Less is More

Last time, I told you how to enumerate all the devices on your home network. Before we go to the trouble of analyzing and mitigating their vulnerabilities, we should take the opportunity to cull the inventory. Do you really need all of these devices? Or could you forego the “smart” features that require them to be connected to your network? Today we’ll talk about reducing your attack surface before we bother trying to secure it.

In other news: the White House announces new cybersecurity labeling program; the SEC mandates a 4-day reporting window for cyber attacks; EFF opposes a bill that threatens our privacy; stolen Microsoft signing keys behind a set of targeted US government email hacks; more details emerge about Facebook mining Onano VPN for user data; TETRA radios used for decades revealed to have deliberately weakened encryption; ALPR data now being used with AI algorithms to guess which cars might contain criminals; Apple threatens to pull Facetime, Messages from UK over proposed surveillance law changes; Google’s Web Integrity API causes a stir; Apple to require justification for use of some APIs that might compromise user privacy.

Article Links

  1. [whitehouse.gov] Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/
  2. [The Hacker News] New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days https://thehackernews.com/2023/07/new-sec-rules-require-us-companies-to.html
  3. [Electronic Frontier Foundation] Amended Cooper Davis Act Is a Direct Threat to Encryption https://www.eff.org/deeplinks/2023/07/amended-cooper-davis-act-direct-threat-encryption
  4. [TechCrunch] Microsoft lost its keys, and the government got hacked https://techcrunch.com/2023/07/17/microsoft-lost-keys-government-hacked/
  5. [Financial Review] Facebook admits it used app to ‘know nearly everything’ about users https://www.afr.com/companies/media-and-marketing/facebook-admits-it-used-app-to-know-nearly-everything-about-users-20230713-p5do2a
  6. [WIRED] Code Kept Secret for Years Reveals Its Flaw—a Backdoor https://www.wired.com/story/tetra-radio-encryption-backdoor/
  7. [Forbes] This AI Watches Millions Of Cars Daily And Tells Cops If You’re Driving Like A Criminal https://www.forbes.com/sites/thomasbrewster/2023/07/17/license-plate-reader-ai-criminal/
  8. [MacRumors] Apple Threatens to Pull FaceTime and iMessage in the UK Over Proposed Surveillance Law Changes https://www.macrumors.com/2023/07/20/apple-threatens-to-pull-facetime-and-imessage-uk/
  9. [Ars Technica] Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web https://arstechnica.com/gadgets/2023/07/googles-web-integrity-api-sounds-like-drm-for-the-web/
  10. [MacRumors] Apple Developers Required to Justify Use of Some APIs in Latest Move to Boost Privacy https://www.macrumors.com/2023/07/28/developers-required-to-justify-api-use/
  11. Tip of the Week: Less is More: https://firewallsdontstopdragons.com/secure-your-network-2-simplify/

Further Info

Table of Contents

Add time-based list of markers.