Things I hearted this week 9th March 2018

It’s been an uneventful week for the most part. I did spend a lot of time reading tweets by Today In Infosec. If you don’t know of it, I suggest checking it out. As the name suggests, it tweets out news from the world of information security from previous years. I was thinking that maybe I could wait five years and then recycle these weekly roundup blogs as “This week in Infosec”

But that’s the future, let’s jump into the news that matters today.

An Olympic hack

What went on behind the scenes at the Olympics? How much hacking went on, who was behind it, and what can be done about it?

SAML, SSO many vulnerabilities

SAML-based single sign on systems have some vulnerabilities that allow attackers with authenticated access to trick SAML systems into authenticating as different users without knowledge of the victims’ password.

Sounds like a lot of fun.


I came across this little gem on GitHub this week. Basically, it’s a repository of default credentials for a plethora of network devices, web apps, and so forth for over 500 vendors and near 2100 default passwords.

Remember, Mirai originally only had 61 default passwords to wreak havoc.

Sharing is caring

If you give your information to a business, how many places do you think it shares that information with? None, a dozen, fifty?

Well, thanks to GDPR compliance, PayPal has shared a list of over 600 entities it shares data with.


The case against hack porn

Joseph Cox at Motherboard raises an interesting point, that while new research is valuable, many times, it is only applicable in the realm of research, or for Bond films.

Personally, I feel that it’s important to allow and encourage new and innovative ways to hack into things. But it’s worth bearing in mind that very few people or companies are hacked with highly sophisticated techniques. The more we can do first to raise the bar to address fundamentals the better.

Risk Resilience is the future

We are often told about how a big breach can affect a company’s profits, impact its share price, and basically mean bad news.

But as more data is available and we can see the impact of breaches, the general consensus is that while the share price may suffer a major dip in the aftermath of a breach, it is often forgotten in about 12 months.

In this well-written article, Daniel Miessler discussed how companies should focus on resilience, avoiding disruption, and human safety.

Marcus Hutchins

A really well-written piece on Marcus Hutchins aka Malware Tech Blog. Hard to appreciate how his life has literally been turned upside down.

Regulating the IoT

Left to their own devices, it’s unlikely that manufacturers will willingly spend time and resources hardening or securing smart devices. So, it’s likely some form of regulation will force some changes soon.

Somewhat related to IoT as it involves self-driving cars being attacked. Or as they say, “rage against the machine”


I keep thinking to myself that this week I’ll try to steer clear of any cryptocurrency-related news, yet there are always a couple that catch my eye and I think they’d be interesting to include. If for nothing else, just to keep track of how issues are evolving and developing in this new world.


Article Link: