As a consultant my effectiveness is the knowledge I bring to the table. Each day is different, new challenges are discussed, new threats are revealed and it’s my job to help my clients drive to effective and practical solutions to solve and mitigate what hangs over their heads. I can’t do that unless I am in a continuous training mode. If I am not working with a client I am reading, attending webinars, going to conferences and reading books.
It is overwhelming, very technical at times and most of it is not very interesting to post on this blog or other social networks I have. Throughout the week I do come across those news headlines that are interesting and instead of turning this blog into a bloated news aggregator I decided to tuck them away and pick a few of the best ones of the week and write about those.
Each Friday I will put a new post out called What I Learned This Week. The post will be short, link to the source with a little commentary for each one on why it’s important. Of course these will be more lighthearted and fun, if that’s possible in the security world.
What I Learned This Week 11/4/16
Akamai, one of the leaders of web hosting, is killing off support for SHA-1 certificates at the end of the year. This is a good move as SHA-1 certificates are easily broken and therefore highly susceptible to attackers cracking them. The cost to crack a SHA-1 is around $75,000 and a few months of time, but well within the reach of a well funded and motivated crime syndicate or government entity. The industry has been moving away to the more secure SHA-256 certificates over the past few years but Akamai is one of the first to flat out not support it. Which is good for everyone. Source: http://www.securityweek.com/akamai-kill-support-sha-1-certificates
A survey finds that 75% of Security Executives think they are INVINCIBLE. Here’s how my headline would have read – Survey Finds 75% Of Security Executives Need To Be Fired. Ego and over-confidence are the characteristics you do not want in a security leader. No Security Executive can say with confidence their program is fool proof. It’s not a matter of IF but WHEN you get breached or have a security event that causes problems for your enterprise. Source: http://www.theregister.co.uk/2016/11/02/survey_finds_75_of_security_execs_believe_they_are_invicible/
The FCC passed new Privacy Laws that will require your Internet Service Provider (ISP) to ask your permission to share your data with another 3rd party. The rule states: “ISPs are required to obtain affirmative ‘opt-in’ consent from consumers to use and share sensitive information.” However, this opt-in is revenue for the ISPs which means the acceptance will be embedded deep within long terms that most people will hit OK just to get passed without reading it. Source: http://thehackernews.com/2016/10/fcc-isp-privacy.html
If you run Windows you are screwed. All versions of Windows are vulnerable to an attack that can take over your machine. This isn’t your typical vulnerability, software based from a bug that can be patched. This flaw is within the design of how the core of Windows works and so far, cannot be patched without changing how Windows itself works under the hood. Source: http://thehackernews.com/2016/10/code-injection-attack.html
There you go, a few of the highlights of this week’s news headlines that I feel are security centric but understandable by anyone.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.