Many of my articles have been linked from the Defensive Information Security podcast. I didn't write here last week, so I just want to reference a few noteworthy reads I skipped. Please ignore any autocorrect errors you see here, I'm limited to writing on my phone at the moment.
They include ransomware used as a distraction, where it was believed that an attack was meant to divert attention away from the real endgame. I thought this was fascinating, almost another level of social engineering. It reminds me of how instead of using data encryption, one could use data obscufication. It shows me that as much as network security is about implementing a solid network and maintaining it, that it is just as much a mind game against fellow humans.
The next was that many windows flaws are mitagated by disabling the admin account. Now it is interesting looking again at this a week later, after two days ago I read an article stating that one of the top ten important GPOs was quite simply disabling the Guest account. Anyhow, the article may be right, but we don't live in a perfect world. Most of the time, we want those admin privileges to enhance productivity, and we are all aware of the security tradeoff whether we like it or not. As a youngun, I do like to speculate about the future and I have to wonder about there being a smarter solution to using computers than simply admin or non-admin rights, perhaps an adaptable system based on each user and security concerns?
The next article was that hackers attacked 20 million accounts on Alibaba's Taobao shopping site. Essentially an Aliexpress type site or any other. I wouldn't normally discuss this, we hear about these mass attacks all that time. Defensive Security reported on it due to the sheer scale of this attack, but that's not what is relevant to me. For me, I have ordered many items from these (mainly Korean in my experience) sites. I have seen tons of reviews about how customers items never showed up to their door, and many reviews that were obviously from the seller himself, using disposable accounts. Anyway, why this relates to me, is for years, my father, who is not in IT, always had a policy of never ordering anything from any of those foreign countries. He never told me why. Whatever his reason was, he was right. Simply put, it is questionable whether or not the site itself is safe. These sites have not garnered trust. I wouldn't be surprised if they were in on the breach, or less dramatically, having next to no security and not caring about it. As worrisome as that is, shouldn't I be more worried about T-Mobile's recent attack where there was a fair chance my SS number was compromised? One massive Asian corporation might have leaked my credit card info, but my cell phone provider leaked the only number that truly matters to a citizen of the U.S. Which is the bigger deal?
Once again, it's neat to see what I've been learning about used in the real world.