Red Cross blog: Jim Gallagher and Hurricane Ian’s response

What skill does a retired journalist have in common with an American Red Cross disaster action team volunteer? This is not a rhetorical question: the two jobs both require you to listen to people carefully and be empathetic to their needs. This is the story about Jim Gallagher, who spent more than 27 years working for the St. Louis Post-Dispatch, mainly as a business reporter. “As a reporter you want to get people to open up to you, but that same skill in listening to people certainly helps when you are deployed. In both circumstances, you have to project sympathy,” he said. Both he and his wife have volunteered on a number of deployments.  He responded to the aftermath of Hurricane Ian in central Florida last fall.  Both helped out with those displaced by the California wildfires and helped ease the transition of unaccompanied minors crossing the southern border in 2021. In addition to his Red Cross activities, they also volunteer at a local food bank regularly.

You can read more about Jim and his volunteer activities on the Red Cross blog here.

CSOonline: What is the Traffic Light Protocol and how it works to share threat data

Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers and researchers. In this piece for CSOonline, I explain the origins of the protocol, how it is used by defenders, and what IT and security managers should do to make use of it in their daily operations.

Keeping up with Covid misinformation policies

About a month ago, Twitter removed its policies blocking Covid misinformation. This has led to the spread of various flights of fancy, many of which are dangerous if taken seriously. We all know why this was done and by whom. I have written about this topic before in 2020 in this blog post that I urge you to review. Sadly, the situation has gotten worse.

Today in the NYTimes is an article about how misinformation continues to spread across social media. This prompted me to examine the Covid policies of various social media platforms. Let’s take a look at them.

Interestingly, Facebook has the most specific policy set here, running to more than 4,000 words. They address specific false claims (I won’t repeat them here but it is a depressingly long list) and how the content can create potential harm to its users in the real world. The aim is to “reduce the distribution of content that does not violate our policies but may present misleading or sensationalized information about vaccines in a way that would be likely to discourage vaccinations.” That is an important point. One thing that I didn’t like was the way the policies were presented, with web links to other policies (such as bullying and hate speech) that are relevant but making it hard to track and digest.

YouTube has its policies here. Not quite 1500 words, it still goes into specific details about what content isn’t allowed. Again, I am not going into any details but some of this stuff — as with Facebook’s recitation — is just bonkers. Also in the policy is a description of the consequences if you do post this content. That is perhaps the most useful element: three strikes within 90 days and your channel is “terminated.” None of the other platforms have this spelled out.

TikTok has the least helpful information here. Their community guidelines pages has no mention of Covid, and this link (which is really more of a press release) is short on specifics.

Whether or not you agree with how and what the social platforms should do about Covid misinformation, the fact remains that vaccines — especially the Covid ones — save lives, and have lessened the impact of those who have gotten the virus. And spreading false claims about what can protect you from disease is just another way for things to “go viral,” sad to say.

A10 Networks blog: How to Defeat Emotet Malware

One of the longest-running and more lethal malware strains has once again returned on the scene. Called Emotet, it started out as a simple banking Trojan when it was created in 2014 by a hacking group that goes by various names, including TA542, Mealybug and MummySpider. Emotet malware is back in the headlines and continues to be one of the most significant threats facing companies today. In this review for A10 Networks, I describe what it is and how it works and how to defend against it using a combination of network and security tools.

Emotet Malware Timeline

Avast blog: A Bruce Schneier reader

Bruce Schneier’s work has withstood the test of time and is still relevant today.

If you’re looking for recommendations for infosec books to give to a colleague – or even to catch up on some holiday reading of your own – here’s a suggestion: Take a closer look at the oeuvre of Bruce Schneier, a cryptographer and privacy specialist who has been writing about the topic for more than 30 years and has his own blog that publishes interesting links to security-related events, strategies and failures that you should follow. In my blog post for Avast today, I review some of his books.

Avast blog: An update on international data privacy protection

The 38 member countries of the Organization for Economic Cooperation and Development (OECD) have recently adopted a new international agreement regulating government access to its citizens’ private data. The OECD draws on its membership from countries on several continents, including the US, Israel, Japan, Chile, the Czech Republic, and the UK. The document was released with the rather ungainly title of the “Declaration on Government Access to Personal Data Held by Private Sector Entities.”

There are seven common principles that were adopted, all in the interest of serving to the free flow of data across country borders and promoting trust between citizens and their governments.

You can read more on my post for Avast’s blog today.

Avast blog: DoD supply chain lessons learned

A July 2022 survey of 300 U.S. Department of Defense (DoD) IT contractors shows a woeful lack of information security in the majority of situations. These contractors are part of the DoD’s supply chain that, in typical government speak, is labeled the Defense Industrial Base (DIB). The report should be a warning even for those technology contractors that don’t do any DoD work, as I explain in my latest blog for Avast.

 

Avast blog: International police operation takes down iSpoof

Last week, an international group of law enforcement agencies took down one of the biggest criminal operators of a spoofing-as-a-service enterprise. Called iSpoof, it collected more than $120M from victims across Europe, Australia, Ukraine, Canada, and the United States. During the 16 months of the site’s operation, the group took in more than $3.8M in fees from its victims. In my blog for Avast, I summarize what happened, why this gang was so significant, and how spoofing has gotten more advanced over the years since those early days when Paris Hilton spoofed her friend’s cellphone.

Avast blog: Review of “The Chaos Machine” by Max Fisher on the evolution of social media toxicity

The Chaos Machine: The Inside Story of How Social Media Rewired Our Minds and Our WorldWith the reinstatement of previously banned Twitter luminaries including Donald Trump and Kathy Griffin, this is a good time to do further research into the role of social media in our public discourse. The recent book by Max Fisher, The Chaos Machine: The Inside Story of How Social Media Rewired Our Minds and Our World, should be on everyone’s reading list. His book documents the rise of social networking for the past decade and shows its highly influential role in society. Fisher is a reporter for the New York Times who has covered its effects for many years.

I review his book for my blog for Avast here. I highly recommend it, even if you think you have been following along the evolution — some would say the devolution — of social media.

One solution is from Google’s Jigsaw unit, who has a couple of experimental tools freely available, such as the Tune browser extension that can be used to filter the most toxic discussions.

A10 Networks: What is network security and who suffers DDoS attacks?

Network security starts with having a well-protected network. This means keeping intruders out, and continuously scanning for potential breaches, malware and flagging those attempted compromises. One of the biggest threats increasing in popularity is a very specific type of attack called distributed denial of service (DDoS) attacks. These attacks are targeted at your internet servers, including web and database servers, and are designed to flood random traffic so that the servers can’t respond to legitimate users’ queries. They are very easy to mount, and without the right tools, very hard to prevent.

This post was part of the A10Networks glossary and can be found here.