Uber and Under the Breach

Everything you need to know about the Uber data breach, Why Uber is the Chris Brown of the cyber economy, and much more…

[Updated 23th Nov 2017 – see “Cover-up?” Section + afterthoughts]

Sleep

Darn, I really wanted to sleep, I really did! I had to work on something till late tonight, already got total upset by 4pm, and when I finally ended it near midnight, I checked twitter and darn, Uber been hacked. “What the heck, they fired Joe Sallivat, their head of Information security and Craig Clark, (the?) director of legal? Wow, I must write about it”. Luckily tomorrow I need to wake up early then usual. Darn lucky.

But this is important.

Flashback – I think it’s 2013. I’m speaking with Alex Hutton during a BruCON break. At some point Alex tells me something, that for some reason got engraved in my mind forever: “If you’re will not know how to measure risk and communicate it to the board you will not be CISO for long.”

Darn right.

Continue reading

#CyberBlind

Ridiculous information security salaries are the symptom of a bigger problem. Why salaries and job ads are superb indicators to your organisation cyber security maturity, how it can be improved, and why your organisation won’t do anything to fix it.

By Eh’den Biber

October been an extremely hectic month for me. It’s been a while since I travelled and worked in so many countries, that at some point I slept in 5 different places during one week. Amazing and exhausting at the same time, see post photo which was taken along the way.

When I came back, I decided to see if I can identify any shift in the job market, to see if I can make my wife happier by finding a role which doesn’t requires me to travel so much. Sadly, the results are grim.

Over the years I’ve developed a sort of a mentalist skill, and after 5 minutes into the job interview I could already tell the interviewer things I shouldn’t have known, such as the fact they recently experienced a severe breach, auditors’ blues, or simply someone just left in a hurry.

This brings us to the question – why? How come the responsibility and accountability of a person who takes such a role is not being rewarded in the right manner?

HR

HR in most cases have no clue about the role they asked to recruit for, and yet they are supposed to filter for the hiring manager. They then subcontract the hiring to a group of agencies, some of which have no clue what they are hiring. I’ve been asked recently by a recruitment agency manager “What is a CISO?”. Enough said.

Take home message to hiring manager: Speak with the recruitment agencies, ask for recent references, meet them, or use the ones you trust.

Continue reading

GDPR “Unknown Unknowns”

The art of privacy, and why what you don’t know (about the GDPR) WILL kill you.

By Eh’den Biber

 

Introduction

A few years ago, I had a colleague that was about to depart on a flight to a lovely vacation with his wife. As the airplane was waiting for the signal to lift off, my colleague wife started to scream. I mean REALLY scream. As my colleague wife had taken many flight before, my colleague had no idea what the fuck is going on (forgive my French). Long story short – airplane went back to the terminal, my colleague and his wife were being taken off the airplane, severe sedatives were used, and instead of a lovely vacation my colleague spent the next few days in a mental institute seeing his loved one going via hell. This whole thing followed a long recovery process, and almost broke him to pieces as well. Continue reading

Fake News

Who are the real hackers, and why most of the news about hackers are fake (snippet from my upcoming talk)…

By Eh’den Biber

Hi everyone

As you might have seen from my previous posts, I’ve been writing a long post called “the revolution”, which covers my journey into finding ways of communicating and connecting with my son, who have severe autism. I was about to post a new update to it – but then I stopped.

You see, in the last two years I’ve been planning to give a talk about the subject of substance abuse in the hackers’ community. This is a topic which has have HUGE implications for anyone who either is a hacker, working with a colleague who is a hacker, employing one, or planning to employ one. The reason the update to “the revolution” was delayed is because substances and their impact on non-ordinary states of consciousness was just too big for a written update.

And the good news is that thanks to it, I’m finally ready to give a talk on the subject. It would be lovely to share it with Peerlyst members, here in London, and will be looking for an event space for it. Also, I plan to share it in upcoming CONs because it’s probably the most interesting topic I’ve researched, and one with huge implications to many people who are reading it right now. Based on my experience, if you are reading it you’re either abuse substances or know a substance abuser. If you have an upcoming CON and wish me to talk on the subject, please contact me directly. I assure you that it’s going to be one of the most interesting talks you will have in your event.

Please share thoughts, comments, and stories either below or, if anonymously, via my secure email account: ehden at protonmail dot com.

 

Eh’den

Fake News

There is an epidemic of “hacker news” that dominates our world in an alarmingly increasing pace. It’s moving so fast that mentioning any reference here is a mistake because it will be blown away by another data breach so fast that the reference will most likely be forgotten.

The problem is that most of these news are fake.

Continue reading

Time Capsule

“Hey Eh’den, I found two hard disks of yours”. My wife and I have been struggling with water ingress issue in our son’s bedroom, and while she was taking the opportunity un-hording (also known as “throw away shit he is still keeping”) she discovered forgotten external hard disks of mine. One of them was a mini USB drive, 500GB of information which I thought I already backed up onto my 2TB hard drive.

As I was going over the endless folders and sub-sub folders I discovered a folder called “videos”. And there I discovered old videos I took of my kids when they were young.

I played the videos to my wife. She was sitting next to me in quiet, shocked. After watching few of videos she told me “Eh’den, I now understand why you refused to accept his autism. He looked so normal as a child”.

Continue reading