This is a strange future. I thought I was talking with a hearing-impaired friend last night. It turned out he didn't hear a word I said - but not for the typical reason.

He was streaming a baseball game to his bluetooth-equipped hearing aids!

Whiskey.
With a side of Tango.
And a heaping helping of Foxtrot.

"For years, cybersecurity startup Tanium Inc. pitched its software by showing it working in the network of a client...but Tanium never had permission...a company selling security actually was giving outsiders an unauthorized look at information from inside its customer’s system"

https://www.wsj.com/articles/cybersecurity-startup-tanium-exposed-california-hospitals-network-in-demos-without-permission-1492624287?tesla=y

In March, crooks made off with personal information on around 100,000 taxpayers by breaching a website tool intended t help with the FAFSA.

This letter sent by the IRS to affected taxpayers implies the crooks made off with far more than just income data. Credit monitoring is OK for detecting fraudulent new accounts - but does nothing if the crook has enough information to social engineer your bank.

https://www.securityforrealpeople.com/2017/04/a-letter-from-irs.html

Over the weekend, a well-known security vendor had their LinkedIn business page hijacked. Inevitably, out came shaming calls of "you should have used two-factor."

I put together some thoughts at Peerlyst; TL;DR is, shaming is easy, but properly securing multiple authorized users' access to organization social media pages takes some planning. Does *every* authorized admin or content publisher have 2FA enabled?

https://lnkd.in/eK_sDqW