The more things change in infosec, the more they stay the same. Over the weekend a large collection of celebrity nude pictures have been released and posted all over the web. Let’s get the obvious out of the way first — with all the attention around it, there is likely to be an increase in malicious messaging and websites using access to the cache as bait to compromise systems. Nothing terribly new there as voyeuristic tactics historically have worked quite well for the social engineering portion of attacks.
Events like this tend to bring out the worst of the Internet as a whole. Victims are berated for where they’ve chosen to put their trust. Security conscious people become more jaded and wistfully contemplate a career change to sheep herding. And anyone offering a service that revolves around storing and controlling access to users’ content goes into internal triage mode, hoping to assure their users, investors, and themselves that they won’t be the next victims.
It’s a good time to step back and remember that computers are for people. The computer literate have preached for years that they’ll make our lives easier, more connected, more secure (choose 2). We’ll never have to worry about space or access to information since we’re storing everything in “the cloud” today. So who’s to blame these people when they eventually succumb to the marketing and trust their computers, phones, and services with their most intimate moments?
Perhaps the best takeaway is to be wary of any device or service that bills itself as secure. Take a step back and think really hard about what we’re trusting them with and if we should be.