CyberX Tampa 2022 takes place next Tuesday, October 25, from 5:30 p.m. to 8:00 p.m. at TheIncLab in Ybor City, and I’ll be there! It’ll be an evening of all things cybersecurity-related with some of Tampa Bay’s largest companies, CISOs, and tech leaders!
If you’re reading this, the chances are very good that you’ve logged into a system or resumed a session where you logged in earlier. It’s a common enough occurrence that most of us don’t think about it unless we’re in a hurry or if we can’t remember our username/password combination.
Logging in is new enough that there are still many people alive who knew the world before usernames and passwords, yet old enough that it’s developed some problems that will take time and effort to solve. This talk will tell the strange story of how login grew from a last-minute hack to become part of our daily experience. Along the way, you’ll get an overview of some of the ways it’s been implemented, the popular software movement it inspired, how it inspired both a software movement and a whole new category of crime, and some best guesses about its future.
What is InfraGard Tampa Bay Members Alliance?
First of all, they’re affiliated with the FBI! As their About page states:
Our mission is to mitigate criminal and terrorist threats, risks and losses for the purpose of protecting our region’s critical infrastructure and the American people. Founded in 2004, the Tampa Bay chapter has established itself as a leader nationwide, setting the highest standards for programs, training and education. For the last decade, we have proudly contributed to the safety and security of Tampa Bay via an all-threats, all-hazards approach. At the national level, the InfraGard National Members Alliance was founded in 1996 and now comprises over 80 regional chapters, each linked to an FBI Field Office.
InfraGard’s success can be attributed to the unprecedented communication, collaboration and coordination it has forged at the epicenter of America’s most critical resources. Our membership is comprised of individuals that represent private businesses; local, state and federal law enforcement agencies; academic institutions; first responders and more.
All members are vetted by the FBI and pass comprehensive background checks prior to being accepted to InfraGard. The trust inherent in those who have successfully passed these checks is unmatched in any other public-private partnership in the country, making InfraGard a unique and highly successful solution to engaging the private sector in the protection of our nation’s critical infrastructure.
What’s happening at this meeting?
There’s a lot going on at this meeting — in fact, I’m not the only speaker at this one! Here’s the agenda:
Welcome and speaker/topic introductions by Ebony Vaz
Opening remarks by Michael Ritchie, President
Speaker 1: Kate Whitaker, Director of Cyber Outreach, Cyber Florida
Speaker 2: Joey deVilla, Senior Developer Advocate, Okta — The Secret History of Login
Speaker 3: Billy Sasser, Supervisory Protective Security Advisor (SPSA) CISA Region 4 — CISA’s Physical and Cyber Security Resources
Closing remarks by Michael Ritchie, President
You can attend in person or online!
They’re streaming this event, so you have the option of attending online if you can’t make it to the in-person event. Here are the registration details:
The folks at Computer Coach Training Center (for whom I just finished teaching a Python course) helped put this event together, and it’s your chance to meet people from Cyber Florida as well as other local people in cybersecurity (hint: I work for the Auth0 arm of Okta, which just so happens to be in that industry).
Do you write apps in React Native? Do you want to add authentication — that is, login and logout — to those apps? If so, these articles are for you!
If you’re writing an Android app in React Native and you need users to log in and log out, don’t roll your own authentication! Use Auth0 instead. You’ll get full-featured authentication and have more time to concentrate on your app’s full functionality.
As the Russian invasion of Ukraine continues, you’re increasingly likely to hear the name “Bellingcat”. It’s the name of an independent group of researchers, investigators, and citizen journalists who practice open source intelligence (OSINT). Here’s a quick primer about Bellingcat and open source intelligence, plus a whole lot of videos about Bellingcat’s work and their reporting on aggression by Russia’s government and armed forces.
Bellingcat get their name from Aesop’s fable, Belling the Cat. In the fable, the youngest of a group of mice who were terrorized by a cat suggests that they put a bell on the cat, which would act as an early warning system. While the suggestion was warmly received, one of the elder mice brought up a serious challenge to the plan: “Who will bell the cat?”
Eliot Higgins founded Bellingcat in 2012 after being laid off from an administrative job. He started doing independent research on the civil war in Syria by collecting and analyzing publicly available photos and footage, and cross-referencing them with reports. Since then, he’s grown the organization, who’ve gone on to apply their open source intelligence skills to stories including:
Open source intelligence, often referred to as OSINT, is a term meaning any information that can be gathered from freely-available, publicly-available sources. It’s most often used to referred to information gathered online — the kind that anyone with an internet connection would be able to access. This information could be available free of charge, or it could be acquired for a fee (e.g. a subscription to a news organization, data source, or API).
It also applies to non-online/non-digital information from books, newspapers, magazines, academic journals and papers, FOIA requests and their equivalents, and so on.
It could be in text form, but it also applies to video, photographs, sound recordings, data files, and databases.
Giancarlo Fiorella, a senior Bellingcat investigator based in Toronto, makes it clear that OSINT is not “hacking” (as in accessing computer systems or information illegally), stealing, or spying. It’s about gathering data and doing the research.
Bellingcat contribute to the Russia-Ukraine monitor map
Fact-checkers on the front line of Russian propaganda machine (February 25, 2022 – CBC)
Inept Info-Wars: Bellingcat’s Eliot Higgins on Putin’s Problems with Reality (February 24, 2022 – Foreign Press Association USA)
Open-source Intelligence (OSINT) by Giancarlo Fiorella, Investigator and Trainer at Bellingcat (December 2021 – Asian College of Journalism)
This features a presentation by senior Bellingcat investigator Giancarlo Fiorella about Bellingcat, open source investigations and how they’re conducted. He goes into detail about investigating the Mahbere Dego massacres and the ethical issues and challenges in open source research.
We Are Bellingcat: An Intelligence Agency for the People (May 2021 – Talks at Google)