Random links #15

Written on 16 April 2019, 04:41pm

Tagged with: , ,

Abusability testing – funny name found by Ashkan Soltani in his Enigma talk where he looks into the ways the technology can be used to cause harm. Abusability testing is an innovative and intriguing way to look into the possible ways the technology used in un-intended ways can cause harm to the others. Red teams are used to explore the ways that other can harm your organization, but it’s time to think about the possible ways that technology can be (mis)used and have a negative impact on others. The leading example (with the Kim Jong-nam) is eyes opening.

Bayrob malware: a fascinating story about 3 Romanians behind an extremely complex online fraud operation along with a massive malware botnet. Tens of millions of dollars in nine years, but they are fortunately going to jail.

The first image of a black hole has been recently taken by EU-funded scientists. Two notes: (1) the EU should make more efforts to advertise its research efforts and (2) for me this is a remarkable achievement, comparable to taking a photo of an emotion. It’s borderline philosophical, and the scientists effort has been tremendous.

The black hole at the centre of Messier 87, a massive galaxy in the constellation of Virgo. This black hole is located 55 million light-years from Earth and has a mass 6.5-billion times larger than our sun.

The Norwegians are moving in the right direction. After launching a project to install in Oslo the world’s first wireless electric car charging stations for taxis, it recently decided to withdraw its support for oil exploration offshore the sensitive Lofoten islands in Norway’s Arctic.

Random links #14

Written on 26 March 2019, 07:01pm

Tagged with: , , , , ,

Kano allows your kid to build their own computer and learn to code. It’s an amazing tool that will help your kids improve their digital skills.

Make your own computer. Then learn to code

*********

Trypophobia is an aversion to the sight of irregular patterns or clusters of small holes, or bumps. Didn’t know this is really a thing…

Lego bumps

*****

Glass vs plastic when it comes to bottled water

When glass is recycled it gets turned in to more glass. It can be recycled over and over and never lose its integrity.
Plastic bottles, however, are not recycled into plastic bottles. The plastic loses its integrity and needs to be turned into something different such as plastic lumber or carpet padding. Because of this, some people say that plastic isn’t truly recycled; it’s downcycled.
Every time a product is packaged in a plastic bottle, jar, or other container, it’s new plastic. All new resources went into making it. Glass jars, on the other hand, can be made from recycled glass. 

https://www.mnn.com/food/healthy-eating/blogs/glass-vs-plastic

******

Protanomaly: a type of red-green color blindness in which the red cones do not detect enough red and are too sensitive to greens, yellows, and oranges.
As a result, greens, yellows, oranges, reds, and browns may appear similar, especially in low light. It can also be difficult to tell the difference between blues and purples, or pinks and grays. Red and black might be hard to tell apart, especially when red text is against a black background. Read more

******

How to Build a Successful Career in Information Security / Cybersecurity
Some great advice from Daniel Miessler:

  • learn to code
  • build your lab
  • build your portfolio of projects (make sure you own your data)
  • practice with bounties
  • get involved – contribute to open source projects
  • be active, engage in conversations
  • network with others
  • participate to conferences
  • find a mentor
  • get certified:
    CISSP is the closest thing to a standard baseline that our industry has. It’s actually better than a computer science degree in a lot of organizations
  • most importantly: have passion!


Some notes following the Identity Management Europe event, 14 March 2019, Frankfurt.

  • Ever wondered which are the biggest risks that we face? According to the World Economic Forum, a massive data fraud/theft or a large scale cyber attack rank in Top 5 most likely global risks, while the large scale cyber attack has the 7th most devastating impact. Worrying, no?
  • The fraud triangle: pressure (motive) – rationalisation – opportunity
  • Need-to-know – has strictly limited use cases (it comes from the military). In real life, we want the information to flow – don’t kill the business. There is always a fine balance between over-entitlement (leading to security risk) and under-entitlement (business risk).
  • MFA with yubikeys is the Graal of authentication – superior to everything else.
  • NIH: Not invented here: the strong bias against ideas from the outside.
  • Build vs buy: the main advantage of ‘buy’ is the fact that it allows the customer to concentrate on their core business.
  • In the cloud infrastructure there is the concept of zero trust. Deny all by default. Never trust. Always verify. Never trust the client. Never trust the server. Never trust the network.
  • Friendly reminder that the cybercrime became a 1.5 trillion business

Some emerging technologies:

Finally, some notes on automation:

  • Robotic process automation can be used for automatic testing (auto-filling of forms)
  • DevOPS (combining responsibilities of DEV, Q&A and OPS) – only possible if a big chunk of the work is automated
  • Workflow: Code > Build > Test > Deploy > Monitor – all of this automated (maybe except for the coding part 🙂 )
  • Remediation using automation: service not responding: auto-restart; load spike: auto scale instances; service fail: redeploy a new instance
  • Use automatic monitoring tools to detect bugs before your users (Splunk)
Rainy Frankfurt