 |
|
| | Revolv discontinues their IoT hub support
|
It seems unbelievable, but we are starting to see real incidents of connected products that are being abandoned by their manufacturers well before their end of life, leaving buyers with unusable hardware. The case of the Revolv hub sets an ominous precedent that should give us all pause for thought when buying any new hardware devices in the future. Essentially, they've decided to turn the products that people bought from them into bricks.
Anything we might buy in the future, from light bulbs to cars, can (and probably will be) connected to the Internet. This fact, in itself, presents some risks that many security experts are trying to understand and communicate to people. But a more fundamental risk we all need to start considering is what happens if the manufacturer or vendor goes out of business, gets purchased by another company, or just decides to stop supporting the devices? You could be stuck with a brick, or at least a less useful version of what you thought you were buying. It might even cause more serious impacts.
Read More...
|
|
| | WhatsApp is a popular mobile messaging system that is getting more secure.
|
While many people just think of WhatsApp as a convenient way to send messages from mobile devices, the company has taken serious steps to respond to recent concerns over global tracking and surveillance of mobile messages. In fact, WhatsApp now supports something called deniability of a message, or what's sometimes called repudiation of any kind of transaction.
This means that you could actually deny being the person who sent a particular message when you really did send it. Why would you want to do deny sending a message, and why would WhatsApp want to let you do that?
|
|
| | An extortion letter that may not be credible.
|
If you or your employer receives a threatening email saying that your website will be targeted with a Denial of Service Attack, don't be too quick to pay them to preempt the attack.
A recent report by security firm CloudFlare disclosed that targeted victims appear to have paid as much as $100,000 USD based only on an email threat that was not credible, upon close analysis. It can be scary to receive such an email, but there are some clues that could help you determine if the threat is real or not.
|
|
| | Teaching employees to work securely requires some important elements.
|
I love using analogies when explaining things to people. If we compare learning some common activity that we all understand, like training people to drive, with the process of training employees to work securely, I think there are some important contrasting points for managers to understand.
Do the following comparisons make sense to you?
|
As you can imagine, there are a multitude of reasons why businesses get hacked. Often, its for personal information in support of identity theft. But while personal information has value, we sometimes see attackers going after bigger fish. Recently, the law firm Cravath Swaine and Moore LLP disclosed that it had been hacked, and experts believe the target was insider information about the firm's large international clients. And they aren't the only law firms to be attacked this way. |
In the IT world, you might hear one geek mention to another that somebody just "bricked" their iPhone. The term means that the device has had a serious configuration problem, and has become as useless as a brick. When this happens, it usually means that it can never be restored to its original factory configuration. You'll have to buy a new one.
|
| | A normal brick; and a brick that looks like a router.
|
So, when you (or your teenage hacker) would like to experiment with some "customconfigurations", and the instructions warn you that doing this incorrectly could "brick" your device, it means you shouldn't do it unless you really know what you're doing, or can afford to go and buy a new one.
|
|
|
|
|
Scott's Update
It's spring again and almost time for sailing season! As usual, my offer stands: If you're in Ottawa and feel like going for a sail, just let me know. Subject to the weather and our mutual availability, I'm always interested in having a discussion on the water! And if the weather isn't good that day, we can always have a drink and a snack in the lounge.
You should be able to find all of the above articles on my Security Views Blog. Finally, if you know of anyone who might benefit from receiving this newsletter, I'd appreciate it very much if you would pass it on to them, and invite them to subscribe. You can always subscribe by clicking HERE. Sincerely, Scott WrightThe Streetwise Security Coach |
|
|
|
STAY CONNECTED BY FOLLOWING OR CONNECTING WITH ME:
| |
|
|
|
|
|
|
