Hacks, Issues, Exploits and VulnerabilitiesTech

SEC is in trouble for not following a Tech Talk Commandment

We follow the commandments so we don't end up in front of Congress.

MajorLinux
MajorLinux - Editor-in-chief
Seal of the SEC

For those who watch or listen to Tech Talk Thursdays, we have some unwritten commandments about how to be safe on the internet. My favorite one is use multi-factor authentication (MFA) when at all possible. It’s why hearing that Authy was discontinuing their desktop app made me a little sad. But what makes me fearful of the future is when federal agencies are doing it. This is why the SEC is in the hot seat.

The Securities and Exchange Commission (SEC) was recently hacked on Twitter. When the account was compromised, it started sharing news about bitcoin ETFs being approved. While it apparently was going to happen, no news was officially shared at that time. This caused the price of bitcoin to bump up a bit. However, a day later, the SEC did approve 11 ETFs noting that “bitcoin is primarily a speculative, volatile asset that’s also used for illicit activity.”

The hack itself raised some questions. When US Senators started looking into it, Twitter was quick to speak up. The social media company immediately pointed out that the SEC was not securing its account with multi-factor authentication. Senator Ron Wyden, in his letter to the SEC, said that it was “inexcusable” for the SEC to not have locked the account down more.

Given the obvious potential for market manipulation, if X’s statement is correct, the SEC’s social media accounts should have been secured using industry best practices. Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity. The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure.”

Senator Ron Wyden in letter to SEC

So, while I don’t know anything about bitcoin ETFs, what I do know is that using MFA will cover your ass in situations like this. It may be a nuisance, especially when sharing the account on a team, but consider the alternative.

It could land you in a congressional hearing.

Source: Engadget

You Might Also Like

Tech Talk ThursPlays: Powerwash Simulator (04/25/2024)

Roku hit by credential stuffing attack

Tech Talk Thursdays Episode #113 (04/11/2024)

Twitter isn’t letting you hide the checkmark anymore

Apple Store employees in New Jersey want to unionize

TAGGED:
Share This Article
By MajorLinux Editor-in-chief
Follow:
Marcus Summers is a Linux system administrator by trade. He has been working with Linux for nearly 15 years and has become a fan of open source ideals. He self identifies as a socialist and believes that the world's information should be free for all.
Previous Article Thumbnail for Tekken 8 Demo on MajorOffline Tekken 8 PC Demo Hands On
Next Article Ubisoft Plus poster Ubisoft thinks we need to be “comfortable” not owning our games
3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *