A lot happens before ideas become solutions.
At ElixWare we want to bring you more than just great, affordable software. We want to let you know how and why we do what we do.
Our Ruminations blog will bring you insights into how we got here and some of the things we consider when trying to help you run your business. We hope it gives you a better understanding of how we strive to better serve your needs.
5 minute read
To NSDP's credit, they had backup plans in place for both recording and reporting the caucus results. Nevada will now be using those backup plans as their primary method of counting the votes.
The IDP had paper backups too (the best kind of backups for voting). But they were not prepared to execute their backup plans from an operational standpoint. The IDP also had a call-in number for manually reporting vote counts. Unfortunately, it was jammed by internet trolls who deliberately interfered with the caucus results. IDP should have used a service for the call-in number that required a PIN.
On a related historical note, in 2002 an established Republican operative named Allen Raymond was hired to tie up the phone lines of the Democratic Get Out the Vote effort. This happened during the hotly contested 2002 Senate race between John Sununu (R) and then-Governor Jeanne Shaheen (D). Sununu won by a narrow margin. Raymond, along with several others, was later indicted for taking part in the RNC-funded effort. Raymond and two others were convicted in 2005 (one of the convictions was overturned on appeal).
Not only did ESPN and UFC suffer a similar fate, but a week later Facebook's own Twitter and Instagram accounts were compromised. The same group was responsible for taking over all of these accounts.
You probably have two questions:
How did so many NFL properties each have multiple social media accounts hacked at the same time? Without insider knowledge I can only speculate.
For the NFL, I would guess that each of the compromised entities used a predictable format or pattern for their passwords. Something like "KC-Twitter", "SF-Twitter" and "NFL-Twitter" comes to mind. Not only would this allow the attackers to guess the passwords of additional teams, but also additional social media platforms.
As for ESPN, the UFC and Facebook, each probably used a pattern of their own (but a pattern nonetheless). Using these types of predictable patterns is a very poor security practice.
So, what can you do to protect your one-of-a-kind collection of memes, cat photos and posts about what you had for lunch? The same thing the corporate giants mentioned above should have used: Multi-factor Authentication (aka Two Factor Authentication or 2FA).
The simplest way to describe 2FA is "something you have and something you know". Typically, "something you have" refers to your cell phone for a hardware security key. If you've ever received a text with a one-time code, then you've used 2FA. The "something you know" is usually a password or PIN. When combined together it is much more difficult to compromise an account (when compared to just using a password).
You can enable 2FA on all the major (and most minor) social medial platforms, as well as your email service providers. So, what are you waiting for? You should set up 2FA on all your accounts (once you've finished reading this post).
Most of you reading this aren't going to muster up much sympathy for these workers who now have to drive to work. But would you really want them making your commute even worse?
For those of you unfamiliar with CVE-2019-19781, it affects important parts of corporate networks. The flaw is so severe that Homeland Security has issued multiple alerts about it. With 80k corporate LANs at risk, and proof of concept code in the wild, it's no surprise that ransomware attackers are taking advantage of it. On a scale of 1–10, this vulnerability rates an 11.
Considering the potential risk of this vulnerability, a few traffic jams is really the best-case scenario.
Jumpshot claimed to be a data analytics company. But leaked documents reveal it was really selling any and all data it could collect from anyone — and every device — using Avast software. Antivirus provider AVG was also funneling user data (your data) into Jumpshot.
So, what was Jumpshot selling? 'Every search. Every click. Every buy. On every site.' from hundreds of millions of users. Of course Avast framed it differently. But if Jumpshot were legitimate Avast would not have shutdown the company within days of the truth getting out.
Companies like Jumpshot need customers. These include companies like Google, Microsoft, IBM, Expedia, Intuit, Pepsi, Loreal and Home Depot (to name a few). And these "customers" are just as guilty of peering into your private data as Jumpshot is for selling it.
It's always jarring to find out this kind of abhorrent behavior exists in the corporate world. Many internet pundits claim that "If the service is free then you are the product." But with the case of Avast and AVG, your private data was the product whether you were using the free or paid version of their products. And that includes their corporate customers.
prev post: Your Business - Supply Chain Security