Another Day, Another Hack: What Security News Should You Worry About?

Every day it seems like there is a new violation, a password to reset, or a vulnerability. The problem with a lot of safety news is that a lot of it is important, but there are also junk stories , big ones about fear and lack of information, that make you just pass out. Let’s figure out what you should pay attention to, and what you can ignore when you see it.

A lot of it comes down to where you get the security news in general and how much of it you want to read. If you are a security enthusiast or professional, you probably have blogs and names that you follow and trust. However, if you’re not a professional, even the scary headline about a “vulnerability” discovered by “security researchers” might seem like an excuse to shut down your computer or call your ISP to see how you can protect yourself.

Don’t worry – a lot of security news, especially on general news sites, is usually revised information from old publications, superficial reports without much detail, and generally not very informative. This does not mean that you should sometimes sit and pay attention if the problem is serious enough. Here’s what to look out for.

Security news to watch out for

There are some types of news that everyone should sit down and pay attention to. This usually happens because the news requires action, as there is something you can do to protect yourself and your data. Here are a couple of things to always look out for when you see people talking about them or read the headline about them:

  • Hacks and security breaches that require action, such as changing a password or stealing credit card information . Regardless of your level of technical literacy, these headings should make you read deeper. If you see that the service you are using or the merchant through which you make purchases has been hacked, you should find out as much as possible about it. If this is a service you haven’t used for a long time, change your password or close your account. Don’t rely on the seller or website to email you or contact you for more information – they might say they will, but they never will, and in the end, you still have a responsibility to protect yourself. … Make sure you change these passwords and keep track of your credit reports and statements.
  • Identity theft reports where you shop . This one is a little more sinister. If you find that the staff of a restaurant you used to go to has been accused of stealing credit card numbers, or that one of the nation’s largest retailers has been hacked and stolen cards are found in the wild, take a look. This may sound like common sense, but now is a good time to get a free copy of your credit report and make sure everything is in order, go through your bank and card statements, and maybe even create your own free loan. monitoring system . Hacks can be ubiquitous, but when they hit the mark, you should pay as much (and possibly more) attention.
  • General trends and security news from trusted, consumer-focused experts . Even non-professionals should take a little time to learn how security tools work, which ones are generally recommended (and respected), and which ones are more likely to cause more problems than they solve. Everyone should also learn how to protect their online safety and privacy. It’s harder to define because who to trust is a problem, but the bottom line is that any security researcher or professional whose experience you can learn and whose job it is to pay attention to the industry and extract it for consumers in an understandable way is good a source. Then, once you find one such source, find several more and read a few of the opinions. You will accomplish more here by sticking to technology oriented sites as opposed to oversized site names that seem to cover everything like local news and weather. Home appliances sites like PCMag , Cnet, and others with dedicated security editors are a good place to start.

The bottom line is that the minimum that everyone should pay attention to are things that can directly affect you. Read about the basics and how to protect yourself from threats that already exist, and when something new appears that you can control or protect yourself in some way, be sure to pay attention.

Of course, you should still be skeptical about this. The same rules apply here as to everything else on the Internet . Read more than one source and don’t get obsessed with what individuals, companies, or research groups have to say. In many cases, one researcher or “security group” will widely advertise their own vulnerability or something they have found to be much worse than it actually is, or even suggest a specific tool because that is how they make money and grab the attention of the security community. … This is how the industry works – money and prestige go where the biggest, most significant, dire threats and vulnerabilities are located. This means that you must treat a lot of security news with a grain of salt, but still with an open mind. Check what you read with other good sources.

Security news to watch out for enthusiasts

If you are an enthusiast, novice researcher, or interested in security news and want to learn more than what you occasionally hear in podcasts or read on multipurpose consumer technology sites, then you should dig deeper. If that sounds like you, here are some things to look out for:

  • All of the above . Make no mistake, you shouldn’t give up the basics just because you want to learn more or think that you are more than just a layman. You should, like anyone else, change these passwords after hacking into the site you are visiting, check your credit and finances to make sure someone is not stealing your identity, and practice good online hygiene.
  • Specific industry trends and widespread issues such as Heartbleed and Shellshock . Whether you are an enthusiast or just want to know more than what you hear on many news sites, tracking down specific news about serious security issues that don’t need to be addressed at the consumer level will tell you a lot. Vulnerabilities like Heartbleed, Shellshock, and the later version of StageFright aren’t exactly something the average consumer can do anything about, so many don’t need to scare them about something they can’t protect themselves from (or little evidence is used in the wild.) Experts don’t want to live under that comfy blanket, so it’s worth familiarizing yourself with their reasons, scale, and industry response. This way you will learn a lot about security (and real business practices), which can save you the hype of these bombastic headlines elsewhere on the web. It’s incredibly informative to learn how vulnerabilities work, what the vulnerability really is, how difficult it is to fix it, and what needs to be done to fix it.
  • Independent security findings and publications from trusted threat response experts . A lot of things fall into this category, but it’s a line that ordinary technology consumers don’t usually cross. On the one hand, this is a world in which you usually focus on using your technology for communication, work and play, and on the other, where you read and follow security news. On this side of the line you subscribe to an update of the American group on preparedness for computer emergencies (US-CERT), but understand that they are quite conservative in scope, and add to the bookmark sites such as ThreatPost and Dark Reading, for for more information. You pay attention to AV Comparatives and AV Test’s antivirus test results, trust the opinions of people like Bruce Schneier and Brian Krebs , and turn to them for thoughts when you hear about a frightening new “vulnerability”. You listen to podcasts like Security Now every week.

If you are reading Lifehacker, you can be sure that you will fall into at least some of the above. You may only prefer to sit down and notice when something important is happening, but you also enjoy being an educated and informed user of your technology. Choose or leave parts of both groups as you see fit – the only thing that can happen – as a result, you become a more educated and informed user.

Security news to ignore

In general, if this is a topical security news item, you shouldn’t ignore it. The problem, however, is that many sites package old vulnerabilities, long-fixed issues, and super-old hacks as security “news” to get your clicks and views. For example, this CNBC article we mentioned earlier is just awful. He instigated an old, long-patched vulnerability developed by a security “research firm” well known for over-reporting in an article almost entirely devoid of useful information.

This article, although more relevant , also aims to address a vulnerability that has already been patched but never exploited, and affects a tiny subset of devices (using information from the same research firm, by the way). These are the reports that you should attach to yourself. skepticism: where an “exploit” or “vulnerability” is so vague and unclear that it doesn’t affect anyone, is a proof of concept, is absent in the wild, requires some insane level of access or direct contact, or is more or less preliminary research by a security firm trying to make itself name.

And it’s not always the researchers’ fault – as is the case with science, safety reports are often rushed with disturbing headlines to share. This means that sometimes today’s promising attack vector exploration could be tomorrow’s pasted headline claiming all phones everywhere are vulnerable to an exploit … and the fine print buried in the article that it was patched three years ago only affects devices with certain versions of certain software, and, oh, it also requires physical access for several weeks to be hacked.

In short, the BS sensor is your best friend. If you see a story that has been widely reported without further elaboration, if you read about a vulnerability but only one expert speaks in every article you find, or a specific company publishes a vulnerability that offers its own products for sale, make a salt shaker. Confirm what you are reading, look for what you can do to fix the problem (or if it has already been solved), and if in doubt, find sources you can trust, such as some of the ones we linked to above. In no time, you will be able to separate the protective wheat from the frightening chaff.

More…

Leave a Reply