It shocks me that Windows XP is "still alive" in some form until 2019. Of course, there are plenty of other things you have in your environment that you can't patch...
- Malware and non-malware ways for ATM jackpotting. Extended cut - Securelist
- Windows XP Embedded Supported for Two or More Years -- Redmondmag.com
How can an organization be so unaware of what security tools they have they need someone's help to discover what they have? With more and more infrastructure moving to the cloud, how can they be?
Links:PhoneBoy Speaks Ep 1106: Cloudy Security
Yet another new social media tool has been launched, called Talkshow. It's like Periscope but in SMS. Texting in public.
- Talkshow is texting in public. — Talkshow — Medium
- Talkshow: We keep reinventing the wheel
- Talkshow: I did it anyway because I'm dumb
Man in the middle attacks aren't new. Especially on the phone network, which has only gotten easier has more of it has become wireless.
- Hackers spied on a US Congressman’s communication abusing the SS7 protocol —Security Affairs “Security experts eavesdropped and geographic tracked a US Congressman only using his phone number by abusing the SS7 protocol.”
Users know they should do something to protect corporate data, but they don't actually do anything to do so. Who's fault is that? Ours, as infosec professionals. We don't make it easy for people to do the right thing.
- Top 4 Ways Employees Compromise their Corporate Data via Cloud Services —Check Point Blog “Recent research by Gartner showed that “Through 2020, 95% of cloud security breaches will be the customer’s fault.””
- SecurityBrief NZ - Employees worry about security but don't do anything about it, survey finds
If you haven't heard, Apple has stopped supporting QuickTime in Windows. You might want to uninstall It since there are a couple of unpatched security vulnerabilities now known and Apple won't be fixing them.
- Where to get answers about QuickTime 7 or QuickTime 7 Pro - Apple Support
- Urgent Call to Action: Uninstall QuickTime for Windows Today -
How is it I can auto-deploy and auto-update applications in the cloud and yet desktop software still requires someone with admin privileges to agree to update the software? This is 2016, folks!
Links:PhoneBoy Speaks Ep 1101: Auto-Update All The Things!
It's been 100 episodes since my last "state of the podcast" type podcast, so here it is.PhoneBoy Speaks Ep 1100: State of the Podcast #1100
Some work-related anniversaries recently happened. Also, social media: it's important for your professional life.
Links:PhoneBoy Speaks Ep 1099: On 1099s, Work, and Social Media
WhatsApp claims end-to-end encryption has been implemented in their app. So what? The metadata Is still there and I have no doubt WhatsApp (a Facebook joint) will give it up on demand.
- WhatsApp Encryption Explained --- "Everything is not what it seems"
- WhatsApp is now most widely used end-to-end crypto tool on the planet —Ars Technica “(credit: samazgor) WhatsApp has enabled end-to-end encryption across all versions of its messaging and voice calling software, according to a Tuesday announcement on