Archives for October 2019

Alexis Bledel, Lil Wayne, and Nicki Minaj Make McAfee’s Most Dangerous Celebrity 2019 List

October 29, 2019 By William Knowles

InfoSec News

Not that McAfee!

By William Knowles @c4i
Senior Editor
InfoSec News
October 29, 2019

Actress Alexis Bledel, best known for her role as Rory Gilmore in network television’s “Gilmore Girls,” tops McAfee’s U.S. list of most dangerous celebrities to search for online. For the thirteenth year, McAfee researched which famous individuals generate the riskiest results that could potentially expose their fans to malicious websites and viruses.

Referred to as a “good girl” and “bookworm” in her role in “Gilmore Girls” and Netflix’s sequel “Gilmore Girls: A Year in the Life,” it may come as a surprise that Alexis Bledel was found to be the most dangerous celebrity by McAfee. Her repertoire also includes roles in the “Sisterhood of the Traveling Pants” movies, and more recently, playing Ofglen in Hulu’s acclaimed “The Handmaid’s Tale,” which came to a series end in August 2019.

Trailing Bledel at No. 2 is beloved Late Late Night talk show host James Corden, followed by “Game of Thrones” star Sophie Turner (No. 3), actress Anna Kendrick (No. 4), “Us” leading lady Lupita Nyong’o (No. 5), SNL and talk show star Jimmy Fallon (No. 6), martial arts master Jackie Chan (No. 7), rappers and musicians Lil Wayne (No. 8) and Nicki Minaj (No. 9), and finally Marvel actress Tessa Thompson (No. 10).

Former McAfee founder John McAfee probably would make the Top 500 because of his antics with bath salts, Bitcoin, and whales, but InfoSec News hasn’t confirmed that detail yet.

The truth is consumers are faced with endless options to feed their obsession with celebrities. They are interacting with content across multiple devices and conducting potentially dangerous searches across the internet to find the latest information or gossip without fear of consequence. For cybercriminals, this creates a field day to lure unsuspecting consumers to malicious websites that may install malware or steal personal information and passwords.

“Consumers may not be fully aware that the searches they conduct pose risk, nor may they understand the detrimental effects that can occur when personal information is compromised in exchange for access to their favorite celebrities, movies, TV shows or music,” said Gary Davis, chief consumer security evangelist at McAfee. “Criminals use deceptive websites to dupe unsuspecting consumers into accessing malicious files or content. It is essential that consumers learn to protect their digital lives from lurking cybercriminals by thinking twice before they click on suspicious links or download content.”

The top 10 celebrities from this year’s U.S. study are:

Alexis Bledel
James Corden
Sophie Turner
Anna Kendrick
Lupita Nyong’o
Jimmy Fallon
Jackie Chan
Lil Wayne
Nicki Minaj
Tessa Thompson

Bypassing Subscriptions

McAfee’s most dangerous actresses, Alexis Bledel and Sophie Turner, are well known for their powerful roles in their respective series – Hulu’s “The Handmaid’s Tale” and HBO’s “Game of Thrones.” Additionally, their names are strongly associated with searches including the term “torrent.” With many popular shows available via streaming services, consumers have access to more content than ever before, yet they still choose to put their digital lives at risk in exchange for pirated content.

This finding indicates that people may be pursuing “free” options to avoid paying a subscription fee. However, it’s important for these viewers to understand the risks associated with torrent or pirated downloads, as they may open up themselves to savvy cybercriminals and end up having a much higher cost to pay.

The Reality is, Reality TV Stars are not that Popular

Unlike 2018’s list of most dangerous celebrities, reality TV stars ranked low on this year’s list. Kim Kardashian is the highest-ranked reality star at No. 99 followed by “The Hills” Audrina Patridge (No. 108), “Vanderpump Rules’” Kristen Doute (No. 119) and Jax Taylor (No. 169). Kristen Cavallari and Kourtney Kardashian who found themselves in last year’s top 10 list dropped to number 214 and 222, respectively.

Tips to Help Consumers Stay Safe Online:

Be careful what you click. Users looking for a sneak-peek of Star Wars: Rise of Skywalker starring Lupita Nyong’o should be cautious and only stream and download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
Refrain from using illegal streaming sites. When it comes to dangerous online behavior, using illegal streaming sites is the equivalent of spreading the Mad King’s wildfire to your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Protect your online realm with a cybersecurity solution. Send your regards to malicious actors with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a Web Reputation tool. Using a Web reputation tool such as freely available McAfee WebAdvisor alerts users when they are about to go to a malicious website.
Use parental control software. Kids are fans of celebrities too, so ensure that limits are set for your child on the devices they use and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

For More Information:

To learn more about the study, check out:
- Blog post from Gary Davis: https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2019/
- Twitter: Follow @McAfee_Home for online safety tips, and use the hashtag #RiskyCeleb to discuss the Most Dangerous Celebrities of 2019
Local lists broken down by country are available upon request

Survey Methodology

McAfee used the Google API Console to search for popular mobile, PC and platform games coupled with search modifying terms (e.g. celebrity + torrent). “Most dangerous” really means that these celebrities are likely popular search subjects.

Search terms used this year:

Torrent
Fix gamble
Free mp3
Nudes
Pirated download
Sledging
Streaming

Using McAfee WebAdvisor data, resulting domains and URLs were measured and assigned a risk of “high,” “medium” and “unverified.” URLs were then given a score between negative 127 and positive 127 with higher scores indicating a riskier website. The score was calculated using the following formula:

Danger = 1*(high count) + 0.5*(medium count) + 0.1*(unverified count)

Navy Information Warfare

October 29, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 29, 2019

As a ten-year regular volunteer at the USO O’Hare, there’s a sly grin on my face knowing all the U.S. Navy personnel featured in this video have visited the Terminal 2 center at least once in their careers and should make every InfoSec News reader happy these men and women are learning about information warfare, cybersecurity (both offensive and defensive) and wireless networking, among other security topics, nearly two years of college training over the span of six months.

Hat tip: Soldier Systems

Thump Thump Thump, Housekeeping!

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 19, 2019

According to Jani-King, Cleanliness – it’s one of the most researched items when consumers are exploring where to stay for business or leisure. It builds customer loyalty, generates positive praise (via word of mouth and social media) and drives hotel profitability. Regardless of property size, brand affiliation or location, cleanliness is an unwavering top priority.

As you might have noticed, there are a few older InfoSec News articles popping up and that’s because of all the stops and starts over the years, I really haven’t been able to get all the articles posted here and in order, so to keep up with the cleanliness of InfoSec News and avoiding those pesky 404 pages, I’m doing my best to update those lost pages and ideally down the road I’ll get them in the proper order again.

Thank you for your understanding, and while I have your attention. Most hotel housekeepers’ salaries are around $10 an hour and they usually clean between 15-30 hotel rooms a day, so please consider tipping the housekeeper 10-15% of the price of your hotel room.

EC-Council Website Defaced Twice In A Weekend [Updated]

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
February 23, 2014
[Updated]

Today’s defacement of the EC-Council (the second time this weekend) by Eugene Belford (a.k.a. The Plague) threatens the compromise of the 60,000+ security professionals who currently hold CEH certifications.

Individuals who have achieved EC-Council certifications include the US Army, the FBI, Microsoft, IBM, the United Nations, National Security Agency (NSA). Also, the United States Department of Defense has included the EC-Council Certified Ethical Hacker program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)

In the most recent defacement, Eugene Belford has stated that “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” leading the InfoSec News staff to believe considering the mail on the defacement page is from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, with a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.

Eugene Belford has potentially sixty thousand other similar statements from undercover law enforcement agents, intelligence professionals, and members of the United States Military, creating an additional quagmire and has you wondering why the EC-Council has all this personally identifiable information sitting unprotected online?

Former National Security Agency / Booz Allen Contractor Edward Snowden is an (ISC)² member.

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
July 11, 2013

On July 4th, The New York Times reported NSA contractor Edward Snowden trained and certified as a Certified Ethical Hacker by the EC-Council, a certificate which has since been rescinded by the organization. After what could be called stall tactics with myself, the (ISC)² has now confirmed that Edward Snowden is in fact currently an (ISC)² member.

While the (ISC)² staff wouldn’t go as far as to say what certification Edward Snowden holds, merely receiving a credential from (ISC)² automatically makes one a member. On Tuesday evening, an (ISC)² Member Services Advisor wouldn’t comment whether or not Edward Snowden is currently a CISSP citing “security issues are involved” and the (ISC)² privacy policy prevents them from being able to confirm his certification status or personal information”

After pointing out the (ISC)² Privacy Policy to the advisor that states “It is an implied duty that (ISC)² identify and attest to the certified status of those individuals who do possess our certification. As such, (ISC)² will verify whether an individual is certified by (ISC)² or not upon receiving sufficient identifying information regarding the subject of the inquiry.”

On late Wednesday evening, a Global Communications Manager for (ISC)² replied that “(ISC)² can verify that Edward Snowden is currently an (ISC)² member.” The Global Communications Manager for (ISC)² goes on to state that “the (ISC)² is in the business of validating the knowledge, skills, and abilities of such professionals, it cannot guarantee a member’s conduct or professional judgment. Mr. Snowden, like all other (ISC)² members around the world must do when they sit for an (ISC)² credential exam, signed an agreement to abide by the (ISC)² Code of Ethics as a condition of maintaining his (ISC)² certification.”

Like the EC-Council, the (ISC)² has an established ethics complaint procedure that is initiated when a member of the public, an employer, or an (ISC)² member submits a complaint to the (ISC)² Ethics Committee when one of their members violates the Canons of the Code of Ethics.

Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.

It should be pointed out that a member of the public can only complain about a breach of Canons I or II, principals (those with an employer/contractor relationship with the certificate holder) may complain about violations of Canons III, and only other professionals (those who are certified or licensed as a professional AND also subscribe to a code of ethics) may complain about violations of Canon IV.

Its entirely possible that while Edward Snowden sorts out his asylum requests until he’s formally charged by the U.S. Government, he will be still be allowed under (ISC)² membership regulations to continue practicing security in Iceland, Venezuela, or the SVR Headquarters in Yasenevo.

The (ISC)² Global Communications Manager concluded the mail stating “Mr. Snowden’s previous employers should be applauded for seeking out a certified professional to carry out their very important work. Unfortunately, in the end, no organization can completely ensure those individuals will exercise professional judgment at all times.”

(Screenshot / The Guardian)