Twitter and Physical Security - Nov 12th - 18th - F5 SIRT - This Week in Security
Greetings, this is your editor this week, Kyle Fox. This week we have what one might say is a slow week in terms of security news, but its been far from a slow week in security related news. This week we follow Twitter and its current change of management, Apple's dramatic expansion of iPhone's public safety capabilities and some miscellanea. Keen readers may have noticed that I often talk about physical security being just as important and information security, and it is, your network might be the most secure in the world, but if someone can break in, especially by blowing some whiskey though the door, its not secure from all threats. This goes doubly so for the security of your people.
Elon Musk's takeover of Twitter continued last week with a number of incidents that have made the possibility of Twitter suddenly going dark a very real possibility. One of the more prominent of these incidents was offering the blue verified checkmark for a $8 a month fee that resulted in a wave of fake accounts causing havok with many corporations marketing teams and ultimately resulting in massive drops in mainstream advertising on Twitter. During the whole blue checkmark fiasco, Elon also ordered all existing "verified" blue checkmark accounts to be locked so that the name and profile fields could not be changed, this ultimately means thousands of prominent accounts are not able to change anything, even their profile picture. Twitter also went through a series of personnel shedding events and firings of prominent engineers as Mr. Musk sought loyalty amongst Twitter employees and attempted to evaluate productivity using techniques that have been outdated since the 1980's. The very fact the site is still up at this point is a testament to robust engineering by those who have recently departed the company. Who knows that the next few weeks will hold.
Apple has announced new Satellite SOS functionality in the iPhone 14, this functionality provides text based emergency communications relayed through an Apple relay center to an appropriate Public Safety Answering Point or 9-1-1 center. Users of devices like Garmin inReach or SPOT may find the functionality to be similar to a subset of functionality of those devices, with the later being very similar since it uses the same Globalstar satellite constellation. First respondents have lauded this new functionality, as it will expand emergency communication coverage for the average person beyond that of the cellular network, since in North America there are large swaths of land that while frequently traveled, do not have good cellular coverage. Analysts in the satellite communication sphere are hopeful that Apple's contract with Globalstar will drive expansion of the latter's constellation and capabilities. The Apple SOS service is available in limited countries, is not available in open ocean areas, provides limited coverage in northern latitudes because the Globalstar constellation does not have over-the-poles coverage, and because of limitations of the iPhone will require a more clear sky view, owing to these limitation it is still prudent for those who venture into the wild regularly to get a dedicated satellite communicator.
Rapid7 found vulnerabilities in F5 BIG-IP - If you somehow missed it, Rapid7 found some vulnerabilities in F5 BIG-IP and BIG-IQ, we have provided a response on those.
Mastodon - With thousands of security professionals leaving or deprecating twitter in favor of the federated Mastodon platform, some instances such as infosec.exchange and defcon.social have become popular. It is recommended that you treat anything on the Mastodon platform as public, even DMs, since it does not have end to end encryption on DMs.
Trans Day of Remembrance - Sunday the 20th was the Trans Day of Remembrance. It would be remiss of me to omit mention of the shooting that happened at the Club Q nightclub in Colorado Springs on that day, and those who responded to it. This incident and others like it have reignited discussion about response strategies in the physical security realm, starting with calls for expanded Stop The Bleed training.
Updated Nov 28, 2022Version 2.0