It's SOC Monkey, coming to you on May 25th, otherwise known as Geek Pride Day. Unrelated, sure, but not something my Monkeynauts should be unaware of.  Also, they should be aware of my IPhone App, still free to download from the Apple App (3).jpg


First, let's start with a big company from the beginning of the Internet: Yahoo Axis Chrome Extension Leaks Private Certificate File.  You were probably as surprised as me when you saw that Yahoo, the formerly great search company, had released Axis, a browser add on of some sorts.  I'll be honest - I've not even looked at it, as Chrome seems to fit the bill pretty well for me, but I heard many people discussing how great it was all week.  Then I saw the story that it's already a privacy risk, and that the general consensus is to not install it til it's been fixed.  Poor Yahoo.  First their CEO, now their new cool product. At least they're getting a lot of press?


Second, there's this interesting piece: E-mail Trends Show Hackers Working Weekends Less and Less. I figured that malicious email would be best served during the work week, but to take an entire day off on Sunday?  A steady push on Sundays might make that Monday morning email slog so many of us go through a perfect vector for a sleepy click. Anyway, there's another link to a story about hacker weekends that's pretty interesting as well, both might be worth a conversation with your end users, as it's always a good idea to keep them informed about threats.


Here's a few other bits from my friends the Pips that stuck out this week:

How long would it take to crack your password? | Naked Security

Email Security: 10 Steps for Dealing With Dangerous Messages - Security - News & Reviews

Troy Hunt: Everything you ever wanted to know about building a secure password reset feature

Fighting Hackers With Public Relations


Finally, i'm going to leave you with a video this week: The Breakdown of a Fake AV Scammer. Originally found on Slashdot and Reddit, this is a video detailing an A/V Scammer trying to trick Noah Magram, a Software Engineer from SourceFire, into buying software.  This is a terrible idea for our friend the scammer, but a great idea for those of you who love to see these people dig themselves into hilariously deep holes. The fact the guy on the other end has no idea that he's working on a VM is my favorite part. It's a good video, and really does show that even the scammers can be using legitimate tools nowadays.


See you next week, at the usual monkey-time,


Best -