Wednesday, 16 January 2019

Do SIM Swap Attacks make 2FA useless?

Interesting Wired article on SIM swaps. Allegedly, an attacker convinced AT&T to forward a cryptocurrency victim's calls to the attacker's SIM. They're now seeking over $200 million in damaged.

https://www.wired.com/story/sim-swap-attack-defend-phone/

However, my interest in SIM swaps was due to some of the recent discussions about why 2FA using SMS messages is pointless, as a SIM swap attack allows an attacker to circumvent the control. Although this is obviously possible, it still takes considerable effort on the part of the attacker and it's therefore only likely to be used in a targeted attack. For protecting accounts from opportunistic attacks, I think this still remains a very viable option. An authentication app, like Google or Microsoft Authenticator, would obviously be much better.

Sizing a Next-Gen Firewall

Good article by Andres Herrera of Fortinet. Applies to all vendors.

https://securityboulevard.com/2019/01/next-gen-firewall-sizing-5-things-to-look-for/

Friday, 11 January 2019

Simple 2FA may have prevented theft of 1.5 million Singapore patient records

https://www.theregister.co.uk/2019/01/11/singapore_health_hack/

Full report is here:

https://www.mci.gov.sg/pressroom/news-and-stories/pressroom/2019/1/public-report-of-the-coi

Boston Children's Hospital DDoS attacker gets 10 years in jail

The Anonymous culprit who performed a DDoS attack against the Boston Children's Hospital in 2014 gets 10 years in jail. I remember this attack as it was one of the examples in my MSc. dissertation.

https://www.securityweek.com/hacktivist-gets-10-year-prison-sentence-ddos-attack-hospitals

Particularly like the fact that he tried to flee the US in a small boat, but was returned to the US when he was rescued by a Disney cruise ship off the coast of Cuba.