Top infosec trends in the social media spotlight this week
A hack against Reddit – the ‘front page of the internet’ – sparked debates over the use of SMS-based two-factor authentication (2FA) this week, with many security bods calling for it to be scrapped.
The security breach leaked the credentials and private messages of early users, when a malicious hacker accessed a backup file of data collected between 2005 and 2007.
They accessed systems using an employee account, which was unsuccessfully protected using SMS-based 2FA.
It sparked calls for the authentication method to be discontinued in favor of token-based 2FA systems, and Reddit itself announced it was changing the way it authenticates account users.
But not all views were as damning, as some noted that authentication by SMS could be passable in some cases – especially if it’s the only tool available.
Either way, the incident ignited an interesting debate and encouraged Reddit to upgrade their security measures – albeit, a little too late.
In other big 2FA news, Cisco announced it had acquired start-up firm Duo Security this week for a cool $2.3 billion, furthering the narrative that better authentication tools = better security.
Duo Security, you may know, creates multi-factor authentication software delivered through the cloud and has around 12,000 customers including Facebook and Etsy.
Mozilla Firefox announced it was looking to rebrand this week – and asked fans for their feedback on the browser’s fresh look.
Under the proposed plans, the infamous fox logo will be given an acid neon makeover, and new icons will be introduced.
A blog post stressed that the logos are not yet final and will be tweaked depending on the feedback given.
But the rebrand didn’t go down too well on Twitter, where users critiqued the need for one and slammed the initial designs.
Only time will tell whether Mozilla will go ahead with the new look, but if you want to give your thoughts on the open source project, head here.
Disgraced software mogul John McAfee made yet another outlandish claim this week when he announced that a new Bitcoin wallet, BitFi, was “unhackable”.
Now, it’s probably a sensible idea to take what he says – especially on social media – with a pinch of salt.
But McAfee, who is promoting the wallet, didn’t back down on his claims, which offered up a $250,000 bug bounty to anyone who could hack into it.
Cue, of course, a barrage of security researchers trying to crack BitFi to prove McAfee wrong.
Yesterday it was reported that someone had allegedly managed to hack the device, claiming to have root access – which was quickly dismissed by BifFi CEO Daniel Khesin, and McAfee.
Eventually, more researchers came forward to say they’d found vulnerabilities.
BitFi then claimed that they knew about these vulnerabilities all along – but still tried to allegedly buy out the hackers for their information.
Time and time again, companies making brash statements such as these are called out for launching ridiculous bug bounty programs to raise their profile.
As for calling their product “unhackable”, BitFi were just calling for someone to prove them wrong.
But morals aside, it’s hard to ignore the fact that while ethically shady, this latest McAfee episode has done wonders for BitFi’s publicity.
Ending on a slightly mysterious note, Singapore looked to sign a ‘cybersecurity deal’ with Russia this week after a series of attacks aimed at businesses and industry across the country.
A huge breach at SingHealth which saw 1.5 million healthcare records stolen – including those of Prime Minister Lee Hsien Loong – was reported on Monday.
And back in June, Singapore was reported to have experienced 40,000 attacks in one day alone.
This ‘deal’ between the Association of Southeast Asian Nations (Asean) and Russia was drafted during a meeting in Manila – though it isn’t clear what this agreement entails.
The draft document reportedly read: “We welcome the further strengthening our cooperation in cybersecurity with Russia through the issuance of the statement of Asean and Russian foreign ministers on cooperation in the field of cybersecurity.”