybe!”
One of our field’s biggest mysteries is the true identity of Satoshi Nakamoto, the creator of bitcoin. Evan Ratliff had once come to a conclusion and then convinced himself otherwise. In this fascinating investigation, he goes over the evidence once again.
2. Dan Goodin: “My browser, the spy: How extensions slurped up browsing histories from 4M users”
In this article, Dan Goodin discusses DataSpii, a newly documented privacy issue that has resulted in the publication of links to home surveillance videos hosted on Nest, tax returns, billing invoices, vehicle identification numbers, travel itineraries, and more.
3. Josh Taylor: “Major breach found in biometrics system used by banks, UK police and defence firms”
The biometric information of over 1 million people was found on a publicly accessible database. Josh Taylor covers the incident, which includes the alarming number and sensitivity of information the researchers involved were able to access.
4. Brian Krebs: “Who Owns Your Wireless Service? Crooks Do.”
From the article: “If you are somehow under the impression that you — the customer — are in control over the security, privacy and integrity of your mobile phone service, think again. And you’d be forgiven if you assumed the major wireless carriers or federal regulators had their hands firmly on the wheel.”
5. Matthew Prince: “Terminating Service for 8Chan”
Many companies insist that they don’t help harmful organizations (but they do). But Cloudflare backed up their stance by terminating their service for 8Chan after it came to light that the El Paso gunman seemed to have been inspired by the forum.
6. Troy Hunt: “Banks, Arbitrary Password Restrictions and Why They Don’t Matter”
After a string of complaints about bank password security, Troy Hunt discusses both sides of the argument. But in short, as the title indicates: it really doesn’t matter.
7. David Murphy: “You Can’t Trust Companies to Tell the Truth About Data Breaches.”
Sad, but true. Many companies wait months or years before disclosing a breach. Even worse, some may try to obfuscate the disclosure. In this article, David Murphy offers advice on how to stay secure even if the breached company isn’t acting forthright.
8. Michal Špaček: “Browsers are hiding the padlock and it’s a Good Thing™”
If you keep your browsers up to date, you may have noticed that secure webpages no longer boast a bright green padlock in the URL bar, but a subtler gray one. Michal Špaček discusses why this was a good move.
9. Scott Helme: “Extended Validation not so… extended? How I revoked $1,000,000 worth of EV certificates!”
The title says it all. In this article, Scott Helme goes into detail on how he was able to find over 4,000 EV certificates that needed to be revoked, corrected, and re-issued by the CA in question. (You’ll be glad to know that the issues he highlights have since been resolved.)
10. Geoffrey A. Fowler: “The spy in your wallet: Credit cards have a privacy problem”
From the article: “In a privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data.”
11. Bruce Schneier: “The Myth of Consumer-Grade Security”
In this article, Bruce Schneier argues that there is no longer any difference between consumer devices and business products/critical infrastructure/military products. So the fact that Attorney General William Barr wants to weaken encryption systems for consumer devices is troubling indeed.
12. Sergiu Gatlan: “Back to School? Be Careful of Malware Hiding As Textbooks”
Textbooks can get insanely expensive, so many students look for electronic versions of their required reading to save money. Unfortunately, this exposes students to a wide range of malicious attacks, as Sergiu Gatlan discusses in this article.
13. Joseph Steinberg: “Why Scammers Make Spelling and Grammar ‘Mistakes’”
Ever wonder how people could possibly fall for those mistake-riddled phishing emails? As it turns out, it’s beneficial for scammers to include those mistakes. In this article, Joseph Steinberg explains why.
14. Paul Roberts: “Huge Survey of Firmware Finds No Security Gains in 15 Years”
From the article: “A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors.”
Read the previous roundup articles of 2019
Want to read up on the other big news and ideas for cybersecurity in 2019? Here are our previous roundup posts:
Related
3 cybersecurity trends you should pay attention to
How prepared for an attack are you? The most recent Microsoft Defence Report found volume of password attacks has risen to an estimated 921
::
