Mornings With Mark

When you're at a conference, one of the biggest perks is the "hallway track". The serendipitous run-ins with people you follow online, speakers, or other attendees. If you're not putting yourself out there and meeting some new people, you're doing yourself a disservice. Get out there and say hi!

The 2018 keynote at AtlSecCon by Ted Demopoulos emphasized the role that security professionals play in elevating the practice of security. Not only for your career but to help your business move forward, it's critical that you shift your role to one of an educator!

Gmail just launched a nice, new redesigned UI. It's slick and has some great new features. One feature, "Confidential Mode", is particularly interesting. Billed as a way to recall email and control it's use regardless of the destination, this feature provides real value. But it's also not real email. The way it's positioned sets up unrealistic expectations and when it comes to security, that's a huge problem.

Ugh, I spent way too long on something that should be way, way simpler. Live streaming is optimized for mobile and that's ok. But the studio/desktop experience is far, far too complicated. There are a lot of parallels around system design and security/privacy.

After a few failed streaming attempts, I recorded a quick sub 2m video on the case in Nova Scotia. The story, the law, a great post from Troy Hunt on the general issue.

During RSA US 2018, I had a lot of fantastic conversations with people around the challenges facing security. A theme that continued to pop up was around the lack of focusing on the basics. Have we--the security community--over rotated on solving the latest and most interesting technical problems? How can we adjust course to improve everyone's security baseline?

Russia attempted to block messenging service Telegram in the country. Telegram responded by routing traffic through AWS and Google Cloud. Counter? Russia blocked millions of IPs assigned to the cloud providers. Is IP blocking still effective? Is it a sledge hammer when you really need a scalpel?

Broadcasting from San Francisco getting ready for RSA US 2018, I tackle the shift away from FUD (fear, uncertainty, and doubt) marketing and positioning. We have enough challenges with cybersecurity that we don’t need to make more!

The crack team at Motherboard has a revealing article up about a forensic acquisition device called "GrayKey". Apparently it can get data from iOS devices right up to an iPhone X running iOS 11. Lots to untangle here...

After two days of testimony from Mark Zuckerberg, do we know more about what Facebook does with our data? Not really...because the right questions weren't asked! What is critical to understand is what Facebook does with data about us and our behaviours. That's the real value the network providers to advertisers and other actors looking to influence community behaviours.

Back after a quick break, in this episode I try to avoid the Facebook scandal itself and focus on the larger issues of building security and privacy into systems by design. It's just too hard to understand how secure a system is or how it will treat my information at any level.

A bit of a different topic as I desperately try to avoid diving deeper into the Facebook privacy scandals. Instead, I look at options and challenges around video streaming...

A positive episode despite the ongoing scandals around Facebook! In this episode we tackle the announcements made at the 2018 AWS San Francisco Summit and what they mean for AI and security in the cloud

Had enough of the Facebook / Cambridge Analytica scandal yet? Yeah, me too. Thankfully, it's rolling up to address the bigger issue of digital tracking in general. At some point, the technology community flipped to "track everything" without regard to the larger impact on society and that's where we've stayed. Time to re-evaluate.

After the long weekend, this episode is a bit of a round up. Nothing big jumping out but a few minor issues to address. My tool to help pull insights out from your Facebook data download: https://github.com/marknca/facebook-data-download-insights Also here's a great series from Rik Ferguson on New World Crime.

I had the privilege of attending a Canada Beyond 150 event where new public servants were given free reign to use fore sight tools to re-invision the upcoming challenges facing government service delivery. It was an excellent event and a reminder that changing perspectives is critical if you want to see change. That bridges nicely to the ongoing challenges around being tracked online which just got worse as Google acquires popular GIF service Tenor. Ugh.

Continuing to tackle dissecting Facebook data downloads, I discuss the lack of simple analysis tools (specifically geospatial) and what that means for most of us. We also tackle the iOS QR code double URL issue as another example of user education and dev's needing to filter their input!

With the uproar around Facebook and Cambridge Analytica, some folks are finally downloading their personal data from Facebook and taking a look around. Inspired by this CNN article by Sara Ashley O'Brien, I started to pull together a tool that pulls together some of the data in the download to highlight some of Facebook's data gathering methods.

In this episode we tackle extreme metrics. This article on CBC News (http://www.cbc.ca/news/politics/canada-spy-chief-cyberattack-1.4588745) really set me off with the claim from CSE that the Government of Canada is experiencing over one billion malicious attempts to compromise their systems every day. That's a disingenuous stat and muddies the very real cybersecurity challenges the government and other organizations are facing.

As the Facebook / Cambridge Analytica scandal continues to snowball, we take a look at the larger issues. How does privacy scale? Can it scale under the current social networks? What's next?