Things I Hearted Last Week

For the week ending 4th Sept 2016


A classic case of an auditor that is intent on causing more harm than good – resurfaced on my twitter stream, so thought I’d re-share.


Troy Hunt confirmed the Dropbox hack is unfortunately real. However, some observers are saying that Dropbox’s data breach response is still wrong. It makes some valid points – and one has to wonder whether we do need mandatory breach notification.


What qualities do you look for when hiring information security professionals?


Apparently it’s possible to unlock phones with a VR headset and Facebook photos.


Are companies’ digital transformations near complete? The C-suite things so, the people on the ground beg to differ.


What I learned speaking at events as a CEO for the past 2.5 years. A good article that lists some of the business benefits from public speaking, as well as useful tips on what to look out for and how to measure success.


This isn’t representative of MSSP’s. But it does show that as a customer, security is seldom ‘set and forget’. It is a good reminder that just because you think you’ve deployed monitoring technologies, it doesn’t mean you have.


The ICO has a report on UK data incident trends. Healthcare is by far the worst sector with 232 incidents. In second place is local government with 62. The most common data security incident type was ‘data posted or faxed to incorrect recipient’. The most common Cyber Incident type was ‘cyber security misconfiguration’.


Not quite security related, but interesting all the same. The biggest threat to democracy? Your social media feed.


How spy tech firms let governments see everything on a smartphone. With an eye-watering $500k setup fee?


CSP Is Dead, Long Live CSP! Google research paper on the insecurity of whitelists and the future of content security policy.


Pokemon Go – hacking, and personal moral dilemma’s. Nice article.


AirBnB released their first ever transparency report. France leads the way with 42 requests.


Five attributes of an effective corporate red team.


The rise and rise of the machines. Wallmart is cutting 7k jobs due to automation.


Threat hunting is more than a marketing buzzword.


Sensepost wrote a tool and a blog that shows how you can pop shells on an end users box that has outlook running with just their AD/OWA//exchange credentials.


Microsoft gets support in gag order lawsuit from U.S. companies.


One to file under ‘breaches sometimes really do hurt business’. India shelves plans to expand French submarine order after data breach.