Upload files to 'content/posts/infosec'
This commit is contained in:
parent
0662cab3a8
commit
a1cd65109e
52
content/posts/infosec/infosec-tenets-simply-dont-work.md
Normal file
52
content/posts/infosec/infosec-tenets-simply-dont-work.md
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
title: "Telling users to ‘avoid clicking bad links’ isn’t working"
|
||||||
|
date: 2022-12-28T16:03:00+02:00
|
||||||
|
draft: false
|
||||||
|
tags: ["infosec","breach","email","encryption"]
|
||||||
|
author: "9x0rg"
|
||||||
|
hidemeta: false
|
||||||
|
ShowReadingTime: true
|
||||||
|
ShowPostNavLinks: true
|
||||||
|
showtoc: false
|
||||||
|
cover:
|
||||||
|
image: "<image path/url>"
|
||||||
|
alt: "<alt text>"
|
||||||
|
caption: "<text>"
|
||||||
|
|
||||||
|
---
|
||||||
|
By **David C**. Technical Director for Platforms Research and Principal Architect - [NCSC](https://www.ncsc.gov.uk/blog-post/telling-users-to-avoid-clicking-bad-links-still-isnt-working) (UK)
|
||||||
|
|
||||||
|
### Infosec tenets simply don’t work
|
||||||
|
|
||||||
|
*Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing.*
|
||||||
|
|
||||||
|
Advising users not to click on bad link: users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is **not** their job
|
||||||
|
|
||||||
|
### Mitigating credential theft for organisational services
|
||||||
|
|
||||||
|
- mitigate the threat of credential theft by mandating [strong authentication](https://www.ncsc.gov.uk/collection/device-security-guidance/infrastructure/enterprise-authentication-policy) across its services, such as device-based passwordless authentication with a FIDO token.
|
||||||
|
- set up [multi-factor authentication](https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services) (MFA).
|
||||||
|
|
||||||
|
### Mitigating malicious downloads through defence in depth
|
||||||
|
|
||||||
|
**Implementing enterprise-level actions and greatly reduce the chance of successful attacks on your network**.
|
||||||
|
|
||||||
|
**Preventing delivery of phishing email**:
|
||||||
|
- use email scanning and web proxies to help remove some threats before they arrive
|
||||||
|
- [DMARC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing/implement-a-dmarc-policy-of-none) and [SPF policies](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing/create-and-iterate-an-spf-record) can significantly reduce delivery of [spoofed emails](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing) to users
|
||||||
|
|
||||||
|
**Preventing execution of initial code**:
|
||||||
|
- put in place *allow-listing* to make sure that executables can't run from any directory to which a user can write,
|
||||||
|
- for anything not covered in *allow-listing*, use registry settings to ensure that dangerous scripting or file types are opened in Notepad and not executed, – for PowerShell, you can minimise risk by using PowerShell constrained mode and script signing
|
||||||
|
- disable the [mounting of .iso files on user endpoints](https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7)
|
||||||
|
- make sure that macro settings are locked down (see the NCSC's [guidance on macro security](https://www.ncsc.gov.uk/guidance/macro-security-for-microsoft-office)) and that only users who absolutely need them – and are trained on the risks they present – can use them
|
||||||
|
- enable [attack surface reduction rules](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide)
|
||||||
|
- ensure you update third-party software, such as PDF readers, or even better, use a browser to open such files
|
||||||
|
- keep up to date with current threats with wider reading about any new attack vectors emerging
|
||||||
|
|
||||||
|
**Preventing further harm**:
|
||||||
|
- *allow-listing* is again a powerful way to prevent further harm once a malicious file is opened
|
||||||
|
- DNS filtering tools, such as PDNS (for UK public sector and also the [private sector](https://www.ncsc.gov.uk/guidance/protective-dns-for-private-sector)) can block suspicious connections and prevent many early-stage attacks
|
||||||
|
- organisations can also carry out endpoint detection and response (EDR) and monitoring to look for suspicious behaviour on hosts
|
||||||
|
|
||||||
|
Source: [National Cyber Security Center](https://www.ncsc.gov.uk/blog-post/telling-users-to-avoid-clicking-bad-links-still-isnt-working) (UK)
|
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
title: "Malaysia telco databreach - check yourself"
|
||||||
|
date: 2017-11-14T04:25:49+06:00
|
||||||
|
draft: false
|
||||||
|
tags: ["asia","infosec","breach","malaysia"]
|
||||||
|
author: "9x0rg"
|
||||||
|
hidemeta: false
|
||||||
|
ShowReadingTime: true
|
||||||
|
ShowPostNavLinks: true
|
||||||
|
showtoc: false
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
![SayaKenaHack](/images/sayakenahack.png)
|
||||||
|
|
||||||
|
Lowyat reported on Oct. 30, 2017 that a total of [46.2 Million Malaysian phone numbers were exposed](https://www.lowyat.net/2017/146339/46-2-million-mobile-phone-numbers-leaked-from-2014-data-breach/), and the dataset included IC numbers, addresses, IMSI, IMEI and SIM numbers as well.
|
||||||
|
|
||||||
|
## Check yourself out
|
||||||
|
|
||||||
|
Head over to [SayaKenaHack.com](https://href.li/?https://sayakenahack.com), the dedicated website created by [Keith Rozario](https://href.li/?https://twitter.com/keithrozario) and check if your details are part of the breach.
|
24
content/posts/infosec/palantir.md
Normal file
24
content/posts/infosec/palantir.md
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
title: "Palantir: the ‘special ops’ tech giant that wields as much real-world power as Google"
|
||||||
|
date: 2017-08-02T16:54:00+06:00
|
||||||
|
draft: false
|
||||||
|
tags: ["tech","data privacy","surveillance"]
|
||||||
|
author: "9x0rg"
|
||||||
|
hidemeta: false
|
||||||
|
ShowReadingTime: true
|
||||||
|
ShowPostNavLinks: true
|
||||||
|
showtoc: false
|
||||||
|
cover:
|
||||||
|
image: "<image path/url>"
|
||||||
|
alt: "<alt text>"
|
||||||
|
caption: "<text>"
|
||||||
|
relative: false # To use relative path for cover image, used in hugo Page-bundles
|
||||||
|
|
||||||
|
---
|
||||||
|
*Minority Report is set in 2054, but Palantir is putting pre-crime into operation now.*
|
||||||
|
|
||||||
|
> Peter Thiel’s CIA-backed, data-mining firm honed its ‘crime predicting’ techniques against insurgents in Iraq. The same methods are now being sold to police departments.
|
||||||
|
>
|
||||||
|
> Palantir watches everything you do and predicts what you will do next in order to stop it. As of 2013, its client list included the CIA, the FBI, the NSA, the Centre for Disease Control, the Marine Corps, the Air Force, Special Operations Command, West Point and the IRS. Up to 50% of its business is with the public sector. In-Q-Tel, the CIA’s venture arm, was an early investor.
|
||||||
|
|
||||||
|
Full Story in [The Guardian](https://www.theguardian.com/world/2017/jul/30/palantir-peter-thiel-cia-data-crime-police)
|
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
title: "Personal data isn't the 'new oil' - it's toxic waste"
|
||||||
|
date: 2017-09-22T03:06:00+06:00
|
||||||
|
draft: false
|
||||||
|
tags: ["data privacy","tech"]
|
||||||
|
author: "9x0rg"
|
||||||
|
hidemeta: false
|
||||||
|
ShowReadingTime: false
|
||||||
|
ShowPostNavLinks: true
|
||||||
|
showtoc: false
|
||||||
|
cover:
|
||||||
|
image: ""
|
||||||
|
alt: ""
|
||||||
|
caption: ""
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
> Personal data isn't the new oil - it is toxic waste. Companies should:
|
||||||
|
> Create as little as,
|
||||||
|
> Regularly clean it,
|
||||||
|
> Store it securely
|
||||||
|
>
|
||||||
|
> -- Terence Eden on [Twitter](https://twitter.com/edent/status/906404039059034112)
|
28
content/posts/infosec/signalapp-desktop-fail.md
Normal file
28
content/posts/infosec/signalapp-desktop-fail.md
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
---
|
||||||
|
title: "Signal desktop: fail"
|
||||||
|
date: 2016-02-15T11:30:00+06:00
|
||||||
|
draft: false
|
||||||
|
tags: ["signal app","infosec","data privacy","tech"]
|
||||||
|
author: "9x0rg"
|
||||||
|
hidemeta: false
|
||||||
|
ShowReadingTime: true
|
||||||
|
ShowPostNavLinks: true
|
||||||
|
showtoc: false
|
||||||
|
cover:
|
||||||
|
image: "<image path/url>"
|
||||||
|
alt: "<alt text>"
|
||||||
|
caption: "<text>"
|
||||||
|
relative: false # To use relative path for cover image, used in hugo Page-bundles
|
||||||
|
|
||||||
|
---
|
||||||
|
*If you care about privacy, Signal is certainly not an option. -- Nikos Roussos*
|
||||||
|
|
||||||
|
Instead, use [Conversations](https://conversations.im/) on Android with [OMEMO](https://conversations.im/omemo/) encryption.
|
||||||
|
|
||||||
|
> Whisper Systems failed big once again. They just [announced](https://signal.org/blog/signal-desktop/) their "Desktop" version of Signal, which is actually a Chrome app.
|
||||||
|
>
|
||||||
|
>So just to get facts straight, this is neither a Desktop nor a Web app. And just like their Android app, you need a Google account to download it.
|
||||||
|
>
|
||||||
|
> Actually this is even worse, because you also need to use Chrome to use this app. **Channeling all your (meta)data through a closed source browser, built & distributed by the biggest tracking ad company**.
|
||||||
|
>
|
||||||
|
> -- [Nikos Roussos](https://roussos.cc/2015/12/05/signal-privacy/), 2015.12.05
|
Loading…
Reference in New Issue
Block a user