Thursday, September 11, 2014

Justification for Your Paranoia

There is a lot happening in the security world every day, but lets make a slight digression to another topic...
https://www.defectivebydesign.org/apple
Apple Products Suck.

That being said, let's move on to your regularly scheduled "things that make you want to unplug,"


1. Because sometimes you just want to watch all the world's cyber-attacks in real-time...
Almost everyone in the computer industry loves using computers to create fancy graphs, graphics, and visual representations of data, and security experts are no different. As an added plus though, security experts have access to really interesting data, and really cool tools for mangling and viewing that data. If you want to simultaneously give yourself a seizure and get a good view of how much hacking happens in the world, there are a lot of tools and sites out there that can let you do this.
My favorite to watch is Kaspersky Labs' Cyberthreat Real Time Map, which lets you watch a beautiful light show of all of the threats detected around the world by their various security offerings (and sometimes where they threat originates from). 
Norse Corp's Live Threat Map, is similar in visualization (but without the pretty globe floating in space backdrop), but also gets a lot of Darknet data and keeps a nice running list of which countries originate or are targeted by the most attacks (spoiler alert: most hacks come from the US or China and target the US).
Slightly less pretty and more limited in score, the Digital Attack Map shows a daily summary of worldwide DDoS attacks. The data is not real-time, nor as slickly displayed, but it provides a good bit more detail on the individual attacks. 
2. If you've ever wanted to just make-up a fake credit card, rather than giving out your real one...
Every hacker, most software testers, and anyone else paying attention know that the last four digits on a credit card that actually identify your personal account, and that the first digit identifies the type of card, but have you ever wondered what all the other numbers were for? Credit.com released a helpful blog post to explain how the card numbers work, and, more importantly, how they are validated. 
Software testers often have to make up credit card numbers (sometimes deliberately invalid), so its always helpful to know that the first six digits are the same for everyone with the same type of card and how validation works. As a helpful aside, if you come upon a website that offers something "for free", but requires a credit card number ("in case they have to charge you later..."), knowing how to make a fake account number that will validate can come in handy. Or you can just use something like getcreditcardnumbers.com.
3. The news media has been obsessed with the recent leak of nude celebrity photos...
This does not interest me at all (I honestly had no idea who Jennifer Laurence was when the people on NPR started talking about this). However, one very interesting thing has come out of all of this nonsense. These events have prompted 4CHAN (yes, that 4CHAN) to adopt a DMCA takedown policy. Granted, it has little need of such, given that a specific link or content seldom remains available on a given thread for more than a day or so. Still, it is quite surprising that a site famed for its uncensored content and commitment to anonymity would need to take such steps.
In related news, apparently these events alone have generated enough traffic on reddit to pay for a month of their server costs.
People really need to find better things to do with their time... 
 4. Did anyone else use Google Wave?
This is not really security-specific.
As someone who likes text-based, play-by-post style RPGs, and who generally prefers not to communicate by voice, Google Wave seemed like the ultimate communication medium. Sadly, it was shut down in 2012, then passed to the Apache Foundation, where some work was done to make it usable on private servers, but it never really took off again...
Well, in an unspeakable act of technical necromancy, Wave is being resurrected in the form of Sandstorm. Needless to say I am excited.
5. The Home Despot has become the latest in a long line of big data breaches.
Our old friend the BlackPOS malware is at it again. This time snatching some 60 million credit card numbers from Home Depot, with greater than 99% of stores affected. Unsurprisingly Home Depot is already being sued in a class action suit over the breach. This is just another in a long line of point-of-sale breaches, but this one hits home a little more...in that it is the first store that I actually shop at to have been affected.
Just a reminder that if you shopped at Home Depot, you should probably go ahead and order a new card with a new number. And for you debit card users, remember, the need for a PIN is not always a barrier to them being used.