This week: Thanks to everyone who attended my first “IT Security: Zero to Hero” workshop this week. Far more people than I had expected, but we got through all of the questions in the end!

(If you’re responsible for securing your laptop, mobile phone, email account, and other cloud accounts, and you just want to ensure you are not an easy target, my free workshop shows you how. You can learn more and sign up at https://codeinmotion.ie/zero-to-hero)

This week’s stories are inspired by some of the questions raised at last week’s workshop.

  1. Why passwords should be unique, but should never be lonely.
  2. Why Macs are not immune to cyber attacks.
  3. Why AI and LLMs are double-edged swords.

 

3 – Passwords should be unique, but should never be lonely.

The Register reports on a recent breach of the 23andMe service, which allows its users to submit their DNA samples. What could possible go wrong here.. Well, as you can guess, the site was breached by cyber criminals, who then gained access to the DNA information of 6.9 million users. 23andMe claim that 14,000 of its users were the main cause of the breach, as they had not used unique passwords on their login accounts. How 14,000 breached accounts led to the disclosure of 6.9 million users’ records is explained in the article.

So what? Our passwords need to be unique but not lonely – They need to be accompanied by Multi-Factor Authentication (MFA) wherever it is available, and especially on high-value accounts. (The Zero to Hero workshop discusses password management and Multi-Factor Authentication in more detail.) And if you really want to share your DNA information with strangers, perhaps you should choose a service where they force all users to use MFA.

 

2 – Apple Macs are targets too

SecurityWeek reports on the 21 families (of malicious software) that have made themselves comfortable on Apple Macs over 2023.

So what? One fact: Apple Macs are more secure than Microsoft Windows devices. (And if you want to have an ecumenical discussion with me about that, just let me know). Another fact: Nothing is completely secure. We need to reduce the risks by keeping our software up to date, and using additional defences like firewalls and anti-virus software. (The Zero to Hero workshop discusses this in more detail.)

 

1 – AI and LLMs are double-edged swords

VentureBeat (and recently shared by Secure The Village) discusses the threats that Artificial Intelligence (AI) and Large-Language Models (LLMs) pose to our (society) (sanity) security. The article discusses the many ways that these can be ‘weaponised’ by criminals.

So what? The genie is out of the bottle. The horse has bolted. And I’m sure ChatGPT could give me numerous other ways to say: It is too late. The tech is already in the hands of cyber criminals. We are going to be inundated with fakes. We need to be increasingly skeptical of anything that we don’t directly see or hear in real life. The online world will remain a dangerous, and an increasingly fake, world.

 

On that positive note, Happy New Year. Let’s be careful out there!