Becoming Stephen Hawking

Truth is the only thing that stands between us and a cyber nightmare. Dedicated to the 2019 October Cybersecurity Awareness Month.

By Eh’den Biber

 

Virtual Insanity

Futures made of virtual insanity, now
Always seem to be governed by this love we have
For useless, twisting, all that new technology
Oh, now there is no sound, for we all live underground

(Jamiroquai, “Virtual Insanity”, from the album “Travelling Without Moving”)

 


There is a reason why people in the west can’t grasp how the disappearance of privacy and the total exposure of our most intimate states is a part of a dystopian nightmare, and it has to do with who we are.

Continue reading

Magic Cyber Pills [Updated 2018-01-14]

Why autism education and Cybersecurity awareness training fails and how to solve it.

By Eh’den Biber

 

If you think you’re going to solve your cybersecurity awareness problem by technology, you don’t understand your problem, and you don’t understand technology” (paraphrasing Bruce Schneier)

 

Subconscious Cybersecurity

Everyone tries to solve the lack of cybersecurity awareness, and everyone fails. They fail because they don’t understand how our we integrate “information” into what we perceive as an expansion of our perception.

The current approach tries to address the problem via focusing on the #conscious, while the truth of the matter is that we interact with the real world via the #subconscious. As if we are not living in an age of a constant and increasingly intrusive digital distortion of our perception of reality, that is attacking our subconscious and manipulating us by knowing our biases (example: fake news). As if expansion of knowledge changes our core drivers. If knowledge was able to change people perception, people wouldn’t be smoking after they see all the horrific photos on the cover of all tobacco products. We live in a digitized era. The digital world is everywhere, it is part of who “we are”. Your dopamine reward system are being hacked constantly by your mobile phone apps, it is integrated into “your” physical experience. A growth of knowledge on the conscious level does not give you any measurable impact on the subconscious, because… that’s why we call it “subconscious” – we can’t measure it. Knowledge doesn’t change perception, direct experience does. After been given the diagnose of my youngest son extreme autism I was reading and learning everything I could about it, and the impact it might have, but it didn’t allowed me to understand him, nor to influence him. I didn’t feel like he did, so I couldn’t grasp that it means to be autistic.

Continue reading

The Emperor’s New Clothes 2.0

Exposing the malware that is killing cybersecurity.

By Eh’den Biber

 

 

Malware

In the past years a new malware has been slowly yet steadily taking over our world. It spreads like wildfire throughout our society, corporate and governmental world, and by doing so it increases the probability of our annihilation. It morphed and evolved, most of our infrastructure is now compromised, and yet most people don’t even recognise their infrastructure is as well.

 

This is the story of the malware, which started in 1837…

Continue reading

No Expert, No Cry

Why you shouldn’t trust (awareness) experts, what should you trust instead, and my new year resolution.

By Eh’den Biber

(see the end of the post with the update…)

Prologue – SANS

During the SANS European awareness summit, I’ve ended up in an interesting debate on twitter with one of the attendees (John Scott). The debate was on the observation I made that science was not part of the agenda in this major awareness summit. There was not a single scientist on stage to talk about their breakthrough research, and none of the tweets about the event (#SecAwareSummit) included any science in them.

My observations didn’t go that well with John, who seems to have taken it a bit personal. To show me I was  wrong he mentioned that Jessica Barker gave a talk. Yes, she did, and yes: she’s a (civil design) doctor, and I barely finished Kindergarten.

When SANS finally posted the slides from the event (including the workshops that occurred before), it seems that the only one who provided external references in their slides was Jess (well done). She mentioned 5 academic papers (from 1996, 1999, 2008, 2008, 2009), one reference to TED talk (2012) and one book (2017). Only one of the research mentioned was focused on information security (2009, Self-efficacy in information security: Its influence on end users’ information security practice behaviour), it used social cognitive theory, and the results suggested that simply listing what not to do and penalties associated with a wrong doing in the users’ information security policy alone will have a limited impact on effective implementation of security measures.

I’ll let Iago express my feelings about that one:

Show Me the Science

Continue reading

Uber and Under the Breach

Everything you need to know about the Uber data breach, Why Uber is the Chris Brown of the cyber economy, and much more…

[Updated 23th Nov 2017 – see “Cover-up?” Section + afterthoughts]

Sleep

Darn, I really wanted to sleep, I really did! I had to work on something till late tonight, already got total upset by 4pm, and when I finally ended it near midnight, I checked twitter and darn, Uber been hacked. “What the heck, they fired Joe Sallivat, their head of Information security and Craig Clark, (the?) director of legal? Wow, I must write about it”. Luckily tomorrow I need to wake up early then usual. Darn lucky.

But this is important.

Flashback – I think it’s 2013. I’m speaking with Alex Hutton during a BruCON break. At some point Alex tells me something, that for some reason got engraved in my mind forever: “If you’re will not know how to measure risk and communicate it to the board you will not be CISO for long.”

Darn right.

Continue reading