Posts

Showing posts from April, 2020

Translations, Culture and the Splinternet

Introduction
This post is essential a meandering of ideas which will have some sort of point. It is about how things connect and taking a holistic approach to examining them. Elements and ideas never exist in isolation they always connect and impact each other. A hobby of mine is translating with French being the main language (mainly as a means to try and keep knowledge of it) and also attempting Japanese. In browsing the web outside your language you being to notice that for some things you often have to jump through a couple of extras hoops. Largely these can be overcome through automatic translations service (Google translate in chrome being straightforward to use) which does open up new sources of information media and entertainment to a lesser extent. 
So how does this connect to the splinternet? The majority of articles about the Splinternet view it as something imposed or created by a technological and regulatory barrier. While there is another splinternet which is defined by la…

Applying Coopers' Colour Code to Cybersecurity

Introduction

This is a topic that has been on my mind for years which wondering how can present this idea across. With my area of expertise forcing on the human factors in cybersecurity often I find for certain topics covering the mindset that is needed to for people to avoid making security failures (clinking links in emails without thinking the most common) how do you give them a system to set their behaviour to identify and avoid security threats. I believe the Coopers Code has the potential to form part of a toolkit to achieving this though as with all things in security it is not a silver bullet and needs to used complimentarily with other tools. 

In the 1980s, handgun expert Jeff Cooper invented something called the Color Codeto describe what he called the "combat mindset." Here is his summary:

In White you are unprepared and unready to take lethal action. If you are attacked in White you will probably die unless your adversary is totally inept. In Yellow you bring yours…

Sim-Swapping Attacks

Introduction


At is most basic a Sim-jacking/swapping is an attack in which your phone number is migrated away from your SIM card and/or phone to a different SIM card and/or phone that an attacker controls. The attacker then uses this access to your phone number, usually via text message, to gain access to your other internet accounts. They do this by “recovering” access to an account (e.g., Google) or in conjunction with other information or access they have (e.g., using a previously leaked password + SMS 2FA).

How it works


Finding a target: Laying the groundwork is a crucial part of SIM swapping. First, the attackers find some personal information on potential targets. Anything from bank logins to age, location — even social security numbers — can be found floating around the web. If they need more, they may use a phishing attack to trick users into revealing something crucial.Tricking (social engineer) tech/customer support: Now that they have a strategy, the hacker will call up your c…