Top infosec trends in the social media spotlight this week
The infosec world once again descended on Las Vegas this week for the cyber triathlon – BlackHat, DefCon, BSides – and more.
The whole overlapping week-long festival was bigger and bolder than ever before. No expense was spared, most particularly on the lighting rigs.
Outside the keynote session PortSwigger’s own James Kettle presented his research on HTTP request smuggling.
Elsewhere, Bitdefender unveiled findings on a new variant (CVE-2019-1125) of the infamous Spectre vulnerability, dubbed the SWAPGS Attack.
Independent infosec experts reckon existing patches already cover the issue, adding that attacks based on the security bug are, in any case, unlikely.
What’s a show without an award? In the case of Black Hat, it’s the Pwnie Awards, where Bloomberg’s controversial story about Super Micro won in the “most overhyped bug” category.
De-platforming
Cloudflare (and other services) terminated 8chan in the wake of a shooting at a Walmart in El Paso, Texas, where the suspected gunman was said to have used the platform to incite violence and hateful rhetoric.
The shooter, who has been arrested and charged with capital murder, is believed to have posted an attack manifesto online, titled ‘the Hispanic invasion of Texas.’
Reports have alleged that the manifesto was posted on 8chan by the gunman, although the site’s owner, Jim Watkins, has denied this claim, saying that the document was posted by a different user, and that the content was later removed in cooperation with law enforcement.
Welcoming the sanction applied by Cloudflare against 8chan, many in the Twitterverse felt it was a move long overdue. Others questioned the consistency of Cloudflare’s policies and procedures about who it lets onto its platform.
After getting dropped by Cloudflare, rival content delivery network Bitmitigate briefly took on 8chan as a customer – hosting provider Voxility stopped leasing servers to BitMitigate in response.
As things stand, 8chan has effectively been expelled from the clear-net. It may yet reappear somewhere on the dark web.
22 people were killed in the massacre in El Paso.
Banker’s log jam
Digital bank Monzo told hundreds of thousands of customers to change their PINs after it realized it was accidentally storing sensitive customer data in log files.
It seems that the bank card PINs were getting written to encrypted log files that were nonetheless accessible through tools and interfaces available to Monzo’s technical staff.
Monzo was both criticized for its failure to follow industry best practice and praised for its transparency over the problem.
On the record
Finally, book loving infosec geeks were given an early present with news that NSA contractor turned whistle-blower Edward Snowden was writing his memoirs. “'Permanent Record” – out in mid-September – promises to offer Snowden’s story in his own words for the first time.
Snowden’s story has already been told through Academy Award-winning documentary, Citizenfour, as well as several fictional portrayals in movies.
His escapades have even inspired video games as well as music from a French electronic musician.
Any bets whether or not the Five Eyes already have galley proofs for the upcoming tome?
