It’s November already, where has the year gone? I can almost still remember typing out the words for the year’s first ‘Things I hearted’ blog back in January. Re-reading it now, it feels as if not much has changed, big messes, breaches, an in-fighting seemed like the usual for the year.
I was speaking with my colleague Chris Doman a couple of days ago, and he did point out that 2018 overall has largely been better because we haven’t seen any large scale attack like WannaCry. He did pause and then add “yet” - so I suppose you could say we’ve improved because this year has caused less havoc than last year? Let’s chalk risk reduction down to a win and get on with it.
IBM Acquired Red Hat
A few weeks ago, prior to the announcement of the acquisition, IBM came up in discussion with a few friends and one of them said that IBM is one of those companies that everyone has heard of, but hardly anyone knows what they exactly do outside of a few services they use.
As the cool kids say, this may have been a statement designed to “throw shade” (young and hip people, please correct me if I’ve used the term incorrectly - I already embarrass my children enough by misusing lingo), but the fact is that the statement is rather true, only because most people are still trying to work out why IBM would shell out 33.4 Instagrams for Red Hat.
- Why IBM bought Red Hat: It's all open source cloud, all the time | ZDNet
- 6 Things to Know About IBM's $34B Acquisition of Red Hat | CMS Wire
- IBMs old playbook | Stratechery
The Supply Chain
I won’t give any more air time to that ridiculous ‘grain of rice’ Bloomberg story. However, it did give everyone time to pause and think about the supply-chain and how fragile it is. It’s easy to overlook the reliance businesses have on partners and their security.
Dan Goodin took a peek behind the curtain of this shady practice and wrote on two supply-chain attacks.
Would you Compromise Privacy for $850m?
Under pressure from Mark Zuckerberg and Sheryl Sandberg to monetize WhatsApp, Brian Acton pushed back as Facebook questioned the encryption he'd helped build and laid the groundwork to show targeted ads and facilitate commercial messaging. Acton also walked away from Facebook a year before his final tranche of stock grants vested. “It was like, okay, well, you want to do these things I don’t want to do,” Acton says. “It’s better if I get out of your way. And I did.” It was perhaps the most expensive moral stand in history. Acton took a screenshot of the stock price on his way out the door—the decision cost him $850 million.
On the topic of money for ads
On the other side of privacy.
What are Everyone’s Kids Doing at School?
Another one to be filed under “what were they thinking?” - both the developers, and to be honest, do schools really need to share every minor detail via an online portal? What happened to good old-fashioned parent-teacher meetings?
Remini, a smartphone app that launched in 2013, aims to provide parents and educators with a social network to follow a child’s progress throughout school and their early life, documenting important milestones and letting parents share images with their child’s school.
But Remini exposed these, and the personal information of its users to the internet writ large, thanks to an API that let anyone pull the data without any sort of authentication. The data included email addresses, phone numbers, and the documented moments of the children as well as their profile photos, according to a researcher who discovered the issue.
Pakistani Bank Has Millions Taken
Apparently Bank Islami Pakistan was subject to a massive attack where many customers reported seeing transactions on their cards abroad. It’s alleged that attackers were able to breach the data centre of the bank and sold the customer details.
I found this interesting because Pakistani businesses probably have had lesser worries in the past. But as organisations such as banks go through a digital transformation, they are opening themselves up to a much broader range of threats. Something, they probably haven’t accounted for. It’s not too dissimilar to what we see in other parts of the world, where companies such as small or medium businesses didn’t used to get attacked as often, but now it’s pretty much a daily part of life.
- Bank Islami Comes Under Biggest Cyber Attack of Pakistan’s History | Daily Punch
Explain TLS Easily
A good way to explain TLS to someone.
- The Illustrated TLS Connection | @XargsNotBombs
How to Choose Which Conference to Attend
There’s no way to say this nicely, but there are just too many security conferences in the world today. I think it would be a good idea to try to emulate Tom Hanks from “The Terminal”, but instead of living in an airport, see if one can spend a whole year or half a year only going to conferences. Actually, that sounds like a terrible idea, don’t try it.
But what makes a conference worth attending or not? I found a good post by Valerie Lyons which may help you decide.
