


Linked: 8-Character Passwords Can Be Cracked in Less than 60 Minutes
So, best practices?
– use complex passwords.
– use each complex password on exactly one website. (Do NOT reuse).
– use a password manager to keep track of all those passwords.
– Use multi-factor authentication when available, as an extra step beyond your password.

Linked: A Hacker Group Has Been Framing People for Crimes They Didn’t Commit
It’s easy, though incorrect, to dismiss worrying about hacking on the basis that “I have nothing to hide” so if someone gets our information, it’s not that big of a deal. And, in fact, someone getting your credit card information might not really end up being that big of a deal to you when it’s the credit card company that has to do all the hard work to fix it. For a consumer, it might just be some inconvenience. But the real danger to me has always been the risk of someone manipulating your data and causing issues. Imagine someone hacking the DMV and marking you as someone whose driver’s license has been suspended, or hacking your phone’s GPS, indicating you were somewhere you were not.
Or, a hacker fabricating a plot to overthrow the government:

Linked: Malicious QR Codes – The Digital Slip & Fall
Sarah makes a valid point. Sure, during the COVID pandemic it’s nice that you can go into a restaurant and scan a QR code to view the menu instead of handling physical menus. I worked in a restaurant kitchen in college, I know how nasty some menus can get. On the other hand, are we teaching people to trust something they shouldn’t trust?

Linked: Federal Law Won’t Protect Your Organization from Bad User Access Control Practices
If you’ve seen references to a court ruling sort of redefining the Computer Fraud and Abuse Act recently, or even if you haven’t, this paragraph from the folks at McGuire Woods boils down the real life implications pretty well.

Shared Links (weekly) May 2, 2021
-
Only 8% of Those Who Paid the Ransom Got ALL Their Data Back
-
Just When You Thought You Understood ESI
– linked documents instead of attachments are becoming the norm, should the legal industry ignore that and consider them attachments?
-
“Ultimately, a competent manager knows how to empathize. “
-
Data Retention Policies and Legal Hold Practices – Time to Revisit Because of Remote Work?
-
Security Vulnerabilities in Cellebrite
– the ethical arguments in this situation could go on for a long time.
-
“When AIs start hacking, everything will change. They won’t be constrained in the same ways, or have the same limits, as people. They’ll change hacking’s speed, scale, and scope, at rates and magnitudes we’re not ready for.”
-
Remote Workers Expect Pay to Reflect Their Locations
It’s a weird dynamic, certainly you don’t want to be valued less than coworkers, but living in a less expensive location is actually a competitive hiring advantage too.