My last week’s readings were a bit peculiar. Most covered personal privacy and life stories connected to cybersecurity. So I decided to focus this post on three privacy-related takeaways from last week.
The first is connected to a story from the previous week: the attack on FBI’s email servers and the false warnings sent to compromise the cybersecurity researcher Vinny Troia. This week he shared some personal details disclosing the impact of confronting cyber-crime can have on someone’s life. This is the heads-up that Pompompurin gave Troia via Twitter on the upcoming email campaign sent from the FBI’s server.
Here is a brief summary of Troia’s experience with Pompompurin:
“The last time this happened he sent me a message informing me that the National Center for Missing and Exploited Children posted a blog naming me as a sexual predator” he wrote. “Before that it was a heads up on a DDOS attack on our free consumer Breach Check website; before that [the actor] hacked my personal Twitter using a private API key that was stolen from our Data Viper website, in order to send out a number of childish Tweets to reporters; before that he tried to publicly frame me for the hack on Astoria company; and before that, it was something else”https://threatpost.com/fbi-email-hoaxer-ided-vinny-troia/176377/
It’s actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled.https://www.schneier.com/blog/archives/2021/11/is-microsoft-stealing-peoples-bookmarks.html
The last takeaway is a… literal one: pizza. Specifically, California Pizza Kitchen that during a recently identified breach exposed the names and Social Security numbers (SSNs) of more than 100,000 current and former employees. Beyond the details of the story, what is interesting and I would like to note are some of the learnings. First: employee security awareness training really counts:
One security professional noted that employee training is a key element of helping to avoid breaches like this, which are all too common at organizations that have sensitive data on their networks but typically employ people without specific knowledge of how security breaches can occur.https://threatpost.com/california-pizza-kitchen-employee-ssns-data-breach/176478/
Second, the never-trust/always-verify approach is a key complement to employee education:
“Taking a proactive, zero trust (never trust/always verify) approach to cybersecurity and having the measures in place to prevent attacks from penetrating your systems is critical,” he said. “It’s also far more efficient and cost-effective than relying solely on your employees.”Danny Lopez, CEO of security firm Glasswall, for Threatpost