For the week ending 28th August 2016
We had a bank holiday Monday here in London, so I’m a bit off – and may have skipped a day or two. Not that anyone would really notice, but I felt the need to preface my tardiness with an excuse.
When security and convenience collide we get beauty sites that let anyone read customers personal information.
Chris Nickerson tweeted out the first PTES map created. Really interesting to go see how things start out. How many items do you have sketched out on the back of the beermat? A good reminder to go out and see things through to completion.
Can you explain encryption to me?
Analyzing malicious office documents.
Sounds like the title of a Hollywood B-movie. Unfortunately, it’s true – How the Pwnedlist got Pwned.
Why twitter was the platform of choice for ripping apart the NSA dump.
Not really surprising, but still saddening that many hospitals transmit your health records unencrypted.
Timing of browser-based security alerts could be better. More likely that this kind of research will be lapped up by advertisers.
Not entirely security related, more from a legal perspective, but interesting all the same. How you can intentionally destroy evidence and still win a $25million verdict.
Car hacking is the future – and sooner or later you’ll be hit
Great piece from my friend / partner in crime / ex-colleague Adrian Sanabria on why we need to change the psychology of security.
Saving the best / worst for last – did WhatsApp fall from (relative) grace in one quick motion as it announced it will share your phone number with Facebook. On the topic, it also appears as if disabling tracking on WhatsApp doesn’t disable tracking or your data being sent to Facebook.
My friend Steve Lord summed up the WhatsApp position in a multi-tweet rant better than I could:
A couple of people have said to me that they don’t want to remove whatsapp and switch to Signal because their friends are all on whatsapp. These people don’t understand that Whatsapp will upload your contacts to Facebook. You might not care about your privacy, but I care about mine, and that of others.
People who aren’t on facebook will get a shadow profile created about them, with their phone number attached to it. They never agreed to a terms of service, and it’ll be your fault that it’s been passed over to facebook, all because ditching these {expletive} was somehow inconvenient. You’ll be just as guilty of flaking out over other peoples’ private data as Whatsapp and FB.
So seriously – install signal, get your friends to install signal, give it a try and get rid of whatsapp once you’re happy with it. At least then you’ll be coming from a position of having tried.
Javvad Malik 