Good morning everyone. As I mentioned last week, the RSA conference in San Francisco, CA, begins TODAY! If you missed last week’s post, the RSA conference is going to be happening from today, all the way until Friday, April 20th. There are going to be many guest speakers there including professionals from Microsoft, Cisco, Google, VMWare, etc. This is an event you don’t want to miss. Another event going on in San Francisco today is the CYBERTACOS networking event. If you are looking to attend something a little less speaker-heavy, then this one is for you. It is a cybersecurity networking event, which is also featuring food and drinks (hence the name “cybertacos”).
As I was reading through the current news this past week, I found something that I thought was pretty exciting that I wanted to share with all of you. There is a new open standard, called “WebAuthn,” which is going to be coming to all major web browsers soon, as a new way to log in. This standard has already been committed to by Google, Microsoft, and Mozilla. The implementation has already begun for Windows, Mac, Linux, Chrome OS, and Android platforms. With this new standard, user authentication is going to be simplified by allowing users to login with a single factor, by using internal or built-in authenticators. These include fingerprints, facial biometrics, and other external authenticators like security keys and cell phones. The point of this standard is to move the industry away from using passwords, since passwords have been proven to be far weaker than biometrics.
Another interesting topic in the news right now is the “ransomware” that doesn’t require a pay-out, but requires users to play the violent video game “PLAYERUNKNOWN’s Battleground,” better known as “PUBG,” for exactly one hour. It seems the author felt the need to put an unusual twist on the normal ransomware scheme. The attack message pop-up reads:
“Your files are encrypted by PUBG Ransomware!
but don’t worry! It is not hard to unlock it.
I don’t want money!
Just play PUBG 1Hours!”
The thing is, the malware requires that you purchase this game in order to decrypt your data. Also, the message says you must play for one hour, but once you purchase and begin playing the game, your data becomes decrypted after three seconds of game time. In order to get around purchasing the game, you can change the name of any utility on your computer to “TSLGAME.EXE,” and run it, and the malware assumes you have begun playing the game. The malware detects that you are playing just by monitoring your list of running apps, so it is clear this “developer” was very simple-minded and overall, a jokester. The overall theory is that this attack is supposed to be a joke, as the writer of the malware code, very carelessly, left his username “Ryank” in the code.
That’s all for this week. Any questions or comments please feel free to shoot me an email: [email protected]! Have a great week everyone!