I took last week off to have some R&R away from technology, mostly, and didn’t put together a What I Learned post. This week I am in a full throttle training course on Ethical Hacking and next week it’s the advanced sessions. My time to stay on top of the news has been limited because if I am not in class I am working on the labs and capture the flag exercises in addition to studying for the exam.
Aside from all the new, scary things I am learning in class (I will never use free, public WiFi again without a verified VPN) I found a few news topics that I can say I learned from.
What I Learned – Week ending 2/9/17
Mac’s Have Their First Widespread Macro Virus Problem
For the first time hackers have shifted their focus and targeted Macs with success. Using an old Windows technique, hackers are getting their malware on Macs through Microsoft Word macros. Macs didn’t have a macro problem until Word became available and popular as it has in the last year. Slowing the spread down of the attack method is the same on Mac as it was on Windows. DON’T OPEN WORD DOCS AND ENABLE MACROS FROM PEOPLE YOU DON’T KNOW!
If you have a Visio Smart TV chances are your viewing, browsing and other activity were sent to the manufacturer and sold. Forget about government spying, it’s the makers of all these Internet enabled devices you need to worry about. With no oversight, regulations, standards or certification prior to sale the vendors can and are doing whatever they want. In this case selling your data for profit. Vizio got busted and have to dish out a $2.2 million fine, none going to the customers. If you have IoT devices in your life, you should really be aware of what may be sent outbound without your knowledge.
There Are Well Intended Hackers Out There
A hackers with good intentions ‘hacked’ 150,000 online printers. The ‘attack’ wasn’t to cause damage or steal data but get the owners to close the security gaps. The hacker sent print jobs to the open printers, with tongue-in-cheek humor, that their printer is vulnerable and needs to be fixed. Instead of sending spam print jobs or other nefarious he decided to use it to help improve the security posture. It may be a gray area in the legality because he did connect under the unauthorized umbrella, but intent doesn’t bypass the law. Still a neat story nonetheless.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.