James Lyne

Director of technology strategy, sophos

About James

TED Conferences

TED2016, TED2015, TED2013

Areas of Expertise

Malware, hacking, breaking things & then fixing them, Presenter / Speaker, Technology innovation, Security, TV / Radio

Comments & conversations

179201
James Lyne
Posted almost 2 years ago
James Lyne: Everyday cybercrime -- and what you can do about it
Hey there, sounds like you have a lot of good practice in place already. I definitely don't advocate disappearing form the Internet and not engaging but we also all need to think before we reveal too much information. Using your name is one thing, but for example inadvertently starting to give away your birthdate or other information can form the basis of identity theft. Alot of people will post on Facebook 'I'm 29 today!' not realising they've given away this information publicly. We all just need to think a little more about the impact of information before we give it away.
179201
James Lyne
Posted almost 2 years ago
James Lyne: Everyday cybercrime -- and what you can do about it
Hey Erik Thanks for the note. We're releasing a more complete list of tips (I'll reply here) shortly. You can also check out http://www.getsafeonline.com/ . The talk primarily focused on building awareness of the importance of finding said information as there are so many people who aren't aware they need to care about this stuff. The social media lesson applies equally to the rest of us, but was taught from the perspective of cyber criminals. The top things to take away are those you have above plus make sure you have basic security controls configured and updated: AV, patching, decent passwords and be aware of what information your devices are giving away without you realising. Thank you and I'm glad you enjoyed the talk! J
179201
James Lyne
Posted almost 2 years ago
James Lyne: Everyday cybercrime -- and what you can do about it
Since the talk use of EXIF on these kinds of sites has massively reduced (there was a little bit of a lag between talk and delivery), though the principle is still interesting to those who aren't in the know and haven't heard of EXIF data. You are absolutely correct that basic security tools and configuration can stop these attacks (AV, patching, decent passwords) but unfortunately most outside our industry, or with less expertise are not getting those basics right. We still see an amazing number of people infected with ancient mass mailing worms due to very out of date AV and patching. We have a lot of awareness work to do. Luckily, it sounds like you know your stuff and aren't one of these people -- and are probably helping spread the word to others too. So thank you :)
179201
James Lyne
Posted almost 2 years ago
James Lyne: Everyday cybercrime -- and what you can do about it
There are lots of different paths, though one of the biggest difficulties is that it is not hugely defined. There are plenty of roles which demand extensive experience but not as many internships or development programs as we need to increase the talent pool. Check out the UK Cyber Security Challenge at http://www.cybersecuritychallenge.org.uk for an initiative in the UK which tries to recognise people with skills and connect them with industry. Another problem that is developing is that many young people are extremely competent users of technology but have less of an idea about how it works underneath (it is after all far more simple and convenient these days so there is less cause to go and tinker) and in many cases we don't develop this understanding later in conventional education. It's left to people to develop and interest and research it themselves (this is a massive generalisation btw, there are lots of institutes that do a fine job of this) or if they are formally taught it occurs quite late on -- it would be great to recognise these skills better earlier in the curriculum. I should note this is a rather country specific comment, it is not the case everywhere. Depending on your present situation there are a wide number of paths. What country are you in and what is your background? Feel free to drop me a message instead if that is preferable.
179201
James Lyne
Posted almost 2 years ago
James Lyne: Everyday cybercrime -- and what you can do about it
No, thank you to both of you for helping to spread the word on an important topic. In many instances these information leaks occur without people realising and seemingly innocuous information can become quite problematic. The more we inform people with simple examples and demonstrations the more they are equipped to make their own decision about what is the right balance of flexibility, convenience, privacy and security.
179201
James Lyne
Posted almost 2 years ago
James Lyne: Everyday cybercrime -- and what you can do about it
Hi Tico. More than likely it is not infected as there is a relatively small volume of malicious code compared to other platforms like Windows. That said, please translate a low volume of malware in to a system being invulnerable. Just this week I am in a classroom teaching with a set of students learning about break out attacks for restricted Linux environments. If you are interested in more of the technical details you can check out a pentesting framework like Metasploit that shows you exploits for such systems. In short, don't assume Linux = absolute security, but you are certainly off to a better start as a result of your system choice :). Make sure you get those patches and apply host hardening!