Dear Readers,
Normally the sixth issue of Cipher in a given year is issued in
November, but sometimes we let Thanksgiving intrude on the schedule,
resulting in Cipher in December.
Next May the S&P Symposium and Workshops will be in San Francisco, but not at the same hotel as in recent years. Instead, the event will be at the Hilton in the Union Square area which has a multitude of restaurants and shopping. The last of the three deadlines for submitting papers is December 6, so you may be reading this after the deadline. In any case, try to attend the 45th instantiation of the event, May 20-22, 2024.
Two news articles in this issue seemed to resonate on the theme of graph connections. In one case, hackers use LinkedIn to identify employees of MGM Resorts in order to initiate a ransomware attack. In another, hackers used the relationships presented in Ancestry's DNA matches to travese the interrelated family trees of a large percentage of the site's users. We should heed the warning "Connections Graphs Considered Harmful" and treat such collations as regulated information with strong security guards and auditing. Another area that needs regulation is that of devices that come with a well-known default password. Currently, the onus is on the end user to secure the device, but when the security of water infrastructure is at stake, extra measures are paramount.
Holiday Merriment
On the first day of Hackmas
My computer gave to me,
Some malware in an email tree.
...
Twelve hammers rowhammering,
Eleven pipes ssh-ing,
Ten logs overflowing,
Nine LANs a-leaking,
Eight modprobes maligning,
Seven scans attacking,
Six greps in rootkits,
Five SQL injections,
Four calling errors,
Three phantom hosts,
Two Bitcoin miners,
and
Some malware in an email tree.