I saw this picture somewhere on social media of these many locks securing the bolt. However, upon closer inspection, you can see that by simply removing any one of the locks, you unlock the whole thing. I hope you'll allow me the opportunity of dragging this out into a cybersecurity analogy. But, sometimes the sheer … Continue reading Security Through Complexity
$1200 for acceleration on a Merc
Mercedes is one of the latest car companies to think, "hey, what do we do in a global downturn when new sales are low... I know, let's limit some features on our car, then when people buy them, charge them extra to unlock it via a subscription model. If it's worked for SaaS, it can … Continue reading $1200 for acceleration on a Merc
BSides Tallinn 2022
I love myself a good Security BSides, and I've never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights - I opted for the scenic … Continue reading BSides Tallinn 2022
Fingerprints are awesome, until they’re not
I'm filing this one under I'm a bit cynical about it. According to this story there have been a bunch of people who have paid to have their fingerprints surgically altered. Some of the people were workers in Kuwait who had been deported for criminal activity. By having their fingerprints altered, and a new identity created … Continue reading Fingerprints are awesome, until they’re not
GUCCI vs CUGGL
In Japan, someone registered a trademark for CUGGL as a clothing brand in Japan. GUCCI tried to sue for copyright, but the Japan trademark office stated that CUGGL is not similar enough to GUCCI to warrant enforcement. Well, maybe not in the written word, but what do you think about the partially obscured logo? I … Continue reading GUCCI vs CUGGL
Lloyd’s to end insurance coverage for state cyber attacks
Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a … Continue reading Lloyd’s to end insurance coverage for state cyber attacks
Twilio smished – SMS is the new achilles heel
Twilio was recently compromised after a couple of employees handed over their credentials to an attacker. The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to … Continue reading Twilio smished – SMS is the new achilles heel
Get rich in Europe for €250 (or lose it all and your personal data)
Group-IB have published a very well researched report on fake investment scams in Europe The scam follows a well-established set of steps:1. The bogus come-on is published on social media.2. The victim is taken to a phony investment website.3. The victim enters personal information in a form on the scam site.4. A call center contacts … Continue reading Get rich in Europe for €250 (or lose it all and your personal data)
Microsoft sent you a USB stick – what would you do?
I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam. An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit. This is where people's biases … Continue reading Microsoft sent you a USB stick – what would you do?
Honey Trapping Baddies (or just nosey people)
I was recently reminded of this headline from a few years ago where a couple left their bikes unlocked to lure thieves and then proceeded to beat them up with baseball bats. I don't advocate violence, and nor do I approve of vigilante behaviour. But police around the world use this trick all the time. … Continue reading Honey Trapping Baddies (or just nosey people)
Javvad Malik 