This is the 50th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright with special guest Alex Hamerstone from TrustedSec recorded January 21, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast:
2016 Reality: Lazy Authentication Still the Norm
This is a great story from Brian Krebs own personal experience regarding how his PayPal account was “hacked”. It was not “hacked” in the way you would normally thing via stolen credentials or password guessing. His credentials were reset over the phone via some easy social engineering techniques and information that was easily accessible through some Internet reconnaissance. Brian even had a PayPal two-factor authentication token for extra security. It goes to show you that organizations like PayPal need to look at all the different attack vectors that someone would use to gain access to accounts and protect their customers appropriately.
-Tom
Stop doing quizzes on Facebook if you place any value on your privacy
It’s been awhile since we’ve talked about those Facebook quizzes and surveys that you see many of your friends sharing with you on Facebook. While these may seem fun and harmless on the surface often these “apps” will collect your email address, list of friends and other personal information from your Facebook account. All of this is done within their legal terms of service of course! This is not a Facebook specific issue either. The problem lies with the third-party developer who will receive your personal information and what they do with it. This article is a great reminder of what information can be harvested when you take quizzes and surveys like this on Facebook.
-Tom
Pre-crime arrives in the UK: Better make sure your face stays off the crowdsourced watch list
I love the movie “Minority Report” because it’s a look into the (rather scary) future of facial recognition and this notion of “pre-crime” identification. In the present we’re already seeing some of the technology mentioned in the movie come to reality and this article takes this concept a step further by delving into “pre-crime” and determining if someone is about to commit a crime if their face has been identified in several so called “watch lists”. This is potentially dangerous to innocent people if you tend to look like someone else or if you find yourself in the “wrong time at the wrong place” kind of situation. It will be interesting to see how this technology and government policies around facial recognition evolve to prevent the innocent from being falsely accused of “crimes” they may never commit.
-Tom
The super creepy side of the Internet of Things and smart homes
This is a revisit of some topics we’ve covered in previous episodes. I was fascinated with a statistic from the article that stated: “a Microsoft survey found that 99.6% of people would gladly accept cash in exchange for having their activities tracked, what happens to those who give it up unwillingly because of security vulnerabilities in their smart home appliances?” This is a great question and makes me wonder if many companies that are developing IoT devices (especially ones focused on the consumer ‘smart home’ market) will even start to take vulnerabilities in these devices seriously.
-Tom
Xfinity’s Security System Flaws Open Homes to Thieves
Self-installed wireless home security systems like the Xfinity system are all the rage right now with consumers. These wireless alarm systems are now very affordable and reliable that can help deter and prevent theft. However, how secure are these systems given that this technology rather new and are now part of the “Internet of Things”? If you own one of these alarm systems this is a great article to make yourself aware of some vulnerabilities these systems have. Sparing you the technical details essentially this specific wireless security system can be jammed using a device purchased off of eBay or put together on your own for about $130 in easily obtained parts. The casual thief probably won’t go to this level to break into most homes, however, most people that buy these systems post signs outside of their homes advertising the exact security system they have which also gives away it’s known vulnerabilities. This is a great example of vendors getting involved to either limit the jamming issue or mitigate the risk by implementing a better alerting system to identify when the alarm system is being jammed.
-Tom
Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!