Twitter is simply the best place to get #infosec news, gossip, rumors, and updates. Much of the community is alive, well and active on Twitter and, so am I under the handle @hackerhiker (because.. erm.. I hack and I hike). Many people I have spoken to tell me that Twitter is nothing but a wasteland of trolling, sh** posting, partisan rants, and (alleged) Russian bots. Frankly, I think they’d rather get a root canal! Fear not, gentle reader! I wade through the Twitter cesspool so you don’t have to and will present monthly my favorite InfoSec Tweets of the month.
Twitter Community Delivers for WISP
Lead by Social Engineering extraordinaire @racheltobec, WISP (Women in Security and Privacy) was able to raise enough money via Twitter to send 57 women to DEFCON that wouldn’t have been able to go otherwise. I’ve been a huge advocate of diversity in the tech space and I think the reason are clear: To understand different threats and risks, we must have different viewpoints. Bluntly, this means that the security community needs to evolve beyond the world of Caucasian neck-beards. I am thrilled that @WISP has put this effort together and congrats to the 57 scholarship winners!
Update as we wrap up this campaign: 57 amazing woman will be attending defcon because of the generous donations of our donors and industry supporters!@defcon You can contribute to @wisporg year round-we do edu events, sponsorships, mentoring and networking all year!🙏🏻🙏🏻🙏🏻
— WISP (@wisporg) July 16, 2018
Intrinium CEO on Cerner Podcast
I was thrilled to listen to Intrinium’s own @Nolan_Garrett was an invited guest on the Cerner podcast to talk about Incident Response and all the work we’ve been doing to secure hospitals in the US.
Take a moment to listen to a recent #Cerner #podcast featuring our #CEO, @Nolan_Garrett, he discusses why #incidentresponse plans are a must have for any #healthcare organization. https://t.co/eP9K0R1Vu6
— Intrinium (@Intrinium) July 11, 2018
Failing the OSCP
To me, the OSCP is an excellent benchmark cert that separates a hacker from a person who runs a vuln scanner. The trouble? The test is HARD. It’s taken 24 hours straight and you are given a network to pwn. Many, many people fail the first time they attempt (myself included). Twitter user @pink_panther gives an account of taking (and failing) the OSCP is like and how you can #TryHarder.
My thoughts on OSCPhttps://t.co/mcNiZa1MrY
— Pink_Panther (@Pink_P4nther) July 16, 2018
— Hacker⚡️Hiker (@hackerhiker) July 17, 2018
Applied the patch, closing ticket
Applied the patch, closing ticket. pic.twitter.com/bB1vBN87pU
— Javvad Malik v2.0 (@J4vv4D) July 20, 2018
Microsoft: Midterm Election Hacking Underway
At the Aspen Security Forum, Microsoft’s Tom Burt, VP of Security, revealed that Microsoft has stopped three attacks against Congressional candidates so far this year.
Microsoft reveals first known midterm campaign hacking attempts (from @ericgeller).
Candidates and their staffs are targets. Enrollment in eg Google Advanced Account Protection or equivalents at work *and* home should be seen as basic due diligence. https://t.co/2zssTDSi5R
— Pwn All The Things (@pwnallthethings) July 20, 2018
Krebs on the Cyberinsurance Lawsuit
Information Security Journalist Brian Krebs released an article detailing the ongoing lawsuit between The National Bank of Blacksburg and Everest National Insurance Company. The lawsuit alleges that the insurance company is denying a claim after a series of hacking attempts lead to a loss of $2.4M. The reason? The insurer claims that even though the attack originated as a cyberattack, the attackers used the bank’s debit card system to create phony cards and physically withdraw the funds from an ATM, instead of stealing electronically. It will be fascinating to watch and see how this lawsuit affects future cyber insurance claims. Much like the previous article, this hack started with an email phishing attack.
Exclusive: Hackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss. https://t.co/vcoF0sXjFy pic.twitter.com/2YV5KxadL6
— briankrebs (@briankrebs) July 24, 2018
Becoming a Juggalo to defeat security
Security and Privacy researcher TAHKION made the earth-shattering (ok mostly hilarious) discovery that using Insane Clown Posse inspired “Juggalo” make up, facial recognition systems can be fooled.
i made a breakthrough. it turns out juggalo makeup defeats facial recognition successfully. if you want to avoid surveillance, become a juggalo i guess pic.twitter.com/kEh7fUQeXq
— TAHKION (@tahkion) July 1, 2018
With Defcon 26 just around the corner, the hacker community is up to it’s usual “Defcon is canceled” shenanigans (but seriously, RIP Defcon ☹). Upping the ante, many people took to Twitter to share their terrible Defcon advice.
Here are a couple of the gems:
How to keep your phone safe…
— purkkaviritys (@purkkaviritys) July 13, 2018
As Marcus Hutchins, the arrested hero of the WannaCry attack continues to sit in Las Vegas under house arrest…
#DefconAdvice: Call ahead to check with the FBI that they have no plans to arrest you while you're in US jurisdiction.
— MalwareTech (@MalwareTechBlog) July 13, 2018
The storm continues…. Best of July, Part 2