Subscribe: Apple Podcasts | Google Podcasts | Spotify | Stitcher | Email | TuneIn | RSS
Phone and laptop searches at US border ‘quadruple’
Plan to secure internet of things with new law
A ‘Cyber Event’ Disrupted the Power Grid in California and Wyoming, But Don’t Panic Just Yet
Hackers went undetected in Citrix’s internal network for six months
Transcript:a
[00:00:00] Hello folks it is Wednesday May 1st twenty And here’s today’s security news.
First from BBC News. Phone and laptop search at U.S. border quadruple. That’s a lot quadrupling that’s four times that’s a lot in 2018. There were three thirty-three thousand two hundred ninety-five searches at the border. So this is all coming out because of the NFF and the ACLU ACLU have filed a lawsuit alleging that these are warrantless and unconstitutional searches. So this is what I would call this a pretty big deal in the privacy world. One of the things that we know is that when you go through the border there’s a lot of things that can happen to you physically enter your stuff right. I don’t think anybody likes having their cell phone touch or their laptop. It sucks right. It’s no fun you don’t know. I don’t have anything to hide. But the last thing I want is somebody else going through my stuff. So obviously there is a spot for this and quote-unquote protecting the country and it’s needed at certain points. But how far is too far as I really think was what the crux of the issue is here. So an interesting article here from the BBC. I’ll try and keep up with it it seems like it’s in its infancy. But I’ll see if I can’t keep track of it and give you guys some updates on it next.
Also from the BBC in the UK they have proposed a piece of legislation to regulate IO T manufacturers a title that article is “plan to secure Internet of Things with the new law”. So I don’t know the full process of you know law in the UK or something becoming a law. But I do like the basis of this. It’s a start. It’s not perfect but it will get where we need to go. It’s three things they want to implement. First, every I.T. device comes with a unique password by default. So no more default passwords of default or password or password with a capital P.. Right. That’s one of the big issues we see in the hacking of all these routers is every links us device out there has the same default password a password right. Well not necessarily IO T. You get the point right. No more default passwords second state clearly for how long security updates would be made available. This is great. This means you’re not going to buy a product and then it’s going to go out of warranty or no more support after a year. Right. What does that timeline look like in the enterprise world this helps big time with scheduling tech refreshes. Right. We don’t want to buy a product that’s going to not be supported in two years. If we can get the same thing for the same price for five years so on and so forth. Third one offering a public point of contact to whom any cybersecurity vulnerabilities may be disclosed. This is also big because a lot of these smaller companies don’t have that out there available. So now if a researcher finds a vulnerability it just doesn’t go and float in the wind on Reddit or Twitter right. They can go to report these things in proper fashion so that they can be fixed. These all seem like no brainers but apparently, they’re not because they’re going to have to enact a law in the UK to fix some of these things hopefully this moves across the pond. We’ll see. Time will tell
Next. From motherboard “a cyber event disrupted the power grid in California and Wyoming. But don’t panic just yet.” So the Department of Energy has a program called the O E 417 its electric emergency and disturbance report. So these electric or providers are required to report anytime that they have an emergency or a disturbance. So this was listed in one of those. And there’s really no detail at all it just says a cyber event in California Khem County Los Angeles County Utah Salt Lake County Wyoming Converse County. So something happened in those three counties. We’re not really sure cyber event that causes interruption of electrical system operations. So the key here is that there wasn’t an interruption. But what. While this is all good Well they’re they reported what I find the most interesting thing about this article is my new discovery that o e 417 is a thing and everybody has access to it. So in this article go click on the link and you’ll see there is a link to the Department of Energy’s o e 417 forms and submarines page which anytime one of these are filed you can go and look at. So it’s just an interesting item to add your tool box of knowledge right. If you have a question or you think something may have happened. Well, here you go. Here you go look now there is some stuff around what they it’s some gray area about what they will and will report. Obviously, if it’s you know the critical infrastructure and it’s super important to the plant and you know it’s a vulnerability it’s probably not going to be on here. But in any case it’s some visibility into what goes on. So this is a good thing.
Last but not least from Tech Crunch and Zach Whitaker hackers went undetected in Citrix’s internal network for six months. All right. Nobody freak out. It was Citrix because internal network nothing to do with their products. So as bad as this may sound it’s just another breach. The employee’s information was stolen at this point. This has run of the mill every day. This is caught my eye because it’s Citrix. This is not just some random little company. This is Citrix. This is I would be hard pressed to find an enterprise in this country that does not have some form of a Citrix product. So even the people we think that is the most secure and that we can trust the most in the products we use all the time even they are vulnerable to bad things happening. It’s just part of the world we live in this day. All right folks. That’s it for today Wednesday, April 1st. Everybody have a wonderful day.