This is the 46th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 7, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast:
Scott gives an overview of the BSides Ottawa Security Conference
If you’re in the Information Security industry I highly recommend you attend a local BSides conference. Always great content and networking opportunities!
Everyone you know will be able to rate you on the terrifying ‘Yelp for people’ — whether you want them to or not
Yelp for people? What could possibly go wrong? What are the ramifications when we start “rating” everyone we know or encounter? In a recent twist everything available about the Peeple app has been removed (social media, website, etc) by the founders most likely because of the firestorm of news media and privacy concerns. While the Peeple app looks like it may not happen..I’m sure there are other similar apps that will pop up and try something similar in the near future.
The Power of Privacy Video Series by The Guardian
The first episode takes a very thought provoking look at the digital shadows you leave and how someone can find personal and private information about you on the Internet…highly recommended! Episode 2 was recently released and talks about how easy it is to get hacked through phishing and common social engineering techniques.
Anatomy of an enterprise social cyber attack
This is some interesting ZeroFOX research on customer scams, specifically one called “hashtag hijacking”. I’ve heard of several cases in the news about this type of attach using social engineering and social media as attack vectors. Check out this great infographic to learn more.
Thousands of ‘directly hackable’ hospital devices exposed online
This research was released at the DerbyCon security conference last month. I found it fascinating that now MRI and other critical medical equipment can be found using the search tool Shodan outside of the firewall of some major healthcare providers. Most likely this happens because of poor network segmentation as well as separate Internet connections outside of the healthcare provider. To top that off many of these devices are configured with default credentials and/or weak passwords (some running vulnerable Windows XP and older systems too). The researchers built a honeypot defibrillator machine to prove their points which “attracted a whopping 55,416 successful SSH and web logins and some 299 malware payloads”. Medical devices (pretty much in the same category of IoT) which lack any security is very scary, especially the potential impact to human life if these devices are compromised!
The Social Network Where Doctors Swap Gross Pics of Patients
HIPAA nightmare? Apparently doctors, nurses and other healthcare staff have been uploading patient pictures to a app/social network called “Figure 1” (aka: Instagram for doctors). While the founders intentions seem good (as in a good way for doctors to get second opinions or to treat patients better) there is definitely a cause for privacy concern. The founders apparently have monitoring, oversight and remove any metadata from each picture but as this app’s user base grows it will be harder to oversee this type of information, even with automation built in. In addition, the app founders said that they don’t have a plan yet to make money so time will tell if this even sticks around.
Netflix shows you how to make your own “IoT switch”. Turn on Netflix. Dim the Lights. Kick Back and Relax.
Netflix continues to innovate with unique ways to watch their programming…even to get you to build your own IoT device (I’m soon sure to be available for purchase).
Our friendly PSA: Please stop posting those Facebook privacy notices
Posting those Facebook “privacy notices” on your status does nothing as you’ve agreed to hand over everything you post to Facebook according to their terms of service. You agreed to this when you created your Facebook account. Don’t like it? Stop using Facebook and delete your account. See Snopes for more information about this hoax.
Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!