The blind leading the blind on Cyber Security
It’s been another busy week in Cyber Security. We’ve got everything from Android security advice to a high risk Linux Kernel that needs to be patched immediately. We’ve also got a good one about a Dark Web drug lord that got arrested attending an event that I didn’t even know existed, or could exist, before this week began.
But the story that interests me the most is what we’ll lead off with. The blind leading the blind. It seems like if you were going to build a task force on Cyber Crime, you wouldn’t let an organization that just suffered an egregious breach lead it. Right?
SEC to lead task force on Cyber Crime
The SEC is leading a task force on Cyber Crime. Specifically, the task force will be concentrating on rooting out criminals on the dark web and monitoring the crypto-currency market. Specifically initial coin offerings. Initial coin offerings are like IPOs, but for crypto-currencies and some shady stuff happens with them. And of course monitoring the dark web is a given. Though it is a little ironic that the SEC would lead this venture given its recent problems.
[Source: News BTC]
Don’t use an unlock pattern to secure your Android phone
You know how your Android phone lets you draw that little pattern on the screen to unlock it? Yeah, that’s not safe. Research by the US Naval Academy at the University of Maryland Baltimore County has found that 64% of shoulder surfing attackers and reproduce it. Yep, 64%, and that’s just from seeing it one time. The number jumps to nearly 80% the second time. Use a strong password to secure your phone. It’s a proven method.
[Source: Help Net Security]
Dark Web Drug Dealer busted at Beard competition
Speaking of the dark web, a notorious dark web drug dealer was arrested after attending a beard competition in the US. Gal Vallerius is a 38 year-old Frenchman who decided to leave the comforts of his home to attend the World Bear and Mustache Championships. I didn’t even know that was a thing. Anyway, Vallerius is also accused of being one of the proprietors of Dream Market, a large black market dark web site that was shut down by the fed several months ago.
[Source: Hacker News]
Sonic gets breached, Data for millions of cards stolen
If you’ve ever eaten at a Sonic drive-in, you may want to get a new credit or debit card. That’s because Sonic announced it was the victim of a breach recently and the data for over one million debit and credit cards were stolen. This reinforces something that we say all the time here at Hashed Out: cyber crime can happen to anyone. Sonic, a company that makes its money by selling burgers and slushies with an old-timey drive-in feel, probably thought it would be the last company that would have to worry about a breach. Wrong.
High Risk Linux flaw needs to be patched immediately
There’s a flaw in the way the Linux kernel loads ELF files. Someone that knows what they’re doing can place a malicious program called a PIE (Position Independent Executable) can cause memory corruption and possible local privilege escalation. This flaw has been deemed “High Risk” and users are advised to patch their systems immediately. Just run your usual package management tools to install the patched kernel. Then reboot.
[Source: The Register]