October 30, 2014

Security and Celebrity

Posted in Uncategorized at 20:50 by Alex McGeorge

I read a note in the Washington Post express today about Kim Kardashian being a brand spokesperson for BlackBerry. The Post staff did something interesting and looked at her last 200 tweets and found that most of them weren’t posted from a BlackBerry and that got me thinking.

If you become famous enough that obtaining nude pictures of you is worth burning several bugs on (App, OS, RAT/RootKit), you find yourself in a league usually populated by military and politicians. But they actually have a lot more disadvantages. For example, as a celebrity you’re constantly under unapologetic surveillance. You’re going to be photographed using your phone, so it will be easy to determine what platform you’re using. Further, celebrities have publicists and publicists have staff who all use their own devices who will likely have access to your accounts. Each person who is in charge of managing your digital accounts and devices now increases the number of people who can make poor security decisions on your behalf. Complicating matters even more, celebrities wouldn’t have access to an army of trained nerds to help stop them and their support staff from making security blunders.

I’m definitely not surprised that private pictures and data from celebrities have surfaced on the internet. If you’ve followed that story at all I’m sure you’ve heard the rumors of a vast underground network of people who trade in that data amongst themselves. If you’ve ever read Speed Tribes by Karl Greenfield there’s a section about this kind of thing happening in Japan back in the 90s. People certainly do trade illicit data on line, personal and pornographic included, so it strikes me as plausible that the rumor has some truth to it.

So what to do? I have to imagine that The Fappening reverberated with a lot of American celebrities, maybe even internationally as well. Seems to me that talent agencies should be offering some kind of service for this. Private cloud, locked down smart phones and tablets, an actual person to review logs collected from your devices to determine what kind of silly shit you’ve been doing. Seems like a niche that could be filled. Talent agencies know how to manage talent, I don’t see many celebrities contracting out to private cyber security firms to do this kind of thing. Though to be fair many contract out to executive protection as well, though I would think the power dynamic between those two services (who cares more about your image, your agent or your body guard?) would be different in a meaningful way.

Advertisements

April 10, 2012

A cyber weapon

Posted in Exploits, Uncategorized at 15:22 by Alex McGeorge

There’s been a lot of discussion in the security industry recently around exploits, 0-day, ethics and how the government fits in to all of this. I disagree with some points in the recent Washington Post article, specifically how they (and presumably the Pentagon) are defining a ‘cyber weapon’ and a few other things*.

Word Count: ~850
Read the rest of this entry »

July 5, 2011

Coding for Death: Appendicitis

Posted in Uncategorized at 16:37 by Alex McGeorge

Some notes for discussion

Word Count: 283
Read the rest of this entry »