The Weekly Ink #21
THE WEEKLY INK
The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate the company - and anyone else who will listen - on security happenings and culture.
If you have links that you think would be interesting to the company, be sure to send them to labs@duosecurity.com
"Looks like you got a virus big sister"
Actress. Pop Star. Computer Engineer. No, I'm not talking about Taylor Swift. Everybody's favorite unattainable female figure, Barbie, is back and taking her first foray into computer engineering. While a highly admirable path, Mattel is taking a lot of heat for Barbie's portrayal. When faced with an issue, she admits she needs boys to code for her and proceeds to immediately brick her computer AND her sister's. This has led to a wealth of parodies, you can make your own here! Can you tell the real page from the parody provided below?
I'll take FreeBSD for 1 Million, Alex!
Jan Koum, founder and CEO of WhatsApp has made an especially generous donation to the FreeBSD Foundation! I'll leave you with thoughts from Duo Labs' Mark Stanislav:
The Staples of a Well-Crafted Breach
With Black Friday quickly approaching, it's interesting what a (relatively) slow week it's been for breach announcements. Brian Krebs has the scoop on a malicious software that seems to have been crafted for last summer's breaches at Staples and Michaels. The malware was installed on cash registers nationwide. Other than that, it's been fairly quiet on the retail front.
Perhaps the massive hits some companies have seen in sales in consumer confidence and sales post-breach are discouraging any kind of timely disclosure. Waiting until the tinsel is taken down to announce breaches may help share prices, but it can hurt card-holders caught up in the busy activity of the Holiday shopping season (Black Friday, Cyber Monday, etc.). If you really want to dive in deep on retail risks, Duo's wonderful Thu Pham literally wrote the book on them. Check it out!
Wargames 2014: This time they got video games AND military software!
Video games can be a serious cash cow with Gartner estimating the market value of the gaming industry somewhere just north of $93 billion. Gaming companies are getting serious about protecting their intellectual property (many gaming sites were first adopters of two-factor authentication). A memo released by the DOJ this week details the case against four alleged hackers who are in custody for the breaking into data and source code related to video games and the Xbox One. Two members of the group have already plead guilty to the offense and conspiracy to sell the information.
The hackers, who used SQL injection and stolen credentials to gain access to networks with Call of Duty and Gears of War source code, faced intense scrutiny form law enforcement as they also obtained Apache Helicopter simulator training software the Army uses. The "international ring" is made up of 3 men from the US and a fourth from Canada, with an Aussie also being prosecuted for his role in the conspiracy. This case begs the old question: shall we play a game?
Thus Spoke the Consortium
Progress has finally been achieved in the epic struggle surrounding the future of the internet. The ever-powerful Unicode Consortium has released the list of emoji under consideration for 2015's Unicode 8.0 update. The emoji library, oft accused of lacking diversity, is upping its game. New candidates include "Taco", "Burrito", "Unicorn Face", and "Nerd Face". To address its lack of religious iconography, proposed emoji also include "Place of Worship" and "Sign of the Horns". Good work Unicode Consortium!
