SwiftOnSecurity

Last updated

SwiftOnSecurity is a pseudonymous computer security expert and influencer on Twitter who pretends to be Taylor Swift. [1] [2] [3] As of September 2022, they have over 375,500 followers. [4] The account was originally created to post Taylor Swift-related memes about the Heartbleed bug. The name was chosen due to Swift's caution with regard to digital security, and the account's original focus on cybersecurity. [5] The account has been cited in news articles about computer security. [6] [7] They are a Microsoft MVP, and work as an endpoint monitoring lead for a Fortune 500 company. [8] Their blog contains general computer security advice, with a large amount dedicated to Windows and phishing. [9]

Contents

Atlassian

In December 2019, SwiftOnSecurity tweeted about an issue in Atlassian software that embedded the private key of a domain. This turned out to be a security vulnerability, and was assigned CVE - 2019-15006. [10]

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Todd Swift</span> British-Canadian poet

Stanley Todd Swift, is a British-Canadian poet, screenwriter, university teacher, editor, critic, and publisher based in the United Kingdom.

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

<span class="mw-page-title-main">John Kampfner</span> British journalist

John Kampfner is a British author, broadcaster and commentator. His seventh book, In Search of Berlin, The Story of a Reinvented City, was published in October 2023.

<span class="mw-page-title-main">Adam Tinworth</span> British role-playing game designer and journalist

Adam Matthew J. Tinworth is a journalist and writer who co-authored two major role-playing games, Demon: The Fallen and Werewolf: The Forsaken from White Wolf Publishing. He was also an extensive contributor to Hunter: The Reckoning, a game line that was subsequently ported to video games.

Jira is a proprietary product developed by Atlassian that allows bug tracking, issue tracking and agile project management. Jira is used by a large number of clients and users globally for project, time, requirements, task, bug, change, code, test, release, sprint management.

LastPass is a password manager application owned by GoTo. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

Jigsaw LLC is a technology incubator created by Google. It used to operate as an independent subsidiary of Alphabet Inc., but came under Google management in February 2020. Based in New York City, Jigsaw is dedicated to understanding global challenges and applying technological solutions, from "countering extremism", online censorship and cyber-attacks, to protecting access to information. Its current CEO is Yasmin Green.

Identity-based security is a type of security that focuses on access to digital information or services based on the authenticated identity of an entity. It ensures that the users and services of these digital resources are entitled to what they receive. The most common form of identity-based security involves the login of an account with a username and password. However, recent technology has evolved into fingerprinting or facial recognition.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">Troy Hunt</span> Australian web security expert

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.

<span class="mw-page-title-main">Jess Carter</span> English footballer

Jess Carter is an English professional footballer who plays as a defender for Women's Super League club Chelsea and the England national team. She began her senior career at Birmingham City and has represented England from under-19 to under-23 youth level.

<span class="mw-page-title-main">OurMine</span> Hacker group

OurMine is a hacker group that is known for hacking popular accounts and websites, such as Jack Dorsey and Mark Zuckerberg's Twitter accounts. The group often causes cybervandalism to advertise their commercial services, which is among the reasons why they are not widely considered to be a "white hat" group.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

<span class="mw-page-title-main">Capture the flag (cybersecurity)</span> Computer security exercise

Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully-vulnerable programs or websites. They can be used for both competitive or educational purposes. In two main variations of CTFs, participants either steal flags from other participants or from organizers. A mixed competition combines these two styles. Competitions can include hiding flags in hardware devices, they can be both online or in-person, and can be advanced or entry-level. The game is inspired by the traditional outdoor sport of the same name.

References

  1. Conger, Kate (September 5, 2019). "The Work Diary of Parisa Tabriz, Google's 'Security Princess'". The New York Times . ISSN   0362-4331 . Retrieved February 23, 2020.
  2. Whittaker, Zack. "When security meets sarcasm: Taylor Swift brings infosec to the masses". ZDNet . Retrieved February 23, 2020.
  3. Zimmerman, Jess (June 18, 2015). "Parody Twitter accounts have more freedom than you and I ever will | Jess Zimmerman". The Guardian . ISSN   0261-3077 . Retrieved February 23, 2020.
  4. "SwiftOnSecurity (@SwiftOnSecurity) | Twitter". Twitter . Retrieved December 27, 2022.
  5. Hern, Alex (January 29, 2019). "How Taylor Swift became a cybersecurity icon". The Guardian. ISSN   0261-3077 . Retrieved February 23, 2020.
  6. "Password expiration is dead, long live your passwords". TechCrunch . June 2, 2019. Retrieved February 23, 2020.
  7. "Google Busy Removing More Malicious Chrome Extensions from Web Store". threatpost.com. Retrieved February 23, 2020.
  8. "About this site". Decent Security. Retrieved February 23, 2020.
  9. "Decent Security". Decent Security. Retrieved February 23, 2020.
  10. Thomas, Claburn. "Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter". The Register . Retrieved February 23, 2020.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.