Javvad Malik

NOVEMBER 24, 2022

Mercedes is one of the latest car companies to think, “hey, what do we do in a global downturn when new sales are low… I know, let’s limit some features on our car, then when people buy them, charge them extra to unlock it via a subscription model. If it’s worked for SaaS, it can work for us!” According to their site , a mere $1200 a month can give you a “noticeable improvement in acceleration of 0.8 to 1.0 seconds (0-60MPH)” I kind of get it when car ma

Manufacturing 113

Manufacturing 113

Javvad Malik

SEPTEMBER 23, 2022

I love myself a good Security BSides, and I’ve never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia. Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights – I opted for the scenic route which involved flying into Riga in Latvia, and then driving across the border to Tallinn in the fastest car ever made… a rental car.

Phishing 182

Phishing Architecture Education Banking 182

Javvad Malik

SEPTEMBER 21, 2022

I’m filing this one under I’m a bit cynical about it. According to this story there have been a bunch of people who have paid to have their fingerprints surgically altered. Some of the people were workers in Kuwait who had been deported for criminal activity. By having their fingerprints altered, and a new identity created in the Indian ID system Aadhaar, they were able to apply for a new visa to Kuwait.

113

113

Javvad Malik

AUGUST 23, 2022

In Japan, someone registered a trademark for CUGGL as a clothing brand in Japan. GUCCI tried to sue for copyright, but the Japan trademark office stated that CUGGL is not similar enough to GUCCI to warrant enforcement. Well, maybe not in the written word, but what do you think about the partially obscured logo? I am both disgusted and impressed by this. ( Credit to Halvar Flake for the find ).

182

182

Javvad Malik

AUGUST 22, 2022

Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a nation state or just little Timmy trying to impress his friends on the Discord channel?

Insurance 145

Insurance Cyber Attacks Social Engineering Cyber Insurance 145

Javvad Malik

AUGUST 9, 2022

Twilio was recently compromised after a couple of employees handed over their credentials to an attacker. The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to a spoofed page into which they entered their credentials.

Authentication 140

Authentication Passwords Security Awareness 140

Javvad Malik

AUGUST 1, 2022

Group-IB have published a very well researched report on fake investment scams in Europe. The scam follows a well-established set of steps:1. The bogus come-on is published on social media. 2. The victim is taken to a phony investment website. 3. The victim enters personal information in a form on the scam site. 4. A call center contacts the victim, offering more information about the fraudulent investment prospectus. 5.

Scams 113

Scams Media Cybersecurity 113

Javvad Malik

JULY 25, 2022

I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam. An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit. This is where people’s biases will come into play. If they plug it in and there’s a popup asking “Are you sure” then unless they’re a bit savvy or paranoid, most people will click

Scams 182

Scams Malware 182

Javvad Malik

JULY 22, 2022

I was recently reminded of this headline from a few years ago where a couple left their bikes unlocked to lure thieves and then proceeded to beat them up with baseball bats. I don’t advocate violence, and nor do I approve of vigilante behaviour. But police around the world use this trick all the time. They will leave cars and wait for thieves to try to steal them.

Cybersecurity 29

Cybersecurity 29

Javvad Malik

JULY 19, 2022

Some interesting research from Malwarebytes Labs. The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. They would then be redirected to a fake Twitter help centre to input their login credentials. The second was a Discord phishing campaign where people would recieve messages being accsed of sending explicit photos.

Accountability 113

Accountability Phishing Media 113

Javvad Malik

JULY 15, 2022

We see many discussions these days around deep fakes and how AI will be able to create content that the human eye cannot spot as being fake, leading us to be easily manipulated. However, the reality is that people can be fooled far more easily. The BBC reports that a fake IPL Cricket match was put on by a few villagers who cleared out a ground, nailed down a bit of cloth to resemble a “pitch” and live streamed it on YouTube.

Scams 140

Scams Technology 140

Javvad Malik

JULY 14, 2022

In a paper titled Unintended consequences of smart thermostats in the transition to electrified heating , researchers discovered that most people don’t bother changing the default heating times on these thermostats. As a result at 6am, the strain on the electricity grid peaks as every thermostat clicks on. Akin to launching an inadvertent DDoS attack.

DDOS 113

DDOS Passwords Software Cybersecurity 113

Javvad Malik

JULY 13, 2022

BMW, a brand known for its amazing cars, a model for everyone – built with the infamous German engineering and now offering a whole bunch of options as a monthly subscription. In some ways it makes sense. Streamline your production and build each and every car with the exact same hardware, but then limit options to those who are willing to pay out extra.

Software 113

Software Engineering Risk Hacking 113

Javvad Malik

JULY 12, 2022

The Rolling Pwn vulnerability can be used against some keyless Honda’s to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass). On Twitter, @RobDrivesCars replicated the bug in a nice video to confirm that yes, the bug definitely works. .

IoT 182

IoT Technology 182

Javvad Malik

JULY 7, 2022

Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps. 1. Yellow paper (not the white one peasants write on). 2.

Authentication 306

Authentication 306

Javvad Malik

JANUARY 24, 2022

Back in the olden times (in 2005) a website was setup called the Million Dollar Homepage. A brainchild of student Alex Tew who wanted to raise some money for university. The concept was simple, get a webpage composed of a million pixels and sell them all for $1 each. They were sold in 10 x 10 pixel blocks. Whoever bought the block could provide an image, logo, text, link etc.

Advertising 113

Advertising Internet Internet 113

Javvad Malik

DECEMBER 30, 2021

It’s been another weird year for many. Most of the world had vaccines, came out of lockdown, only to be hit by another variant, and ending up in a weird limbo lockdown all over again. As someone who has predominantly worked from home for the last 8 years, I have welcomed the last couple of years. I no longer get the, “oh, so you’re working huh” nudge nudge wink wink from people.

Media 100

Media Cryptocurrency Scams Technology 100

Javvad Malik

DECEMBER 17, 2021

“How does your degree compare to my 10 years practical work experience?”. This was something my very first manager used to say often to me and other fresh-faced graduates. He had a point – we knew nothing about the business, any of the tools, or the job compared to him, or indeed anyone else who had been working more than three days at the bank. But we had come in on the exclusive ‘graduate programme’ touted as the future of the workforce.

Security Awareness 113

Security Awareness Education Banking Technology 113

Javvad Malik

DECEMBER 3, 2021

I’m no writer of novels, but I allowed myself to be influenced by national November novel writing month and thought it would be a good idea to attempt a blog a day through the month. In the end, I wrote 17 blogs during November, the most I’ve written in a long time, perhaps ever. There are another 3 which ended up in drafts that will likely never see the light of day.

CISO 208

CISO 208

Javvad Malik

DECEMBER 2, 2021

It was T’s first week in a new organisation and they went into a project meeting for a new product that was about to be released. T: Has this product been pen tested? Project manager (PM): We don’t usually do pen tests on most systems, unless they’re really high risk, and even then we wait 6-12 months after they’ve gone live to do so.

Risk 154

Risk 154

Javvad Malik

DECEMBER 1, 2021

I recently argued that I don’t really care about an aeroplane’s engine and that I only cared about the experience I have travelling on it. Some people argued with me that the engine is very important and without an engine the aeroplane won’t fly. Allow me to elaborate my thinking with the example of a road. When you’re building a road, engineering is of utmost importance.

Engineering 113

Engineering Technology 113

Javvad Malik

NOVEMBER 30, 2021

Along my journey, I cross paths with a stranger. We have never met before, and will probably never meet again. We are aware of each others presence and acknowledge each other without acknowledgement. To each other, we are familiar strangers. There are many familiar strangers, all on their own journeys. Each with their own precious cargo. Some have exquisite rings, others with grand sparkling crowns, and some have small trinkets.

113

113

Javvad Malik

NOVEMBER 29, 2021

I have flown many times in my life, but I’ve never really known the difference between a Boeing 747, 787, or whatever the numbers are. It’s not that I’m not interested in planes. I still look up in the sky when I see one flying overhead and ask myself where it’s coming from and going to. Flying is really a marvel of engineering, and it blows my mind every time I get on a flight.

Engineering 140

Engineering Advertising Encryption Passwords 140

Javvad Malik

NOVEMBER 23, 2021

I saw an article on The Register today entitled, Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees. TL;DR the argument is whether or not crypto should mean cryptography or cryptocurrency. Now, I get it, it can be an emotional topic for some – but really? The majority of the population don’t even understand what cryptography actually is.

InfoSec 100

InfoSec Encryption Cryptocurrency Banking 100

Javvad Malik

NOVEMBER 22, 2021

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe CISO’s very closely, and as a result I have figured out how to be an awesome CISO.

CISO 195

CISO Risk Firewall Cybersecurity 195

Javvad Malik

NOVEMBER 19, 2021

Buy 10,000 trophies from China (max $1 each including shipping) Buy an engraver Register a fancy domain, like, “WorldsBestSecurity.com” Send emails to companies saying they’ve “won” an award in some <random category> For a mere $1000 they can get featured in the WorldsBestSecurity.com listing and receive an engraved trophy. . 10,000 * 1000 = 10,000,000 .

113

113

Javvad Malik

NOVEMBER 18, 2021

If you’ve been on LinkedIn recently, you’ve probably seen your feed littered with polling questions. It could be something simple as, “which of these items do you like for breakfast” or something more specific such as, “Zero Trust is good because…” Either way, I have a bit of an issue with how these are framed, run, and subsequently interpreted.

Firewall 182

Firewall Data breaches Marketing Risk 182

Javvad Malik

NOVEMBER 17, 2021

There’s a concept around finite and infinite games. A finite game is played to win whereas an infinite game is played for the purpose of continuing. I like to think of Monopoly as an infinite game. I’ve never been able to complete the game, and I’ve yet to meet anyone that can tell me any different. That is unlike a game like snakes and ladders, which ends in a short time as long as you can avoid that horrible snake at number 99 which sends you tumbling back all the way to 3.

Technology 130

Technology Mobile Marketing Internet 130

Javvad Malik

NOVEMBER 15, 2021

It’s an old economists’ joke. A person out walking at night comes across a man scrabbling on the floor under a lamppost. The man on the floor says he lost his keys. When asked when he dropped them he then replies, “Oh, I dropped them over there, but the light’s better here.” It’s an apt metaphor for how cyber security sometimes operates.

133

133

Javvad Malik

NOVEMBER 12, 2021

BSides London is taking place and due to the pandemic and things, I’m not going and it’s put me in a contemplative mood about the early days of my career. When I started there were no such things as conferences such as BSides. We only had Infosec Europe and the most we got out of there was some free USB sticks… If we were lucky they would be 500 megs.

Passwords 113

Passwords InfoSec Encryption Accountability 113

Javvad Malik

NOVEMBER 11, 2021

It’s really easy to become complacent in security when the bad guys aren’t focussing you. But when the evil eye of Cyber Sauron casts its gaze your way, you soon realise your silver bullets were only silver-plated. As lockdowns around the world ease to a degree and many organisations are welcoming staff back into the office. However, it’s not a complete return to office, and for now, it appears as if hybrid work environments are the way to go.

VPN 100

VPN Authentication Passwords Scams 100

Javvad Malik

NOVEMBER 9, 2021

Ransomware is the big threat to all organisations. It’s the worst thing to ever happen on the internet. All ransomware gangs need to be hunted down and shut down wherever they may be. No ISP should be left unturned, no router left unexamined. They all need to be burnt to the ground! But is that really the case? If you think of the story of Goldilocks and the 3 bears.

Ransomware 100

Ransomware Internet Internet 100

Javvad Malik

NOVEMBER 8, 2021

I tried to be a bit click-baity with my headline by saying all security products are good. But I think I failed in making it very enticing. That’s typically a problem with click bait, if you don’t go big, you don’t really generate a ton of interest. And if you go too big, then you end up looking crazier than the naruto runner outside Area 51.

Technology 113

Technology Network Security Cybersecurity 113

Javvad Malik

NOVEMBER 5, 2021

It must have been around 2005. I was fed up with my job. I was the at that stage of life where I had the perfect balance of youthful arrogance, a disdain of authority, and just enough knowledge to give me illusions that I could do my boss, and his boss, and his bosses job better than they could combined. So, I did what anyone would do – updated my CV and sent it out to recruiters.

Banking 133

Banking Retail Education Marketing 133

Javvad Malik

NOVEMBER 4, 2021

Do you want fries with that? Global giant McDonald’s is famous for its fast food. However, it’s not their burgers and fries that made the business profitable. Ray Kroc struggled to initially bring enough revenue from his franchised restaurants in order to pay for the land and the building for McDonald’s restaurants, which meant growth was limited to one restaurant at a time.

Marketing 113

Marketing Passwords Accountability Risk 113

Javvad Malik

NOVEMBER 3, 2021

I’ve seen VC’s fund many security and tech startups. Lots of the ideas are rubbish, so I’ve come up with my own ideas that aren’t rubbish so VC’s can fund me instead. Don’t steal any of my ideas or I will sue you! Take a human skull and 3D print an eyeball on it, add Linux to the inside where the brain would be. Website uses photo of person looking out from screen with windows environment running, call this cyberSURVIVOR.

Cybersecurity 235

Cybersecurity 235

Javvad Malik

NOVEMBER 2, 2021

We were told that by now, we would live in a perfect world with flying cars. But that hasn’t arrived yet. We also believed that cybersecurity would be a problem that would have been solved, but it just seems to be getting worse. But what if the problem isn’t getting worse. What if we have solved cybersecurity and we do have flying cars – we’re just not looking at things in the right way.

Cybersecurity 140

Cybersecurity Accountability Media Technology 140