Some notes following the Enterprise Cyber Security Europe event, 19 September 2018, Amsterdam.

• @ThomLangford: When trying to hire, look for passion. Technical skills can be taught later on. Also, look for the people who care about what they do, who are full of energy, who are constantly pushing their limits and who are filled with passion. 

• Humans are indeed the weakest link in any security system, because brains are hard to upgrade and because emotional manipulation is easy. 
• So how do you deal with the human risk? 3 possible avenues:
  • throw technology at it
  • improve your internal processes (ex: out of band validation)
  • or develop a continuous and adaptive security awareness program, where people at Terranova seem to know what they are doing. 
• Awareness is for everybody, training is for similar groups of people (ex. a department), education is for the ones who genuinely want to learn
• The story of the women codebreakers at Bletchley Park is fascinating
• Total cyber crime revenues: in the region of $1.5 trillion annually
• Time to detect a data breach: between 99 and 197 days depending on who you ask. Either way, it feels like an eternity
• You can actually turn a data breach into a positive development for your organisation if you manage to be humble, transparent and willing to improve things
• Booking.com is having an interesting ‘everything is a test‘ culture (over 1000 experiments going live at any given time). The company brands itself as a ‘developer-first enterprise’. You must make an effort to find a compromise solution between security and usability
• Preparing for the GDPR should have been easy as long as you have a user-oriented mindset. Don’t forget about the tools for user data export and user data deletion.

Just a quick, did-you-know type of post written because the technology below is way to cool not to share 🙂

1. Did you know that the wi-fi routers can be used to identify faces, recognize keys that you type or read lips?

Researchers from the Northwestern Polytechnical University in China used WiFi signals to identify people. This identification was made based on the shape of people that was read as radio waves bounced back and forth, as well as by the specific way in which people moved. The success ratio was 88.9% to 94.5% in a domestic environment. One potential application is that of having a super custom-made smart home which adjusts lighting, temperature and even music based on the person(s) gait walking through the room. Or you can just use it to spy.
[…]
A system developed at the University of Berkeley uses distortions and reflections in Wi-Fi signals made by moving mouths to essentially lip-read. This setup was used to tell which words a single person was speaking with 91 percent accuracy. The accuracy was 74 percent when three people were speaking at the same time.
http://www.zmescience.com/science/news-science/wifi-routers-for-spying/

(more…)

This is another post in the weekly links series, with all the links below grouped by a common topic: privacy.

First, a post that explains why you should be concerned about it:

If the federal government had access to every email you’ve ever written and every phone call you’ve ever made, it’s almost certain that they could find something you’ve done which violates a provision in the 27,000 pages of federal statues or 10,000 administrative regulations. You probably do have something to hide, you just don’t know it yet.
[…]
How could states decide that same sex marriage should be permitted, if nobody had ever seen or participated in a same sex relationship?
Wired: Why ‘I Have Nothing to Hide’ Is the Wrong Way to Think About Surveillance

Then, a post about the day-to-day implications of the facial recognition:

Obviously, facial recognition is here to stay. The convenience factor for consumers and the data mining potential for big business are too compelling. The erosion of privacy is unfortunately like sea level rise. We know it’s happening, we know the consequences, but we’re either powerless or unwilling to act in our best, long-term interests.
PetaPixel – The Unsettling Future of Facial Recognition

Third, a thought about the future of the Internet and how it could better protect our privacy:

It’s easy to forget that because of its short life, the Internet has actually changed many times over the last 30 years or so. It started in the ’70s as a military project, morphed in the 1980s to an academic network, co-opted by commercial companies in the ’90s, and then invaded by all of us via social media in the noughties, but I think it’s going to change again. And I think things like the dark net markets — creative, secure, difficult to censor — I think that’s the future.
And the reason it’s the future is because we’re all worried about our privacy. Surveys consistently show concerns about privacy. The more time we spend online, the more we worry about them, and those surveys show our worries are growing. We’re worried about what happens to our data. We’re worried about who might be watching us.
Jamie Bartlett TED Talk How the mysterious dark net is going mainstream

Yesterday, the BBC reported that the FBI allegedly paid an US university to launch an attack on the Tor network:

Anonymity network Tor, notorious for illegal activity, has claimed that researchers at US Carnegie Mellon university were paid by the FBI to launch an attack on them.
“This attack sets a troubling precedent,” the Tor Project wrote. “Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities,” it added.
BBC – FBI accused of paying US university for dark net attack

Finally, a very recent interview with Edward Snowden, where he explains a little bit about the tools that you can use to protect your online privacy:

If you interact with the internet … the typical methods of communication today betray you silently, quietly, invisibly, at every click. At every page that you land on, information is being stolen. It’s being collected, intercepted, analyzed, and stored by governments, foreign and domestic, and by companies. You can reduce this by taking a few key steps. Basic things. If information is being collected about you, make sure it’s being done in a voluntary way.
Edward Snowden explains how to reclaim your privacy