Top infosec trends in the social media spotlight this week

Trustico, a popular UK-based reseller of SSL certificates for websites to encrypt and secure their connections, found itself in hot water this week, as it was revealed that tens of thousands of certificates had been compromised due to shoddy OpSec practices.

The saga started on Wednesday, after it was revealed that Trustico’s general manager had emailed his customers’ private keys to a partner – compromising some 23,000 certificates and forcing their revocation.

News of the gaffe spread quickly on social media:

If this wasn’t enough to keep Trustico’s PR team busy, things took a turn for the worse yesterday, after a critical and easy-to-exploit security flaw was revealed on Twitter:

The vulnerability appeared to make it possible for attackers to insert commands into the HTTPS certificate validation form on Trustico’s website, enabling them to gain access to the company’s servers with unfettered ‘root’ privileges.

Although the dust is far from settling on the controversies, Trustico demonstrated that it wouldn’t let the double blunder get in the way of its social media marketing campaign. This, unsurprisingly, backfired:

In events news, Mobile World Congress (MWC), the world’s largest gathering for the mobile industry, closed its doors in Barcelona yesterday.

This year’s expo was once again the launch pad for manufacturers’ latest flagship devices, including Samsung’s Galaxy S9, Sony’s Xperia X72, and the new Nokia 8 Sirocco.

Amid the flurry of global press coverage and bombastic claims from MWC exhibitors, CNBC reporter Arjun Kharpal was taken to task by CBS’ security editor Zack Whittaker, who criticized his fellow journo’s poor choice of words:

Numerous Twitter users concurred with Whittaker, explaining to Kharpal that although today’s mobile devices can do indeed many things, being completely secure against attacks isn’t one of them:

Elsewhere, a group of researchers from MIT and Harvard have presented a new system designed to make private browsing even more private.

The solution – dubbed ‘Veil’ – would provide added protection to people using shared computers in offices, hotel business centers, or university computing centers, and can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor.

A full technical write-up can be found here.

In funding news, WhatsApp co-founder Brian Acton has invested $50 million in Signal, the secure messaging app.

The move will also see Acton – who left WhatsApp parent company Facebook last year – become executive chairman of Signal’s newly-announced non-profit organization, The Signal Foundation, which aims to “support, accelerate, and broaden” the messaging app’s mission of making private communication accessible to all:

Finally, Bill Gates took to Reddit this week for his sixth Ask Me Anything discussion.

The Microsoft visionary’s latest Q&A session touched on numerous subjects, including future technologies, the rise of automation, and the role quantum mechanics could play in software development.

In addition to the light-hearted comments surrounding his hobbies and favorite quick-fix snack (for those who are interested: tennis and tomato soup), Gates issued a stark warning over cryptocurrencies, which he says have “caused deaths in a fairly direct way”.