Authentic8 Blog Category: Security

How to Conduct Social Media Investigations and Remain Anonymous

How can professional investigators securely conduct research on social media without exposing their organization? Authentic8’s Nick Finnberg, OSINT training specialist and former intelligence analyst, shared insights and tradecraft insights, tips and tools at a webinar on social media investigations.

*

There are more than 3.5 billion active social media users across the world. Facebook, Instagram, Twitter, LinkedIn, Reddit, 8chan and Co. can be a treasure trove for law enforcement, fraud investigators, corporate security specialists, and Open Source Intelligence (OSINT) analysts. Provided, that is, the researchers have tools at their disposal that are up to the task.

That’s a big IF. Online investigators need to be able to quickly and efficiently collect, save, and collaboratively analyze data while maintaining adequate operational security (OpSec). This often poses a challenge, because they also grapple with budget constraints, inadequate online tools with inherent security vulnerabilities, and an acute shortage of properly trained cybersecurity personnel.

How to safely, effectively, and anonymously use social media for

GDPR Outlook: After First Record Fines, What’s Next?

Following the record penalties for Google, British Airways and Marriott under the European Union's General Data Protection Regulation (GDPR) by French and British data privacy commissioners, which industry or sector will the EU's privacy watchdogs home in on next?

European GDPR enforcement actions are just getting up to speed. All indications point to more rough waters ahead for large transnationals with a presence in the EU.

In their third conversation on the state of GDPR, Scott Petry, co-founder and CEO of Authentic8, explores with Steve Durbin, Managing Director of the UK-based Information Security Forum (ISF)

  • what impact Brexit may have on GDPR enforcement in the UK
  • how the EU is currently taking aim for the next salvo of sanctions against GDPR violators
  • why apps and tools that touch EU employee data face increased scrutiny.

Will the next headline-worthy penalty hit a US-based company for not sufficiently protecting its EU employee data? Listen to their discussion here:

Did you miss the first two

The Gift of Access

I have spent the bulk of my Navy career working to inspire transformational change both at the unit and enterprise levels. Though my navy career is over, I remain committed to helping others do the same. I recently read Greg Satell’s Cascades: How to Create a Movement that Drives Transformational Change, and was once again reminded that driving change within an organization is both art and science.

Many people think Authentic8’s Silo platform is a browser for the zero trust web. It most certainly is that and so much more.

After serving within the core of the Department of Defense for years, the new collaboration tools I had at my disposal as a member of the Defense Innovation Unit blew my mind. I say ‘new’ not because they were new, as they were the very tools that the private sector has been using for years - webmail, video conferencing, file sharing, and work management platforms. They were ‘new’ to me

TRON and Transition

As those of us who have served in the military for a significant period of time can attest, we begin to take certain things for granted. The sense of belonging, the pride of being part of something much bigger than ourselves, and the ability to impact the lives of many were among my greatest gratifications as a military officer.

As I navigated my transition after 27 years of service, the potential of feeling a void in any of those areas was not acceptable. Fortunately, I was able to find a team that allows me to experience a similar sense of fulfillment and gratification. Two short years ago, I was serving as Commanding Officer of a team that remains customers of the team of which I am now a part. The path from customer to Authentic8er was not foreseen but it makes perfect sense now that I am here.

We stumbled across Authentic8’s Silo platform in 2016 when we decided we wanted

ActiveX Data Leaks: Making Bad (Non-) Browsers Worse

Outdated browsers and browser plugins. People use them, forget about them, they become outdated, and their machine gets compromised. It’s a story almost as old as the web browser. The problem is, people never learn and never update - or, in this case, get rid of the problematic plugin.

List of Plugins

Source: sploit.io

ActiveX, a framework native to Internet Explorer, was introduced in 1996. Still supported in Windows 10, it allows an attacker to steal data and fully take over the victim’s machine when that person visits a page that contains a particular set of scripts.

How relevant is this exploit in 2019? In an unscientific survey among software engineers about ActiveX and if it still played a role, we got answers like this, from Zachary S. in San Francisco: "I think it’s dead. I hope it’s dead. It should be killed if it’s not dead."

Unfortunately, it’s not. According to NetMarketShare ("Market share statistics for Internet