The Cyber Why: What We Read This Week...
... and why you should too! (08/15/23)
Greetings, it’s time for the latest TCW – this week is a deep dive into the wild world of cybersecurity, where tool woes are plentiful, poker cheating gets a technological twist, and munching on hot spices becomes an oddly satisfying way to discuss cyber. First off, a heartfelt "Why, oh why?" to all the cyber leaders loading up on shiny new tools like kids in a candy store. Ross Haleliuk breaks it down in his intriguing dive into how we're all tool-rich but still kinda lost. Meanwhile, SBF trades his crypto-laden lifestyle for a more... confined setting, all thanks to VPN cravings and some not-so-santa-like deliveries. For our poker lovers, let's say the game's stakes got a tech upgrade and not the fun kind. And for all the tech-heads who think AI is our ultimate savior, Black Hat USA 2023 has a reality check (and a multi-million dollar challenge) for you. Whether you're here for the wisdom or the whimsy, we've got a wild ride ahead.
Fix What You Have - A Tale Of Security Tool Woe
Tools alone won't save us, but if we have tools - why don't we at least use them? (Venture In Security)
Why aren’t we getting any better? Cybersecurity hasn’t materially improved in decades. Every time we solve one problem, another one pops up to take its place. Cybersecurity is a constant game of whack-a-mole that can’t be won where the consequences are severe. Cyber leaders purchase the latest security tool, which acts as a single mallet, helping to solve one minor issue in a sea of angry moles. At the end of the day, technology alone can’t possibly solve all of our problems. To understand the problem more intimately, check out this absolutely phenomenal article from Ross Haleliuk that goes in-depth regarding the tools and technology gaps prevalent in today’s enterprise security programs and how we barely use what we have, let alone the need to purchase another shiny object. Outstanding research and journalism, Ross!
NGMI in Jail or Prison SBF
Sam Bankman-Fried sent to jail as judge revokes bail over witness tampering, VPN use (The Verge) — Jennie’s Pick
Editors Note: I’m not going to lie. I didn’t know what NGMI meant (definition here)
I don’t ever venture into TikTok. But I had to dig through the bowels of the TikTok-y interwebs for this gem posted at the end of last year — pre-indictment, of course.
Why did people ever trust this guy? New York Times? Can anyone tell me? ANYONE?
Sam Bankman-Fried, affectionately known as SBF and a former crypto big shot, somehow managed to transform his cushy house arrest into... well, let's call it a "cozy-less" jail cell upgrade. I guess when you're yearning for that NFL game fix, a VPN becomes the ultimate game-changer, even in the realm of house arrest. But wait, there's more – witness tampering! SBF decided to play the role of a not-so-stealthy Santa, delivering documents as evidence instead of presents. It's like a script from a crypto-themed spy movie, where VPNs and encrypted messages replace flashy spy gadgets. Remember that even in the untamed frontier of digital finance, every action comes with its own set of consequences. And no, even if you're consumed by football fever, immunity won't be granted.
By the way, his new "digs" are a far cry from the luxe TikTok and crypto-filled life he once enjoyed. Let's call it now — NGMI, SBF.
Hackers Hit Me Where It Hurts - POKER!
Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating (WIRED)
Those of you that know me know that I love poker. I’ve played poker for over two decades and try to squeeze in a session whenever I can find a card room in my travels. I’ve often wondered about the automated shuffling machines and if there was a risk of using them to cheat. It turns out my intuition was correct - there is massive potential for cheating. I can tell you firsthand that the physical proximity required to make this hack work is easily achieved in every cardroom I’ve been in. I’ve literally crawled under poker tables to plug in my phone charger and could have easily inserted the hacking device described in the attack. Excellent research and a very interesting read. I’ll be on the lookout for these devices in the future.
AI Security A Big Deal At Defcon 2023
Don’t expect quick fixes in ‘red-teaming’ of AI models. Security was an afterthought (AP News)
Generative AI takes center stage at Black Hat USA 2023 (TechTarget)
Generative AI was a significant discussion topic last week at the Black Hat USA 2023 conference. From reports that the security of AI systems is lacking way behind the launch of the technology to new initiatives from the US Federal Government supporting cyber AI research, the topic had a real buzz. Luckily it wasn’t all doom and gloom. During the keynote, Black Hat founder Jeff Moss and DARPA announced the "AI Cyber Challenge" (AIxCC). This two-year competition challenges computer scientists and software developers to develop AI-powered cybersecurity tools with multi-million dollar payouts scheduled for the winners in 2024 and 2025. Prizes range from $1.5M to $4M and will be awarded to the top five teams in the competition. I can’t help but think the prize is worthless. If I create a genuinely exceptional AI-based cybersecurity system, it will be worth way more than $4M. You can read more about the DARPA AI security challenges here, here, and here.
Bring On The Spicy Takes!
“Hot Takes” with CISOs & CyberSecurity Leaders - Caleb Sima (Cloud Security Podcast)
In a direct riff off the excellent show “Hot Ones,” Cloud Security Podcast host Ashish Rajan created “Hot Takes,” where he talks shop with top-end cybersecurity leaders while pitting them in a battle with super hot and spicy foods. This is so well done I laughed throughout the entire video. The content is engaging, and the laughs and faces Caleb makes while overindulging in wasabi had me in stitches. With questions ranging from “How do you tell non-technical people what you do?” to “How do you build a cybersecurity program from scratch?” this is an excellent installment in what will likely turn out to be a super fun video series. I can’t wait to see what laughs Ashish, and his friends create. Finally, to tease the content, here’s a screenshot of Caleb crying and nearly choking to death from the heat!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!