The CyberWire Daily Podcast 12.23.15
Dave Bittner: [00:00:03:02] Call of Jihad. Rye surprise. Juniper investigation points to RNG. Cyber regulations and holiday sense.
Dave Bittner: [00:00:13:20] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more on line at ISI.JHU.EDU.
Dave Bittner: [00:00:36:13] I'm Dave Bittner in Baltimore with your CyberWire daily summary for Wednesday, December 23rd, 2015.
Dave Bittner: [00:00:43:14] ISIS opens up a new recruitment tool, a first-person shooter game called Call of Jihad. An obvious knock-off of the popular Call of Duty, it remains to be seen how successfully gaming can bear the jihadist message. Especially given how complicated that message's expression can be. See, for example, the Brookings Institute's thoughts on how terrorist messaging is refracted through social media.
Dave Bittner: [00:01:07:22] Westchester County officials say it's news to them that the Feds detected Iranian probing of their small dam in Rye, New York. County executives' reaction suggests, unsurprisingly, that inter-government cyber threat information sharing may still suffer from implementation issues.
Dave Bittner: [00:01:24:23] Investigation into the Juniper backdoor now points toward a less-than-satisfactory random number generator, once advocated by NSA. Cisco is inspecting its own code for similar issues (and finds none, so far) and observers expect other companies to undertake comparable self-examination.
Dave Bittner: [00:01:43:02] The Spy Banker Trojan courses through Brazil via Facebook and Twitter accounts.
Dave Bittner: [00:01:48:16] Joomla 2.4.7 is out, and includes important security patches to the widely used content management system.
Dave Bittner: [00:01:56:13] You may soon see a new error code in your browser. Joining 403 ("Forbidden") and 404 ("Not found"), error 451 will tell you that "legal obstacles" (essentially, if not exclusively, censorship) prevent you from viewing content. The choice of "451" as the designator is an homage to Ray Bradbury's dystopian novel "Fahrenheit 451" and the temperature at which Bradbury said books burned.
Dave Bittner: [00:02:23:11] Internet privacy, censorship, and surveillance rules are enacted or debated in China, the EU, the UK, and the US. The tech sector is generally cool toward them, especially the British versions.
Dave Bittner: [00:02:36:06] As Christmas approaches, the Hello Kitty and VTech toy hacks continue to give parents the willies. Security companies offer much holiday-specific advice. You should, for example, make sure that any old device you're replacing with a new gift is securely wiped before you sell, toss, or give it away. And do remember how many toys are networked nowadays.
Dave Bittner: [00:02:59:15] This CyberWire podcast is brought to you by the Digital Harbor Foundation, a non profit that works with youth and educators, to foster learning, creativity, productivity and community through technology education. Learn more at digitalharbour.org.
Dave Bittner: [00:03:21:01] Joining me is John Petrik, editor of the CyberWire. John, from time to time we like to dig into our CyberWire glossary that we have on our website at the CyberWire.com. And today we're going to talk about sock puppets. Not the thing that's in my kids toy box. When it comes to cyber, what is a sock puppet?
John Petrik: [00:03:38:13] A sock puppet is an on-line identity that's created and used for purposes of deception. So a sock puppet looks like an independent party, who supports, approves or agrees with some person, some organizations, some agency or some state. But in fact the sock puppet is created and controlled by the person or agency that they're endorsing. It has no independent existence.
Dave Bittner: [00:04:01:08] And where would I encounter a sock puppet in the real world?
John Petrik: [00:04:04:11] Well, common uses of sock puppets include plausibly deniable information operations, provocations, fraudulent advertising, astroturfing things like that. So, you might find a sock puppet, for example, in an on-line review of some product or service. If you find that a product or service is being heavily endorsed in similar fashion, you may be seeing in fact a number of sock puppets, that are being controlled by the author.
Dave Bittner: [00:04:30:10] So what's the best way for me to protect myself from sock puppetry?
John Petrik: [00:04:34:14] Be skeptical when you're on line. Remember that the screen persona need not represent the reality behind it.
Dave Bittner: [00:04:41:06] John Petrik, editor of the CyberWire, thanks for joining us. We'll talk again soon.
Dave Bittner: [00:04:47:00] A note to our listeners and readers, the CyberWire will be taking Thursday and Friday off for the Christmas holidays. We'll be back as usual on Monday, December 28. In the meantime, best wishes for the holidays.
Dave Bittner: [00:04:57:23] And that's the CyberWire. For links to all of today’s stories, along with interviews, our glossary, and more, visit thecyberwire.com. The CyberWire podcast is produced by CyberPoint International, and our editor is John Petrik. Thanks for listening.