Sunday Musings Juice Jacking Learning
Happy Sunday Friends!
Welcome back to another Sunday Friends! I’m glad you’re here. Here is your Sunday Musings, dedicated to exploring and sharing thoughts and insights on productivity, technology, and life. If you find it useful, please feel free to send this along to friends!
What’s Interesting?
Juice-jacking is back in the news…Why?
There have been a slew of news articles regarding juice-jacking. Seemingly all stemming from FCC and FBI tweets on the matter.
Here’s one of the originating stories from 2011 from Brian Krebs following an informational engagement with Brian Markus and the Aries Security team and their infamous “Wall of Sheep” kiosk where they offered free public charging. Once a user plugged in, their name and an informational message about protecting oneself come up on the screen.
As of this writing, I’ve been unable to find evidence of this happening (in public and government-owned facilities inside the US), let alone a rise in instances of the attack. If you’re traveling abroad, maybe look into the areas you’re headed though.
That doesn’t mean it isn’t a real security threat, it’s just a low-risk one.
Keeping yourself protected is pretty simple. Here’s some best practices that you should already have in your security training programs (if they aren’t, hey no judgement, give me a call and I’ll help ya):
Don’t use public USB port charging stations (they’re usually slower anyway).
Use your own AC charging adaptor and your own cables to plug into electrical outlets.
Carry a high-quality, certified power bank so you don’t have to rely on power sources of opportunity.
Don’t use someone else’s PC to charge your mobile device.
You could use a USB data blocker dongle, which disables data transfer for USB cables, but I’d rather save the charging time to just use a power adaptor or power bank.
Tax Day Threats
Businesses and individuals alike should remain aware of malicious actors and cybercriminals attempting to exploit the tax deadline rush. Any busy transactional time is a prime opportunity for actors to push a malware campaign, exploiting the busy time to their advantage.
Security experts at Microsoft warn against a phishing attack that uses legitimate click-tracking services and file hosting links that then redirect to malicious files the unwary person will download. Below is an example of one of the emails.
Mitigations are straight forward:
Don’t download files from untrusted senders
Scrutinize before you click the link or download
Let your antivirus scan downloaded files and attachments
Turn on your antivirus’ real-time monitoring
Pentagon Leak Suspect
21-year-old Jack Douglas Teixeira of Massachusetts was detained after classified defense and intelligence documents related to the Russian-Ukrainian war were shared on a Discord server called “Thug Shaker Central.”
Why is this interesting?
As leaders, we make decisions on risk. But we also exist to take care of those in our charge. I talked a little about this last week. Leakers may not even be out to cause harm; they might just be showing off. This young man needed to feel included and important. He needed it so badly that he allegedly gave classified information to his friends to feel it. Sometimes people are irredeemable and there’s nothing to be done (except know your people and remove them). And hopefully this is the case.
But I doubt it.
Take a look at your organization’s policies on people, mentorship, and leadership engagement. If you don’t have them, maybe think about that. Review your information security policies and standard operating procedures. Make sure you’re not overlooking insider threats from witting or unwitting employees.
Bottom line: Get to know your people, and ensure your subordinate leaders do the same.
What I’m Reading
Hacking: The Art of Exploitation by Jon Erickson
Good little book that deep dives into the creative problem solving and fundamentals mindset of hacking rather than merely discussing “buttonology” and tools. It’s pretty good on understanding the concepts behind the hacking mindset.
Quote I’m Musing
“One cannot pursue one’s own highest good without at the same time necessarily promoting the good of others”
- Epictetus
We should pursue our own improvement. But know that it is inseparable from the improvement and benefit of those around us. I have a recurring question I ask people when we’re discussing our professions and leadership in general. “What do you want to be known for”? On occasion, someone throws it back at me. Today, my answer is still the same.
I want to be known as the person who, wherever he goes, those teams around him are amazing. Marcus Aurelius said “What’s bad for the hive is bad for the bee”. By comparison, by improving those around me, promoting their successes, reveling with them in their good fortune, we bring each other along the ascent.
Pericles said in 431 BC,
“I am convinced that people are much better off when their whole city is flourishing than when certain citizens prosper but the community has gone off course. When a man is doing well for himself but his country is falling to pieces he goes to pieces along with it, but a struggling individual has much better hopes if his country is thriving.”
Our personal successes are great, but what good are we if we cant help others? When I’m being challenged, improving, I feel like I’m adding value to the world around me. Like I’m contributing and helping my team move forward. I feel most challenged when I get to work with a team and then watch as they move far beyond anything I could have done. Something I’ve adopted along the way is to blame success on the team, any shortfalls are on me.
I would love your feedback!
Which musing is your favorite? What else do you want to see or what should I eliminate? Any other suggestions? Just send a tweet to @erichaupt on Twitter and put #SundayMusings at the end so I can find it. Or, eric@erichaupt.com for long form email.
Have a wonderful week, I’ll see you Sunday.
-e
End of transmission.