Customers of Singaporean ISP StarHub, suffered two major disruptions to their service over the past week, in what the telco said was a result of a “intentional and likely malicious distributed denial-of-service (DDoS) attacks”.
Oh the humanity!!
In what appears to be a copycat of the Dyn attack we saw (at roughly the same time), the attack signals the first local salvo in the war of IOT devices. But is it really that serious?
If you’re wondering what the hell happened, let’s walk this through step-by-step, from the attackers perspective. Continue reading
Brian Krebs is the most reputable name in CyberSecurity reporting, his krebsonsecurity website is the best source of ‘real’ journalism on the subject.
But reputation works both ways, the same thing that makes him popular in some circles, makes him unpopular in other. He’s had criminal hackers send him heroin in the mail and even have SWAT teams descend on his home with guns all blazing (in a phenomenon called swatting!). Reporting and exposing underground cyber-criminals comes at a price, you don’t piss of darknet crime lords without taking a few hits along the way.
The problem though is when those ‘few’ hits, turn into a hurricane of web traffic aimed at your server, because that’s exactly what descended on Krebs’ server late last week, when krebsonsecurity was hit by an epic DDOS attack
DDOS is an acronym for Distributed-Denial-of-Service, which basically means forcing so much web traffic to a single website that it eventually collapses–making it unable to provide services to the ‘real’ visitors of the site. All websites run on servers with finite capacity, DDOS attacks are about sending enough traffic to those servers that they eventually exceed that capacity.
But this DDOS was different, and krebsonsecurity will go down in history as the Hiroshima of this type of DDOS. But nuclear weapons only had Hiroshima and Nagasaki, krebsonsecurity will be the first in a Looooong line of DDOS attacks of this scale.
So what makes this attack so different as to merit it’s own class? Well 3 things.
Jais recently launched anew mobile app to allow the public to easily report any crimes that contravene syariah laws.
Obviously there’s social and legal implications here, which I won’t go into, but we need to understand just how stupid this idea is.
When you ask amateurs to give you security, what you eventually end up with is amateur security.
It’s the reason why Maths professors from Ivy league universities are wrongly profiled as terrorist, or why breast milk is incorrectly identified as explosive substances on planes, why it doesn’t take an evil genius to break into your gated and guarded housing project. Security is hard, and if you entrust into the hands of amateurs, things don’t end well.
Having a ‘app’ where people can report anything that contravene’s their morality is a sure-fire recipe for disaster, and I don’t think Jais have the infrastructure nor the processes to fully receive all the complaints and run a proper check on each of them.
And when it has real legal implications for Muslims (even non-Muslims), then they need to take that shit off the Playstore.
Is it wise to use an online password manager? After all, putting your passwords on the cloud seems like a really dumb idea.
But I use password manager because while storing stuff on the cloud may present risk, it’s far riskier and dumber to re-use passwords.
Why you need a password manager?
Despite the sexiness of zero-day exploits and hardcore state-sponsored hacking groups we see on the news, the number one way the average person gets hacked is through password compromise (boring!). That’s when hackers guess, or somehow figure out your passsword, and then use it to access the various online services you subscribe to.
Most people downplay the risk of this happening, ebcause they think they’re not rich enough, or famous enough to be the target of hackers. But in an era, where hacks compromise millions of accounts, and hackers can automate exploits to run on cheap cloud servers from Amazon–you’d be surprise what hackers consider a worthwhile target.
But how do hackers get your password?
On occassion they actually guess it, ala ‘the fappenning’, but more commonly they get your passwords by hacking other services. Shockingly, sometimes the easiest way to get your Google password is to hack dodgy forums, and insecure chat rooms that litter the internet. Continue reading