Identities and source of truth in this weekly cyber
Alexandre BLANC Cyber Security
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
While big tech is trying to push its own "passwordless" new fancy dream, aiming at tracking you even more and take ownership of your identity, you have to be careful.
The question is, who do you want to be the source of truth for your identity, knowing that the source of truth will be able to decide that you are not you !
When technology defines your identity in society, you no longer exist. That's why we must be careful with the whole passwordless buzz crap.
If it's about security, then use multiple attributes, as zero trust recommends, each attribute bringing its weight, and ask for the proper weight according to system or information access sensitivty.
This is not related to identity. Do not give away your identity to big tech. You will no longer own your life.
Make your authentication strong yourself !
Start by applying good practices, use different and complex passwords across systems, enable MFA where available.
It sounds like you heard this a lot ? Well, better do this, or hacked accounts will pile up, and big tech won't leave you the choice !
Use a password manager, a vault that protect confidentiality, and privacy, no BS !
I'm not saying open authentication protocols like FIDO2 are bad, I'm saying the road to hell is paved with good intentions. Big tech is known do hijack all good intents.
Own your identity, own your attributes, and yet, keep it convenient with a solution like passbolt, open source, self hosted if you want, your identity, your way.
The sooner you enhance your practice, the less accounts are hacked, the better it is for all.
This will make a difference, and hopefully change the weekly news, with less breaches ! Encrypt your data, protect your accounts, because this week again :
2 - The key problem is that people already don't patch software as they should, so considering this is an hardware issue, requiring firmware update...
3 - It leaked as usual, nothing online is private, if it goes through internet, it's public - Twitter Flaw Exposes Private Circle Tweets to Public
4 - It leaked as crazy, the same c - l .o - u . d (if you pronounce it too much, it's hurting the newslettet) ! 1M NextGen Patient Records Compromised in Data Breach
5 - If you have to use AWS redshift, then Use Redshift Data Scrambling for Additional Data Protection, at least !
6 - You should enable this : GitHub now auto-blocks token and API key leaks for all repos
7 - Carding, bank accounts logins, SIM Swapping, botnets
Crime is expanding, from dark web marketplace, to encrypted telegram channels.
That's not the only place, but criminals do enjoy flexibility and to be reachable.
领英推荐
Fact is, you access the cloud, this infrastructure you have no idea where it is and who has access in the backend, from local machines, the endpoints.
So, if the endpoints are not as secured as your cloud, then cloud is not secure either (as far as clowd can be secure)
9 - GRC, governance, risk, compliance.
When I saw the title, it immediately reminded me about the bases of ISO27001. Reaching maturity targets, the efficiency of your controls must be effective and efficient, somehow very aligned with this take on integration.
10 - It (the thing that can't be secured) leaks, as usual - Discord discloses data breach after support agent got hacked
11 - Thankfully the latest github change does help a lot in this ! But not everything is github, and not every repos has it enabled !
This latest report gathered answers from 507 IT and security decision-makers to study awareness about the risks posed by secrets sprawl and operational maturity in large enterprises.
12 - If you are forced to cloud despite all common sense and goodwill, at least try to apply the best practices !
GCP security simplified: a beginner's guide in this cloud serie
GCP security is helped by Google's built-in guardrails, but teams must be proactive about keeping their environments safe.
Learn more here, if you are about to cloud, or if you already use GCP.
13 - James shared this very good article : How to find out if your car is collecting your personal information.
This article lead to this very interesting site, listing how nasty are car manufacturers, allowing you to avoid buying the more invasive ones : Vehicle Privacy Report
14 - You've been sold to the illusion of security with the SAAS, the deception of the shared responsibility model made you think you wouldn't have to worry ! Too bad, the cloud ripped you AGAIN ! It's all a lie !
Thanks if you got to the end of it ! :D I wish you a great week, and don't forget to help yourself, or a friend, or family, teach them to used unique authentication passwords and attribute on every website, they could consider using a password manager like passbolt (which also works well for team collaborations and all).
Likes, shares, comments, always appreciated, what you like, what you don't like and anything else !
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
1 年on a directly related note https://www.darkreading.com/endpoint/keep-your-friends-close-and-your-identity-closer
IT Manager / CyberSecurity / Software Dev / IT Engineering Manager: Science, Engineering and Manufacturing
1 年You may want to ask people and or businesses Alexandre BLANC Cyber Security; what exactly do they gain by being connected to the internet ? What if they were't connected to the internet; could they still do their job, or work at their careers? It's really got people thinking :} On a side note Alexandre BLANC Cyber Security how are you coming along with your ATV?