Rabbbits Weeekly 03.29.22
Or the one in which I recommend stronger passwords and software updates. Plus, I actually share some news links.
This week: everyone got hacked (basically), Wordpress SEO is a mixed bag, Snap does some stuff, there’s an ad (placement) for that, Utah goes for privacy, and more!
Today is, apparently, the cybersecurity edition of Rabbbits Weeekly.
First up is the reminder that the weakest aspect of any tech / security stack is the humans involved. HubSpot was hacked recently in order to, it appears, get access to contacts / stakeholders connected to crypto companies using the platform. The hacker(s) used an employee account to gain access. From there it was all phishing and social engineering.
Speaking of social engineering, this interview with Brett Johnson, at one time the most wanted cybercriminal in the US, is insane. While no doubt aided by his storytelling ability (must be his Kentucky roots) and honesty, the stories, experiences, and information shared are more than worth the time. I meant to dip in and out based on the outline, next thing I knew I had listened to the last ¾, started from the beginning to hear what I missed, and was sending it to friends. All that to say, he got to that most wanted spot by being really good at social engineering. He was not the hacker looking for zero-days and backdoors, he was tricking people on eBay and filing fake tax returns. You don’t need to hack a server when you can get a human to give you what you want willingly.
Interestingly, one of the primary ways he said cybercrime could be combatted was by companies actually filing charges and going public with the incidents. Typically they settle with the hacker and make them sign an NDA, so there is no incentive not to do it again. When victims are too embarrassed to talk, the ecosystem remains primed for unscrupulous actors.
Before we jump to the next item, he shared a line in the interview that I have heard in many different forms before and generally sums up my feelings towards web3 stuff right now (especially when I hear anyone loudly denounce the whole thing as a scam (because all blanket statements are right and I love them)):
The first adoptees of tech, if you can use it to launder money or remain anonymous, are criminals.
We have YouTube because people wanted to stream porn online. We have PayPal because Brett and co. could use it to easily scam on eBay. If you want to figure out if a technology will succeed, figure out if criminals will use it. If there is an angle, it’ll find a legitimate use at some point.
Back to the news. Microsoft was hacked and now a bunch of their source code has been leaked. Spoiler alert: you do not have better security than Microsoft. The hack was carried out by Lapsus$, a cyber-extortion group, run by a 16-year-old (who got doxxed by other hackers, no honor among thieves?). The group also hit identity authentication platform Okta.
Finally, update Chrome. And Wordpress. And your phone. And your computer. And your router. And generally anything that can feasibly receive firmware updates.
You probably hear a lot about secure passwords, but what does that mean? It means this.
Get yourself a password manager, let it generate passwords for you, and delete old / unneeded accounts. Getting hacked is more a matter of when than if.
Now that you’re properly scared, let’s see what else is happening in the world of digital.
Wordpress Robots
It’s also been a busy time for Wordpress SEO news lately.
Multiple Wordpress SEO plugins are experiencing bugs that result in the creation of duplicate sitemaps. So if you use Rank Math or Yoast, maybe take a gander.
The platform has released a technical SEO plugin that aims to improve site performance by making it faster (and probably improving Core Web Vitals scores). It should be folded into the WP core at some point, but for now you can install it and play around a bit.
Twitter Thinks Your Brand is Boring
Twitter study finds brands should stay true to themselves vs following “social media behavior” (which in this case means humor and snark). This is kind of like when your parents told you to be yourself people would like you but you knew that wasn’t how high school worked but then you look back and realize you should have listened anyway because high school is the worst.
Oh Snap
Snap is giving the real world the Pokémon Go treatment with their new AR landmarks, which tie their lens capabilities to physical landmarks IRL.
Speaking of Snap and AR, get Snap-certified in AR strategies for business. This is fancy speak for “let Snapchat tell you why their AR is good for business and how to use and they’ll give you a digital certificate” (that’s the AR version of paper)
More from Snap: AR clowns! Verizon 5G customers can experience a short AR version of Cirque Du Soleil
And if you’re wearing a headset from Snap’s newly acquired NextMind while watching it they’ll know how it made you feel. Ok, not really, but the tech could allow for hands free AR optics control.
Ads in Everything
Those ads you saw in your Windows OS were totally an accident, but maybe not for long? This story is more interesting as another brick in the metatrend that is everything becoming an ad platform. Any company that doesn't have a robust recurring revenue model will likely explore advertising as the alternative. This also reminds of a patent I think Apple has (can't find it via cursory search) that would allow for ads on the lock screen (basically like Kindles).
Google is smashing search and contextual advertising together for publishers to make more ad dollars (or so they say). It’s kind of like embedding a web browser in your site’s search bar.
Stories are the Future
Pinterest Presents went hard on the "anti-social media" front and it looks like they are backing it up by embracing the opposite of Facebook's "don't share other platform content here" stance. Idea pins seem to do well organically from my limited sample size experience, but maybe Pinterest can now function as your story creation tool that has a social aspect built in.
SLC (Privacy) Punk!
Add Utah to the list of states (along with CA, CO, and VA) with data privacy laws. It sounds like 29 more are considering similar laws. Should be fun!
Let’s Connect Even More
LinkedIn is rolling out their newsletters product to company pages and reorganizing their ads manager a bit.
Shop While You Scroll
Shopify is entering the link-in-bio space with Linkpop, which, unsurprisingly, will focus on making purchases as easy as possible and allows for curated product collections on the initial bio link screen.
The Death of Google(‘s Universal) Analytics
A little more clarity on the sunsetting of Universal Analytics next summer. Data will be accessible for ~6 months after the death date, and you can (and should) export your data. But you can’t import it into GA4 because the the two versions process data differently (thus the switchover and all this craziness).