Kanye West’s Passcode, Too Many DNA Samples being give up and What does a Data Breach Really Look Like?

Summary:

This week I cover what is perhaps the biggest facepalm moment in password history with Kanye West’s 000000 cell phone passcode being nationally televised. What happens when too many people freely give up their DNA info? How does this impact the privacy of their neighbors and family? Finally, was the recently reported Google+ data breach really a data breach at all?

 

Welcome from the racing capital of the world Speedway, IN, my name is Nick Sturgeon host and show creator. I am so very glad you are here with me this we get into episode #25. This week the news cycle has been a little slow though not completely void of things that I can talk about. I will get in to the shows break down here in a second.

For those of you who are first time listeners thank you for tuning in. It is my goal to keep you around coming back week in and week out. If you are a returning listener, you continued support is very much appreciated. Outside of listening, I ask a couple of simple things, share the show with your network, subscribe, rate, review and go sign up for my mailing list at cyberdotnow.com for the latest news, insights and behind the scene information.

Coming up on Monday I have an interview setup with what is probably this highest profile guest I have had on to date. Not only that I am taking the show on the road, so to speak, and recording at a studio located down town Indy. Very much looking forward to the interview. You will have to tune in to find out who the special guest is!

This week’s show may run a little shorter than the last couple of weeks. However, we will take as much time as we need to cover the news of this week. The first story I will get into is going to be what should come at no surprise to security professionals and will be one that is probably very common among most people. The second story is some what of a follow up to a story I covered a few shows ago and demonstrates a potential negative outcome of sharing too much personal data. Then finally we will talk about what a data breach actually consists of.

Story 1

Let’s dive right in. Earlier this week Kanye West, which before I continue I cannot believe I am talking about Kanye. I am really not a fan of his music and not been a big fan of him in the social aspect of his life either. With that said I do respect what he has done politically to try to mend things versus what others in Hollywood are doing by driving the country apart. This is not to say I think what he is doing is working or that he is making any sense. But I give the guy a thumbs up for giving it the good ole college try and not being afraid to stand against his “peers” in Hollywood. Anyway, earlier this week Kanye was in the Oval Office with Trump where he goes on what is being described as an epic rant. Though we could probably have a field day with the rant itself that is not what I want to talk about. I want to discuss something that was captured on national television. While being filmed from behind, Kanye took out his phone entered in his password and then shows the phone to President Trump. Now for those of you who are not already in the know, can you guess what his passcode was? I will give you a couple of seconds to take a guess……. It was six 0s. Now this didn’t surprise me one bit. In fact I would take a guess and say most of you non-security minded people have similar simple passwords or passcodes. How can I be so certain will the numbers 123456, 000000, 111111 continue to be some of the most commonly used passcodes. Why is that, will we are lazy, that is most of you are. Let me jump to a article from the Washington Post [Read Story]

I have to say some of the tweets that the article has about Kanye’s password actually made me chuckle. Beyond the password security this is a good reminder to have good situational awareness. Kanye was oblivious to the camera being behind him as he was typing in his password. It is a great reminder we all need to be aware of who is around us and not be too caught up in the moment.

Ok, I am going to take a quick pause and be right back.

Story 2

Welcome back, so this next story is some what of a follow on to a story I covered a few episodes back. In that show I talked about a couple of data breaches that happened to the DNA sites 23andme and Ancestry.com. What happens when a large number of people have submitted their DNA to be tested? Well as this article from the LA Times points out it becomes easier to identify you with less data. I want you think about how your neighbors or even distant members of your family who have submitted their DNA to one of these companies puts your privacy at risk? From the article [Read Story]

Story 3

The last story for this week. What is a data breach and what actually does a data breach consist of? A data breach can be defined as the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill. Based on this definition, if a security team of a company who is going through a review of their code, systems, configurations or what have you and they discover a bug does that constitute a breach? If you said well that depends you would be right. The next step would be to verify if that bug had been exploited. If based on all possible data and information they collected, to include that no user information or other data sensitive or not was put at risk of being disclosed and that the bug had not been exploited, would it be a breach? In my opinion that does not fit the definition of being a breach. The big factors for me are was the data actually exposed to unauthorized users? The data doesn’t have to necessary leave a system to be considered a breach. If the data was forcefully taken from its rightful place that is a breach all day long. If a person whether or not they are a “bad guy” or an employee of a company has access to data they are not supposed to have access to can be considered a breach when you apply it to the strict definition. Now lets pivot to some news that came out this week about Google and the Google+ social media platform.

Show Exit

That’s it for this week’s show you guys. Thank you all for tuning in, I hope you enjoyed it. Again, if you want to join in on the conversation go to the show’s web page at http://www.cyberdotnow.com, Facebook and twitter. If you want to get a hold of me directly you can find me on Twitter @The_Polititech or email me at cyberdotnow@outlook.com. Finally, please remember to go to iTunes and/or SoundCloud to subscribe, rate, review and don’t forget to share the show. If you guys do all of that I will be back again next week to do this again. Until then have a great week, talk to you soon.

Links

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/10/12/the-cybersecurity-202-kanye-west-is-going-to-make-password-security-great-again/5bbf83471b326b7c8a8d1946/?utm_term=.2a1ec84ef4bc

http://www.latimes.com/science/sciencenow/la-sci-sn-dna-genealogy-privacy-20181012-story.html

https://www.experian.com/blogs/ask-experian/google-data-breach-what-you-need-to-know/

https://www.theguardian.com/technology/2018/oct/08/google-plus-security-breach-wall-street-journal

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s