Cybersecurity approach – a game theory?

A while back I have come across a short but very interesting book ‘Finite and Infinite Games‘ by  James Carse. I’ve really enjoyed the read and thesis around looking at pretty much everything in life as a game, be it, for example, business outcomes, personal targets or career. In a nutshell, a finite game can be defined as: – players are known prior to the game commencement – fixed rules – agreed-upon objectives – chess, football, basketball – we declare the winner and the game is over And then, there is an infinite game: – players can be known and unknown – the rules and players are changeable – and the objective is to keep the game in play to perpetuate the game I personally really like this approach as it can be applied to many aspects of life and can be an interesting way of looking about everything we do – what our goals are and how we are approaching them. I think this resonates particularly well in regards to a cybersecurity strategy. Let’s take a very quick look at what’s been happening in the security industry over the recent years and what the trends have been like:...

Continue reading

Recent WhatsApp Vulnerability – Facebook messaging and my thoughts

Around a month ago, WhatsApp fixed a devastating vulnerability (zero-day in that case) – it allowed someone to remotely hack a phone by simply initiating a WhatsApp voice call. The recipient didn’t even have to answer the call! That’s pretty scary! The good thing is – it has been fixed. For those interested reading about it more (if you haven’t by now) – Wired has a great article about it here. Now, let’s take a look at the release notes (Apple App Store release notes as of 18th June 2019): For the last three release versions (2.19.51, 2.19.60 and 2.19.61) all we see in the release notes is: “You can now see stickers in full size when you long press a notification.“. As we know, this very dangerous vulnerability was fixed in version 2.19.51 as per the CVE-2019-3568 security advisory note – listed only on a Facebook page, not mentioned anywhere else around WhatsApp, not on their website or changelog (as per the above). I think this an example of a very poor messaging and lack of transparency from Facebook. WhatsApp is used by over 1.5 billion users worldwide – a very large user base. This is a very...

Continue reading

My home network – Securing DNS

Why? DNS is one of these protocols that makes the web work. Well, not only web, many other internet things that need to communicate one with another. You can think of it as a phone book for the internet. When you visit a domain, for example google.com, your computer follows a series of steps to turn the human-readable web address into a machine-readable IP address. DNS is a very old protocol, but it does have some issues and if mis-configured and not monitored, it can compromise security of your network. DNS problem – security DNS queries are sent in a clear text. This means that others can see and manipulate the queries and responses. Such attacks are well known, for example MITM (Man In The Middle) attacks. Manipulating DNS is well known by many ISP’s around the world. ISPs (Internet Service Providers) can censor the web by simply blocking DNS resolution of domains and they can build a profile of all the sites you visit by recording your DNS queries. Then there are ads. Internet is full of them. Some of them are useful and certainly add value while not being very intrusive. Unfortunately, many of them are very...

Continue reading

My home network

Why investing in home network? I have always liked technology. My main driver to get into IT many years ago was fascination with wireless technology and desire to understand how it is possible to send or receive a file and do other things via the air that surrounds us. I have done lots of infrastructure work and this has led to me wanting to get more insight and control with what’s happening on my home network. I have stopped using standard ISP equipment companies provide when you sign up for broadband service as I have always found them poor in quality with regards to performance and with very limited controls and functionality. I have used various equipment at home such as Asus routers with custom firmware, Fortigate, Meraki and pfSense, up until… I have started hearing more and more about Ubiquiti. Few of my friends have started using their WiFi equipment at home. I have done my research and decided to purchase two wireless access points (UAP AC-Pro). I have set up a controller on my MacOS server and provisioned them. My wireless at home has become rock solid, reliable and much faster than before after tweaking various features...

Continue reading

Are you ready to say goodbye to SSL/early TLS?

30 June 2018 is the deadline for disabling Secure Sockets Layer/early Transport Layer Security (SSL/early TLS) and implementing a more secure encryption protocol in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data. In addition, according to NIST (National Institute Of Standards And Technology), there are no fixes or patches that can repair SSL or early TLS (NIST SP 800-52 Rev. 1). For over 20 years Secure Sockets Layer (SSL) has certainly been one of the most widely used encryption protocols ever released to date, and remains in widespread use today despite various security vulnerabilities exposed in the protocol. SSL v3.0 was superseded in 1999 by TLS v1.0, which has since been superseded by TLS v1.1 and v1.2. To date, SSL and early TLS no longer meet minimum security standards due to security vulnerabilities in the protocol for which unfortunately, there are no fixes. It is extremely important that everyone upgrade to a secure alternative as soon as possible, and disable any fallback to both SSL and early TLS. SSL/early TLS was removed as an example of strong cryptography in PCI DSS v3.1 (April 2015). Organizations which use SSL/early TLS are greatly increasing their...

Continue reading

Brief highlights of the Verizon 2018 Data Breach Report

The latest Verizon 2018 Data Breach Report (11th edition) has been published and it’s certainly a great read. This year the data comes from over 53,000 incidents and 2,216 confirmed data breaches. Based on the report, most of the data breaches are caused by outsiders (73%) with organised criminal groups accounting for 50% of the breaches. It should not come as a surprise that as much as 58% of victims are SMB’s. They are very often most resource constrained in their security efforts and this trend continues to carry on. The healthcare industry is also a popular target to hackers, especially in United States of America where the data coming from healtcare breaches is very valuable. Stolen credentials and phishing continue to be within top 5 action varieties in breaches. Unlike pretexting, which is financially motivated over 95% of the time, motives for phishing are split between financial (59%) and espionage (41%). This is a very brief post and I highly encourage everyone interested to read the full report, available as a free download here....