Top infosec trends in the social media spotlight this week
A study of a wide range of password managers from Independent Security Evaluators (ISE) this week generated plenty of controversy.
The US-based consultancy conducted a security audit of 1Password, Dashlane, KeePass, and LastPass on Windows 10, uncovering a number of bugs in the process.
ISE concluded that password managers routinely expose both secrets and the master password in the memory of the Windows PCs they are running on.
This sounds bad – on the face of it, not far off the tech equivalent of a dumpster fire – but was it really all that?
Controversy centered on how serious the threat the researchers had uncovered might be.
Jake Williams, of incident response and training firm Rendition Infosec, bluntly described ISE findings as a “hit piece” before going on to state his firm had “never worked a single incident where a password manager has negatively contributed to the case” and concluding arguing against password managers is the IT equivalent of casting doubt on the benefits of car seat belts.
Others also questioned the threat model underpinning ISE’s cautionary tale:
Identity management firm Identigral summed up these criticisms. It argued what ISE had discovered was unlikely to cause problems in practice.
This view among security experts was far from isolated:
Plenty of concerned password manager users expressed their worries in social media posts.
Even experts who were more generous about the research argued it shouldn’t be taken as a reason for consumers to steer clear from password managers, a point (in fairness) that ISE also makes in its post.
The Daily Swig approached Independent Security Evaluators for comments on criticisms of its research, but we’re yet to hear back.
Security research Carl Gottlieb pulled in more positive attention this week by live-tweeting a business email compromise (BEC) fraud attempt.
BEC is a growing cause of fraudulent losses, as evidenced by figures from the FBI’s Internet Crime Complaint Center (IC3) and other sources. The merry dance that Gottlieb led one group of fraudsters on meant they had less time to hoodwink less savvy potential targets, a welcome result.
In the e-money
Elsewhere, Ethereum co-founder Vitalik Buterin hosted an impromptu Ask Me Anything (AMA) on Reddit, with the main takeaway revealing that he owns $51 million in various cryptocurrencies.
Trump wants US to lead in 6G… which [spoilers] doesn’t exist as yet
The tech world was ablaze with talk about 5G super-fast mobile networks this week.
Vendors and telecom operators alike were laying out their stall just days before Mobile World Congress held in Barcelona next week, the industry’s biggest event of the year.
Meanwhile, senior GCHQ officials spoke about the UK’s assurance strategy for mitigating the risk that using 5G kit from Chinese vendor Huawei potentially poses.
The issue with Huawei, says Ciaran Martin, head of the National Cyber Security Centre, was not that its kit is being abused by Chinese agents to spy on its customers, but that its cybersecurity standards are not up to scratch.
Unless it improves – and no decision has been taken by ministers as yet – then Huawei’s tech will not get GCHQ’s seal of approval for potential deployment in the UK’s pending roll-out of 5G networks.
The US has embarked on a concerted legal and diplomatic push against Huawei, seeing the States – along with Australia and New Zealand – banning the Chinese telecom infrastructure supplier’s 5G technology.
Heady stuff, but for US President Donald Trump the politically charged issue of tech dominance in 5G wasn’t his focus.
He wanted American firms to be first with 6G, a technology that – experts were quick to point out – doesn’t exist yet and probably won’t arrive commercially for another 10 years.
America First, indeed.
Reaction to Trump’s 6G tweet was split between disbelief, through mocking, to a semi-joking desire to go with the flow and look beyond 6G.
There was also some speculation about what ‘The Donald’ might do if he ever got his hands on a suitable smartphone with a super-fast 6G connection.
Finally, from the technology of tomorrow to some of our yesterdays.
The European Organization for Nuclear Research (CERN) this week gave millennials a fascinating glimpse into what the dawn of the inter webs 30 years ago looked like.
The science agency recreated the original NeXT web browser within a browser, showing how the www looked back at its inception.
Shiny, albeit somewhat glitchy – going by early reactions to the release – but we're sure it’ll get there in the end.
Now, if you'll excuse me, tonight I'm gonna party like it’s 1989.