Linked List: May 19, 2024

Sunday, 19 May 2024

My thanks to Kolide for sponsoring last week at DF. The September 2023 MGM hack is one of the most notorious ransomware attacks in recent years. Journalists and cybersecurity experts rushed to report on the broken slot machines, angry hotel guests, and the fateful phishing call to MGM’s help desk that started it all.

But while it’s true that MGM’s help desk needed better ways of verifying employee identity, there’s another factor that should have stopped the hackers in their tracks. That’s where you should focus your attention. In fact, if you just focus your vision, you’ll find you’re already staring at the security story the pros have been missing.

It’s the device you’re reading this on.

To read more about what Kolide learned after researching the MGM hack — like how hacker groups get their names, the worrying gaps in MGM’s security, and why device trust is the real core of the story — check out the Kolide blog.

Encyclopedia Sasser and The Case of the Forged 1977 Apple Employee Badge ★

My suspicions were immediately raised by the photograph. That’s just not what ID card photographs looked like in the ’70s or even ’80s. But when #8 calls it fake, you know it’s fake. Go home, Bugs Meany.

Tweet URLs Finally Redirect to X.com ★

Only took 300 days. (And, as I noted in a footnote a few months ago, with this change I’ll just call it X, not “Twitter/X”.)