A news article caught my eye this morning while getting ready for this episode of the UNSECURITY Podcast.
US Strategic Command Twitter account accessed by child: report
My first thought was “oh, that’s funny and sorta cute.” Then I thought some more. It seems innocent(ish) to walk away from your computer while you’re at home. What could happen? Well, this could happen, but it could have been much worse!
This is the Twitter account of the U.S. Strategic Command (“USSTRATCOM”). For those of you who don’t know what USSTRATCOM is, or what they do, here’s information from their “About” page:
“USSTRATCOM integrates and coordinates the necessary command and control capability to provide support with the most accurate and timely information for the President, the Secretary of Defense, other national leadership and combatant commanders.
The mission of USSTRATCOM is to deter strategic attack and employ forces, as directed, to guarantee the security of our Nation and our Allies. The command’s assigned responsibilities include strategic deterrence; nuclear operations; space operations; joint electronic spectrum operations; global strike; missile defense; and analysis and targeting. USSTRATCOM’s forces and capabilities underpin and enable all other Joint Force operations.
USSTRATCOM combines the synergy of the U.S. legacy nuclear command and control mission with responsibility for space operations, global strike, and global missile defense. This dynamic command gives national leadership a unified resource for greater understanding of specific threats around the world and the means to respond to those threats rapidly.”
Sounds pretty damn important! Social media is used by organizations (public and private) to disseminate information to the public and their customers. What if the information disseminated is harmful to others? In this particular case, a child typed “;l;gmlxzssaw”. The message was broadcast all over the world and caused a stir. Caused a stir, but not panic.
What if this wasn’t a child and/or the message was more nefarious. What is someone typed:
“The United States of America is under current attack. The President has raised our alert condition to DEFCON 1. THIS IS NOT A DRILL. DO NOT panic, but please be aware. Additional details forthcoming, including further instruction for protection of U.S. citizens and our assets.”
Now, you may know that USSTRATCOM would never issue such a warning on Twitter, but do others? Even if others do know this, you’ve seen how some people throw logic and reason out the window when something panicky happens, right? What if the alert was more thought out with direct instructions to do certain things that could be destructive. Would this cause a panic? On the surface, this particular instance may seem funny. In reality, it’s sad. It’s sad that people often use computers without thinking of consequences and that we are STILL trying to get people to lock their computers when they step away.
Anyway, we’ve got a show to do. Let’s get right to it, show notes for episode 125 of the UNSECURITY Podcast…
SHOW NOTES – Episode 125 – Tuesday March 30th, 2021
[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 125, and the date is March 30th, 2021. Back again is my good friend and security ninja Brad Nigh. Welcome Brad!
Another good show today. We’re gonna talk about this FRSecure CISSP Mentor Program think you might have heard about.
FRSecure CISSP Mentor Program
- What is it?
- Who’s it for?
- The history of the FRSecure CISSP Mentor Program
- 1st class in 2010 – six students
- 11th class in 2020 – ~2,400 students
- 12th class this year (2021) – 5,300+ students
- Why did we start this thing?
- Why do we keep doing this thing?
- Next class starts on April 12th (2021)
- What are we expecting?
- Who’s teaching?
- Is there time to sign up still?
- Is it really FREE?!
- What strings are attached?
- Will I be marketed to?
- Will I be sold something?
- Will you sell my information?
- What’s the future of the FRSecure CISSP Mentor Program?
- Where can I sign up?
- Can I refer others?
- What if I’m not planning to take the test?
And whatever other question we can think of. We’ll be transparent as we talk about the program and our experiences with it.
Want to know more? GO HERE: https://frsecure.com/cissp-mentor-program/
Three interesting news articles this week:
- (the opening) US Strategic Command Twitter account accessed by child: report – https://www.foxnews.com/us/us-strategic-command-twitter-account-accessed-by-small-child-report
- Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code – https://securityaffairs.co/wordpress/116088/hacking/php-git-server-hack.html
- Intel accused of wiretapping because it uses analytics to track keystrokes, mouse movements on its website – https://www.theregister.com/2021/03/30/intel_wiretapping_data/
Wrapping Up – Shout Outs
Good talk. Thank you Brad, and thank you listeners!
- Who’s getting shout outs this week?
- Closing – Thank you to all our listeners! Send things to us by email at firstname.lastname@example.org. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!
…and we’re done.