Your company was hacked? Don't be ashamed about it (probably).

I ran across a ZDNet headline today by Danny Palmer:

I understand that you're employed to do everything you can to help keep a company secure from bad actors, but things happen.  In the event that a hacker is able to get around your security measures  (and possibly get away with valuable information), how are you supposed to reflect on that in your career?

If you created accounts that have unrestricted access and the passwords were "password", then yeah, it's probably going to be an issue when you're looking for a new job.  What is interesting is that according to the article, 54% of respondents from a University of London survey flat-out don't discuss past incidents where they experienced attacks or breaches.

It was interesting to read, since it wasn't an aspect of computer security I have thought about yet this semester: what happens if you're on the receiving end of a successful hack/breach?

I imagine that if you did everything possible to prevent the attack, how you reacted (and how quickly) would determine if that's something you would want to share with others, especially prospective employers.  

Instagram Vulnerability Allows Bad Actors to Access User Phone Numbers and Names

While I don't use Instagram, I'm very much aware of how popular it is and how many people have an IG account.  This morning I came across an article from Forbes regarding a vulnerability in Instagram, that allows for individuals to obtain user's name and phone numbers.  I can sum up the issue as best as I can, but Zak Doffman goes in great detail and does an excellent job of going into all the details:

If I had to sum up the vulnerability as quickly as possible: bad actors can use an algorithm to brute force Instagram's login form, and combined with exploiting Instagram's "Sync Contact" feature, is able to obtain a list of user full names and their phone numbers.  The issue is much more complex than can be summed up in a single sentence, so I highly recommend reading Zak Doffman's article (linked above in the image).

Thankfully, Facebook was quick to fix the issue and the exploit no longer works as of this post.

You didn't want to play World of Warcraft today, did you?

Update 9/9/2019: Two days of DDoS attacks.

I have been playing World of Warcraft on and off since 2005.  It's a fun game to play and (for the most part) has a large, helpful community of players to chat and play with.  Sometimes I spend far too much time in the game, so I tend to cancel my subscription at the beginning of each school semester to avoid distractions from my studies.

This brings us to today's post.  My WoW subscription ended the evening of September 6th, forcing me to say goodbye to my online friends until the end of the 2019 Fall semester.  Earlier today I discovered that I quit just in time, as Blizzard Entertainment was forced to deal with DDoS attacks on their World of Warcraft: Classic servers.

It was brought to my attention as I was browsing through Reddit, but it was later confirmed by Blizzard via Twitter:

During the DDoS attack, players were unable to connect to most of the servers in World of Warcraft: Classic, a version of World of Warcraft that was released less than two weeks ago.  The DDoS attack impacted players for almost 6 hours today.

This isn't the first time players have had to deal with DDoS attacks against their favorite MMORPG, and I'm sure it won't be the last.

The purpose of this blog is to find interesting articles/topics relating to computer security, so it felt appropriate to make the first post that ties in my interest in computer security and one of my favorite personal hobbies: World of Warcraft.  Hopefully I don't get another opportunity to make a similar post later.