In-brief: In this week’s podcast, Security Ledger Editor in Chief Paul Roberts talks with noted security researcher Robert “RSnake” Hansen about the data breach at Equifax and why the company’s response to it was so lacking. Also: Chris Sumner of the Online Privacy Foundation talks about why Facebook is a killer app for information operations and we talk to the president of ASPertise: a consulting firm by and of professionals with Aspergers and Autism spectrum disorders.
Barely a week goes by without some news of a data breach at a major firm and last week was no different with credit monitoring firm Equifax acknowledging that information on some 143 million Americans was exposed in an attack on its servers.
Equifax’s announcement is just the latest in a steady drumbeat of data breach announcements. And, while it was somewhat larger than average, what was most disturbing about the news was Equifax’s ham fisted response, including reports of suspicious patterns of stock sales by company executives prior to public disclosure of the incident and a customer support tool to help breach victims that had some nasty strings attached.
To sort it all out we spoke in this week’s Security Ledger podcast with noted security expert and researcher Robert “Snake” Hansen. Robert said that word in the underground is that Equifax may have been felled by a SQL injection attack – one of the most common forms of online hacks.
He also said a months-long delays between the identification of a breach and public announcements about it aren’t unusual – especially when law enforcement is involved in the investigation. The most unusual thing about the Equifax incident may be the company’s curious and bungled handling of the response effort, including a customer support website that tried to get customers to waive their right to sue the firm over the breach.
“The way (Equifax) did it was pretty bad,” he told Security Ledger.
Also in this week’s podcast: the story of Facebook’s role as a platform for information operations leading up to the 2016 Presidential election took a new turn last week when the social networking giant released the findings of an internal audit that identified hundreds of accounts responsible for buying thousands of ads that were used to spread fake and misleading stories in the months leading up to the November election. Many of those accounts appear to have been controlled by Russian entities, Facebook acknowledged for the first time.
But why are nation-state actors and terrorists drawn to platforms like Facebook? In this week’s podcast, we sit down with Chris Sumner, a researcher at the London-based Online Privacy Foundation to talk about why social media networks can have a disproportionate effect in shaping the opinions of their users, and about social research on how personality traits shape how information is received and understood.
And finally, moguls like Peter Thiel have long made note of the coincidence of Asperger’s Syndrome and outsized success in the technology industry. Far from a disability, Aspergers may be a kind of “x” factor: a predisposition to creative, independent outside the box thinking that is needed in the fast-moving and competitive technology industry, Thiel and others believe.
But finding and keeping talented professionals who are “on the spectrum” can be harder than it seems. Until now – ASPertise is a new consulting firm of and by professionals with Aspergers and other Autism Spectrum conditions. In this week’s Security ledger Podcast, we speak with Frédéric Vezon – ASPertise’s founder and President about his own Asperger’s diagnosis, the company he started and why it is that individuals with Autism Spectrum disorders seem to excel in technical fields like information security.
Check our full conversation in our latest Security Ledger podcast below or over at Soundcloud. You can also listen to it on iTunes. As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.