Episode 182: “Good” hack for SolarWinds, “Bad” security for Twitter, and “Sock Puppet” phishing

Topic 1: Could it actually be possible that the SolarWinds hack was “good” for their business?

https://www.scmagazine.com/feature/incident-response/why-solarwinds-just-may-be-one-of-the-most-secure-software-companies-in-the-tech-universe

No one would argue that being the victim of “the largest and most damaging security breach in US history” is a good thing. But as a result of the hack, SolarWinds took unprecedented steps to fundamentally reengineer their approach to security and dev-ops … and they are telling a surprisingly compelling story about how this makes them the most secure system in the industry. What’s more, it seems like customers are listening … and buying. Do you buy it?

Topic 2: Headline: Twitter is bad at data security and privacy.

Conclusion: No duh.

https://www.protocol.com/policy/mudge-twitter-whistleblower-hearing

The Twitter whistleblower testified in congress yesterday … and he made the “shocking” accusation that Twitter doesn’t have (and never has had) sufficient control systems for data protection. Thank you, Captain Obvious. This brings up a few questions: 1) does any social media company have sufficient data controls (no); 2) is there any appetite to make social media companies accountable for actual privacy / security (no); and 3) why does our society accept the presence of a tech platform that is “too big to control” and not simply turn it off if it can’t be made secure?

Topic 3: Because Security needs another piece of jargon: Beware Sock Puppet phishing

https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks/

Or would you rather call the attack ‘multi-persona impersonation’ (MPI)? That’s the name used by researchers at Proofpoint.

Basically, this is an orchestrated attack where the bad guys control multiple email accounts and email back and forth with the target in the middle of the cc: string. The idea is to provide (fake) social proof. 

 

Sponsor Memo: SBTTC

This podcast is sponsored by the Small Biz Thoughts Technology Community. Check us out at https://www.SmallBizThoughts.org

Forms, templates, and checklists are just the start. Our Community includes ALL of the best-selling books on managed services in all available formats, plus free training, members-only programs, and the best business training available to managed service providers anywhere.

Plus, we have weekly live members-only Zoom calls. The average member saves more than 200% of their membership cost each year. We are totally dedicated to YOUR success. 

Just because you’re in business for yourself doesn’t mean you have to go it alone. Join us today at https://www.SmallBizThoughts.org

🙂

 

 

Liked it? Take a second to support Dave Sobel on Patreon!