Wednesday, March 9, 2016

Your Friends Probably Know the Answers to your Secret Questions

You may have seen this article on NBC which discusses how hackers are stealing your personal info by getting you to take those fun quizzes that tell you your Jedi name or which Disney Princess you would be.

What you may not realize is you could be giving your information out to all your friends (or friends of friends) on Facebook just by sharing or commenting on a status which may lead to an account compromise, email take over, or maybe even unauthorized access to your banking account.

What? No way.

Yes way. Let's take a look at what I could find just recently on Facebook, for example.

After a quick look around, this looks like a winner: a copy and paste status which asks friends to share their place of birth. Which is cool! I don't really know where my friends are born off the top of my head so it could be a neat opportunity to learn more about them right?

Sure. But here's the thing, I'm not actually friends with all the commenters to the left but I can still see their comments. Thank you to how Facebook's privacy settings work.

No big deal right?

Well, think about this for a moment... Place of birth is one of the more common questions that is used by websites to help users reset their forgotten passwords...

Tuesday, March 8, 2016

Happy International Women's Day!

Also known as International Working Women's Day, this is the first year that I actually payed attention enough to even realize that this day has some significance and has been around since 1906 (Whoa, 110 years of women's days? How is Halmark not capitalizing on this?) when nearly 15,000 American women protested against terrible working conditions, poor compensation and lack of voting rights while marching through the streets of New York City. It's a celebration of the contributions of women to society in the workforce and beyond as well as bringing to light some of the issues that women still face in the today's world.

Each year the International Women's Day takes on a theme ranging from celebrating the past (1996), to Investing in Women and Girls (2008), and so on. Many of the themes don't seem to be entirely surprising and often repeat (such as ending violence against women and girls) but this year really caught my attention.

The theme this year is "Planet 50-50 by 2030: Step It Up for Gender Equality".

Sunday, March 6, 2016

Debrief: RSA Security Conference 2016

RSA South Expo from Above
No matter what field of technology you’re in, it is likely you’ve heard the three letters ‘R’, ‘S’, and ‘A’ come up at some point in your career. And if you haven’t, just wait for it. I know when I first started as a wee infosec intern some 3 and a half years ago, the fabled RSA Security Conference was something of myth and legend in where vendors brought out the grandest of grand displays and where booth babes ran rampant trying to entice the standard IT Joe to buy their product.
Expo Pass, Acquired
Having finally been able to visit the Expo for a day, I can now say that description wasn’t far off.

Okay, so booth babes weren’t running ‘rampant’ by the time I got there (I could only visit on Thursday), and there weren’t really ‘booth babes’ to begin with. They just really, really, really wanted to scan your badge if you got within a few feet of their location. Which is whatever, that’s their job, you can’t blame them. But I had hoped people would be more eager to discuss their product first. In fact, when I challenge anyone who asked to tell me first what they were selling which caught most everyone off guard, much to my own surprise.

But let’s talk about the booths themselves.

Debrief: BSidesSF 2016

As I’ve been back and forth from home to San Francisco the past few weeks/months, I managed to make my way to BSidesSF on February 28th which I was super excited about. Having only attended BSidesLV just last August, I was looking forward to seeing what the other BSides cons were like.For those of you unaware, BSides are community driven, (typically) small security conventions that are located from Chicago to Seattle to all over the world where infosec pros can get on stage and speak about a topic of their choice without a staggeringly large audience like those at DEFCON or Blackhat. This seems to bring the community tighter and give an opportunity to new-pros to speak in a comfortable environment. 

BSidesSF was located at the DNA Lounge, a dance club that I was told had a history of being a hacker hang out. Upon arrival, you can immediately get the underground, industrial vibe which melded well with the infosec culture. Badge pick-up was in the “DNA Pizza” restaurant right next door which, likely due to being a little late, made it easy to grab the not-badge wristband that gave me access to the rest of the con (after a quick coffee grab, damn those 5am flights).

Inside the venue, the keynote speaker (legendary EFF founder John Perry Barlow) was already on the main stage and taking questions from the packed would-be dance floor. Even with two speaking tracks, two levels, multiple bars, and a lounge, I was happy to see the venue was relatively full with a range of attendees who didn’t seem too intent on staying within their own circles (for the most part) which allowed me to strike up a conversation with a couple of individuals with relative ease.