New Episode Alert EP102 (copy 01)

DHS warns of Iranian cyber-attacks πŸ”₯

January 13, 2020

Weekly Blaze PodcastEpisode 103January 13 2020

Iranian Cyber-AttacksRing Class-Action LawsuitPreventing Calendar SPAM

This year I'm making a resolution to take my digital privacy and health more seriously and so should you. That means thinking about which companies have our personal data and taking steps to delete, remove, or cancel any services that we don't want our information to be part of. I also want to set better limits on my smart phone usage. Now there are lots of reasons to do this besides the privacy benefits, but just think about the health benefits as well. The more we can disconnect from our smart phones, the better.

And one way to help is by using a

which will block all wireless signal keeping you less distracted and more focused on other more important things besides all the messages popping up on your smart phone. Pick up your own Faraday Sleeve at

and take 15% off your order right now using discount code "sharedsecurity" at checkout.

Iran maintains a robust cyber program

Shortly after the killing of Iranian General Suleimani due to a drone strike issued by US president Donald Trump, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency

stating that acts of terrorism and cyberattacks could be carried out by Iran. The alert further states that Iran maintains a robust cyber program and can execute cyber-attacks against the United States and that quote "Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States."

Now Iranian cyber-attacks are actually not all that surprising. In fact, the DHS indicates that Iran has been conducting attacks against the US targeting financial institutions, critical infrastructure, and other companies since late 2011. And

, the US has been engaged is what I would call the "silent cyberwar"  periodically conducting attacks against Iranian targets. For example, back in July of last year the US launched a cyberattack directed towards Iran which disabled Iranian computer systems that controlled its rocket and missile launchers. This was a response to an escalation when Iran shot down a unarmed US drone conducting surveillance in international airspace. And these cyber-attacks go even further back when in the late 2000’s it’s believed that the US and Israel targeted the Iranian nuclear program with the Stuxnet virus which essentially disabled most of Iranian nuclear program at the time.

While it seems that escalation from both sides has ceased for now (at least when this podcast was recorded). I personally think that the "silent cyberwar" will continue as cyber-attacks are much easier to carry out with the potential for much greater impact than a missile or drone strike. Think about this for a minute. Which has the biggest and longest lasting impact? An attack that takes out some of the US power grid impacting millions of people, or a single attack on a military base in Iraq? As if this podcast recording, the cybersecurity community is

from sources that are attributed to Iranian attackers. For example, we've already seen

and there are reports I'm seeing on Twitter that indicate many other smaller incidents are happening as well. If you're looking for best practices to secure your business from some of these attacks, especially if you're in critical infrastructure, check out our show notes for

from this recent DHS alert.

Ring faces a $5 million proposed class action lawsuit

Right at the end of last year, Amazon who owns Ring, was slapped with a massive $5 million dollar proposed class action lawsuit stating that Ring cameras are vulnerable to cyberattacks. You may remember that towards the end of last year we had an influx of news stories about Ring camera's being "hacked" including one disturbing story about a family's Ring camera was hijacked so that

. And this hasn't been the only incident. More and more of these Ring camera hacks are being reported all over the news and the lawsuit cites many of these claims. But like I've talked about on this show before, this is really an issue of password reuse and people making poor choices when it comes to their passwords.

These Ring cameras were not hacked, rather they were broken into by attackers who either guessed a password or used compromised credentials from previous data breaches. The other problem is that many of these situations could have been prevented if camera owners enabled two-factor authentication in the first place. This means that if someone created a poor password or had their password exposed from a data breach, just having two-factor authentication enabled, could have prevented these cameras from being compromised. Ring has had the option to enable two-factor authentication for quite some time now but the real issue comes down to education and knowing what controls you have for security. Sure, Ring could do more by perhaps forcing two-factor authentication for all users as an example, but it does really come down to you as the owner of one of these Internet connected devices to think about how you're going to secure them. Especially, if you have a camera in a sensitive area like a child's bedroom. Now I don't want to pass judgement on victims, they probably didn't even know about the problems of password reuse or what two-factor authentication even is. I would guess that we'll see this lawsuit thrown out as these situations were not Rings fault, but rather, a fault of lack of education and the persistent problem of password reuse.

How to Prevent Calendar SPAM

I want to provide some quick tips for you about a problem that one of my family members had with SPAM showing up on her Google Calendar. I did a little research on this problem and surprisingly calendar SPAM happens quite a bit with online calendar services, like Google, Outlook, and iCloud calendars. So here are a few tips to help prevent this from happening to your calendar. So first, in this particular example with my family member, the SPAM was all written in what appeared to be Russian so I couldn't make out what exactly it was but if I had to guess it was some type of drug, or pharmaceutical SPAM (well you know, the Viagra type) that was showing up on every single day of her calendar. Because she was using Google Calendar, the first thing I did was double-click on the offending calendar entry, select the "More Actions" drop-down menu and then select "Report spam". And just like that, all the SPAM entries on her calendar disappeared!

One thing to note. Suppose you receive a SPAM calendar invite in your Gmail and Gmail even marks this invite as SPAM. Unfortunately, Google still adds this event to your calendar so you have to go through these steps I just mentioned to delete the event. Now to prevent any SPAM event from showing up on your Google Calendar in the future, click the "gear" icon in the upper-right corner, and go to Settings. Scroll down to "Event Settings", and change Automatically Add Invitations to β€œNo, only show invitations to which I have responded.” This will prevent SPAM events from showing on your calendar in the future.

For Outlook and iCloud Calendar see our show notes for a link to

.

DecemberMonthly ShowEpisode 95In episode 95 of our monthly show we're joined by special guest Rebecca Herold, the "Privacy Professor". Rebecca is a well known expert in the privacy and cybersecurity community and gives us an update on what she's been working on, what her thoughts are on the current state of privacy regulations (CCPA, GLBA, etc), and what we may see in 2020 from a privacy perspective. We also talk about Rebecca's favorite books and her encounter with famed author Cliff Stoll who wrote "The Cuckoo's Egg".

Watch this episode on our YouTube Channel!

Top 10 Episodesin 2019We've had a fantastic year bringing you the latest cybersecurity and privacy topics and news. Thank you for being a listener and supporting the show!If you haven't listened to our most downloaded episodes from the year, here's your chance. Click the link below to listen to each episode and share with your friends!

Shared Security is now on GetVokl!

We live stream our monthly show on a new interactive video chat and streaming service called GetVokl!

to get notified when we will be live and to watch previous episodes!

Thank you to our sponsor

Silent Pocket!

Take advantage of this exclusive offer and help support this podcast!

Visit

to shop Silent Pocket's great line of privacy focused products.