Byte Sized News has gone to video! Check out the newest episode in video form below. Don’t worry though, you can still read the transcript below if you prefer to get your news in text-form.
As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on the most compelling developments in the field.
Our first article from the week comes from Krebs on Security, and details another firing carried out by President Donald Trump.
Christopher Krebs, who shares no relation to story author Brian Krebs, was “terminated” this week by President Trump. Krebs had served as Trump’s top election security official since 2016. The firing comes just two weeks after Trump lost the presidential election to Joe Biden, a result he claims was influenced by mass voter fraud.
Krebs was previously a Microsoft executive, and was recruited by Trump after his first election win to head the Cybersecurity and Infrastructure Security Agency. The CISA is a division of the U.S. Department of Homeland Security. In this role, Krebs was responsible for state and federal efforts to improve election security and dispel disinformation.
The firing comes after CISA and several other bipartisan federal officials declared this election as “the most secure in U.S. history,” with little evidence for mass voter fraud. Obviously, this is a stark contrast to Trump’s statements on the election.
Our next story from InfoSecurity Magazine details a new hiring made by the social media juggernaut Twitter.
Twitter has hired Peiter Zatko, also known as “Mudge” to be their next head of security. Mudge is a world-famous hacker that I’m sure all viewers (readers) will know. Zatko’s job will be to review the security structure and practices of Twitter and recommend changes. After that 60-day review period, Zatko will report his findings and detail suggestions directly to Twitter CEO Jack Dorsey.
Mudge said to Reuters that he will be digging deep into Twitter’s “information security, site integrity, physical security, platform integrity—which starts to touch on abuse and manipulation of the platform—and engineering.” Previously, Zatko worked as the security director for the payment company Stripe, and before that did work for Google, overseeing the distribution of grants relating to cybersecurity at DARPA.
It remains to be seen if Twitter’s security can be fixed, but it appears that Mudge is the right man for the job.
Our third article from the week also comes from InfoSecurity Magazine and discusses an update on the gender discrimination lawsuit against Microsoft.
Computer researcher Katie Moussouris has officially dropped the lawsuit against the tech giant. Initially filed in 2015, the lawsuit alleged that Microsoft unfairly discriminated against Moussouris and other females in the time she worked there (2007-2016). A main complaint in the lawsuit is that many experienced female workers were passed up for promotions, and the promotions instead went to their less experienced male coworkers.
Moussouris claims she dropped the lawsuit to redirect her funds “toward solutions that help to implement real change and demonstrate strong commitment to pay equity.” Additionally, Moussouris explained that, upon dropping her case, she did not sign an NDA or receive any payment. She states this leaves her “free to focus on pay inequity without any limitations.”
This next story from Markets Insider is a silly one about cartoon drawings made to infuriate Russian hackers.
The United States Department of Defense’s Cyber Command regularly announces its hacking operations they’re countering. This isn’t news, but what is are the colorful cartoons that have been joining them recently. Cyber Command has increasingly posted cartoons and illustrations that appear to poke fun at foreign hackers. The purpose of these isn’t to entertain readers though, but rather to infuriate cybercriminals and ward off future attacks.
One illustration depicts a Chinese cybercriminal group using a pink sloth hunched over a computer, playing on their hacking speed. Another accompanies a post about Russian cybercriminals and illustrates them as a clumsy bear dropping Halloween candy. These illustrations join a number of unorthodox tactics used by Cyber Command to demoralize foreign cybercriminals.
Our last story is a disheartened but true article from ZDNet. The story details that we as humans are as lazy as ever when it comes to creating passwords.
If you look back to 2015, the worst passwords that were still commonly used included “password” and “123456.” I wish I could say the results were better this year. After analyzing over 275 million passwords leaked during 2020 data breaches, it was determined that the most common passwords are incredibly easy to guess. Only 44% of the passwords obtained were labeled as “unique.”
Some of the most popular options from the report included “123456,” “123456789,” “picture1,” and “password,” among others. The vast majority of all passwords could be deciphered in seconds using a brute-force attack. As a quick reminder to our viewers (readers) when making a password, avoid patterns and repetition, and add special symbols and numbers in unexpected places. Lastly, don’t use personal information like names or birthday in your passwords.
If you find it hard to create many complex and unique passwords, we recommend using a password vault.