{"id":15055,"date":"2015-03-10T16:47:28","date_gmt":"2015-03-10T16:47:28","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=3684"},"modified":"2020-02-26T18:53:15","modified_gmt":"2020-02-26T16:53:15","slug":"best-tweets-of-thesas2015","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/best-tweets-of-thesas2015\/15055\/","title":{"rendered":"Best tweets of #TheSAS2015"},"content":{"rendered":"<p>Kaspersky Security Analyst Summit brought forward a lot of things to think about, and in this post we\u2019ll pick a handful (well, actually quite a lot) of twitter highlights from those two days of security-related keynotes and presentations.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Best tweets of #TheSAS2015<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FAVK7&amp;text=Best+tweets+of+%23TheSAS2015\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>\u201c<em>Insecurity isn\u2019t coincidence, it\u2019s consequence<\/em>\u201c, said famous security researcher Dan Kaminski in his keynote.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Wise words from <a href=\"https:\/\/twitter.com\/dakami?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@dakami<\/a> \u2013 insecurity isn't coincidence, it's consequence. <a href=\"https:\/\/twitter.com\/hashtag\/TheSAS2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TheSAS2015<\/a><\/p>\n<p>\u2014 Costin Raiu (@craiu) <a href=\"https:\/\/twitter.com\/craiu\/status\/567342801835134976?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Wise words indeed: both security and the lack of it are the results of certain decisions and actions, and negligence is a sort of action as well.<\/p>\n<p>It\u2019s a big mistake to think that vulnerabilities exploited by the cybercriminals are coming out of the blue: they may be unexpected, but it\u2019s \u201can expected unexpectability\u201d. A proper approach to security allows for the protection from next to any sort of threat. In reality, though, \u201choles in the fence\u201d are ubiquitous (just look at the graph\u00a0below), which allows for large-scale campaigns.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Vulnerability stats by product\/library from <a href=\"https:\/\/twitter.com\/Kym_Possible?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Kym_Possible<\/a>. It's not only about Flash and Java. <a href=\"https:\/\/twitter.com\/hashtag\/TheSAS2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TheSAS2015<\/a> <a href=\"http:\/\/t.co\/bAKHtZU3DU\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/bAKHtZU3DU<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/567772134845509632?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Carbanak, for instance, or another drawing card of SAS 2015:<a href=\"https:\/\/securelist.com\/blog\/research\/68750\/equation-the-death-star-of-malware-galaxy\/\" target=\"_blank\" rel=\"noopener\"> The Equation APT<\/a>. A lot has been said\u00a0about both of them: Carbanak, for instance, is a huge APT campaign \u2013 a Great Bank Robbery of XXI century\u2019s second decade. The still-active APT\u00a0was <a href=\"https:\/\/business.kaspersky.com\/the-great-bank-robbery-carbanak-apt\/3598\" target=\"_blank\" rel=\"noopener nofollow\">reported<\/a> at SAS by Kaspersky Lab\u2019s researchers Sergey Golovanov and Sergey Lozhkin. The audience appeared quite impressed by the Carbanak-related keynotes.<\/p>\n<p>https:\/\/twitter.com\/k8em0\/status\/567366634038251520<\/p>\n<p>A\u00a0full report is available <a href=\"https:\/\/twitter.com\/kaspersky\/status\/567359162536194048\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a>.<\/p>\n<p>The Equation has also stirred a lot of interest, and\u00a0the fact that this APT\u00a0has some apparent ties to Stuxnet (and actually precedes it) drew additional attention as well.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Suite of Sophisticated Nation-State Attack Tools Found With Connection to Stuxnet \u2013 <a href=\"http:\/\/t.co\/FsaH0Jzq5O\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/FsaH0Jzq5O<\/a><\/p>\n<p>\u2014 Kim Zetter (@KimZetter) <a href=\"https:\/\/twitter.com\/KimZetter\/status\/567400308045647872?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>People just couldn\u2019t pass by\u00a0the <a href=\"https:\/\/business.kaspersky.com\/the-equation-carbanak-desert-falcons-security-analyst-summit-summary\/3637\" target=\"_blank\" rel=\"noopener nofollow\">fabulous<\/a> Grzegorz Brz\u0119czyszczykiewicz. How many times have you tried to learn how it is properly pronounced?<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"pl\" dir=\"ltr\">Grzegorz Brz\u0119czyszczykiewicz <a href=\"https:\/\/t.co\/jvKEAK8kOJ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/jvKEAK8kOJ<\/a> <a href=\"https:\/\/twitter.com\/vkamluk?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@vkamluk<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/TheSAS2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TheSAS2015<\/a><\/p>\n<p>\u2014 David Barroso (@lostinsecurity) <a href=\"https:\/\/twitter.com\/lostinsecurity\/status\/567475653579001857?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Yet another point of interest for The Equation is that its main component appears to be only removable by <a href=\"https:\/\/twitter.com\/mashable\/status\/567854071564091392\" target=\"_blank\" rel=\"noopener nofollow\">physically destroying<\/a> the infected hard-drive. Pictures of a totally ruined HD have been tweeted quite a few times.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The only way to remove nls_933w.dll <a href=\"https:\/\/twitter.com\/hashtag\/TheSAS2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TheSAS2015<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/EquationAPT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#EquationAPT<\/a> <a href=\"http:\/\/t.co\/zfVE1kKyha\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/zfVE1kKyha<\/a><\/p>\n<p>\u2014 Fabio Assolini (@assolini) <a href=\"https:\/\/twitter.com\/assolini\/status\/567410130934067201?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"twitter-pullquote\"><p>Insecurity isn\u2019t coincidence, it\u2019s consequence (c) Dan Kaminski #TheSAS2015<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FAVK7&amp;text=Insecurity+isn%26%238217%3Bt+coincidence%2C+it%26%238217%3Bs+consequence+%28c%29+Dan+Kaminski+%23TheSAS2015\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Hardware was a hot topic throughout the entirety of SAS 2015. As Runa A. Sandvik summarized it, \u201cThat feeling when you wake up, read Twitter, and question whether you can trust any of the hardware you own.\u201d<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">That feeling when you wake up, read Twitter, and question whether you can trust any of the hardware you own.<\/p>\n<p>\u2014 Runa Sandvik (@runasand) <a href=\"https:\/\/twitter.com\/runasand\/status\/568734867757920256?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 20, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>And indeed: here goes some biohacking:<\/p>\n<p>https:\/\/twitter.com\/k8em0\/status\/567446257950400513<\/p>\n<p>then \u2013 obtaining the data by scanning the Bluetooth-enabled wearables:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Data which can be easily obtained via Bluetooth scan of wearables devices in the range <a href=\"https:\/\/twitter.com\/hashtag\/IoT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#IoT<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/TheSAS2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TheSAS2015<\/a> <a href=\"http:\/\/t.co\/zdGbeoqmyg\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/zdGbeoqmyg<\/a><\/p>\n<p>\u2014 Dmitry Bestuzhev (@dimitribest) <a href=\"https:\/\/twitter.com\/dimitribest\/status\/567794096778260480?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The much-glorified and eagerly-expected Internet of Things looks anything but secure, right now, yet it is being quickly implemented. Even on the urban level, as pointed out by Cesar Cerrudo from IOActive Labs, an expert researcher on ICS\/SCADA and Smart Cities, \u201cSmart city becomes Dumb city when the tech is implemented with no security in mind\u201d.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\"Smart city becomes Dumb city when the tech is implemented with no security in mind\" <a href=\"https:\/\/twitter.com\/cesarcer?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@cesarcer<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/theSAS2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#theSAS2015<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/567770873349861376?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The lack of the \u201csecurity in mind\u201d approach is the cornerstone of a lot\u00a0of today\u2019s security issues with software, especially the legacy ones, and especially with the aging ICS designed in the pre-Internet era. If \u201cSmart Cities\u201d will be plagued by the same problems, it\u2019s a bit scary to imagine what may follow.<\/p>\n<p>A full summary of the Kaspersky Security Summit is available in our blog <a href=\"https:\/\/business.kaspersky.com\/the-equation-carbanak-desert-falcons-security-analyst-summit-summary\/3637\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky Security Analyst Summit brought forward a lot of things to think about, and in this post we&#8217;ll pick a handful (well, actually quite a lot) of twitter highlights from those two days of security-related keynotes and presentations.<\/p>\n","protected":false},"author":209,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[963,2293,2294,956],"class_list":{"0":"post-15055","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-business","7":"category-smb","8":"tag-carbanak","9":"tag-grzegorz-brzeczyszczykiewicz","10":"tag-theequationapt","11":"tag-thesas2015"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/best-tweets-of-thesas2015\/15055\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/best-tweets-of-thesas2015\/15055\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/best-tweets-of-thesas2015\/15055\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/carbanak\/","name":"Carbanak"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=15055"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15055\/revisions"}],"predecessor-version":[{"id":26493,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15055\/revisions\/26493"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=15055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=15055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=15055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}