Artist - Carole Theriault This week in InfosecWith content liberated from the “today in infosec” Twitter account (and embellished by us 😉)11th June 2008: Verizon released the first edition of its annual Data Breach Investigations Report (DBIR).Incidents are still a thing.  Data breaches are still a thing.  Some stuff has changed.  Some hasn't.  Time keeps on ticking.  ¯_(ツ)_/¯Verizon Business Releases Trailblazing Data-Breach Study Spanning 500 Forensic InvestigationsAnalysis of the 2021 Verizon Data Breach Report (DBIR)https://twitter.com/todayininfosec/status/1271264648986124289  17th June 2010: The Stuxnet worm was first discovered by Sergey Ulasen at Belarusian antivirus software vendor VirusBlokAda. Announcement: http://anti-virus.by/en/tempo.shtmlInterview with Sergey Ulasen in 2011: The Man Who Found Stuxnet – Sergey Ulasen in the Spotlighthttps://twitter.com/todayininfosec/status/1273501720723648512   Rant of the Week[Carole saves the show by having something prepared (even if it is from the cutting room floor of Smashing Security)]ICO watchdog 'deeply concerned' over live facial recognitionhttps://www.bbc.co.uk/news/technology-57504717 Billy Big Balls of the WeekDoctors and Scientists Are Fighting Vaccine Misinformation on TikTokThe experts of the Team Halo initiative have taken to social media in order to combat falsehoods about COVID-19 and promote accurate vaccine science. Industry NewsVW Vendor Leaves Data UnsecuredIKEA Fined $1.2m for Spying on EmployeesThird of Staff Use Security Workarounds at HomeIoT Supply Chain Bug Hits Millions of CamerasMost Ransomware Victims Are Hit Again After PayingFootball Fever Puts Password Security at RiskHackers Can Spy on Peloton WorkoutsA Billion CVS Records ExposedPuzzling New Malware Blocks Access to Piracy Sites Sticky Pickle of the WeekA Neighbourly Pickle Tweet of the Weekhttps://twitter.com/InfosecMiles/status/1405194858965475328 Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” Twitter account.5th June 1991: Philip Zimmermann sent the first release of PGP to 2 friends, Allan Hoeltje and Kelly Goen, to upload to the Internet.Read his story about the release, including his disclosure of how little he understood about Usenet and what newsgroups even were. http://www.philzimmermann.com/EN/news/PGP_10thAnniversary.htmlPGP Marks 30th Anniversaryhttps://twitter.com/todayininfosec/status/1269043313404862465  7th June 1989: The beta release of the Bourne Again SHell (Bash) was announced as version 0.99. 2 months later Shellshock was introduced into the Bash source code and persisted in subsequent versions for over 25 years.https://groups.google.com/g/gnu.announce/c/hvhlR1Vn1P0/m/NYwp-4_0CaUJ?pli=1https://twitter.com/todayininfosec/status/1269788726156124160 9th June 1993: The first DEF CON hacker conference was held at the Sands Hotel & Casino in Las Vegas, Nevada. Initially planned by Jeff Moss as a farewell party for a hacker friend, about 100 people attended. It has since grown to become a 4-day conference with 30,000 attendees.https://twitter.com/todayininfosec/status/1270389947753627648 Rant of the WeekThere was widespread panic on Tuesday after a major Internet outage knocked dozens of websites offline.Amazon, Reddit and Twitch were all affected, as were the Guardian, the New York Times and the Financial Times.Additionally, the UK government website crashed – on the day that Britons aged 25–29 were invited to book their COVID-19 vaccines.Despite initial speculation that the outage was the result of a cyber attack – with ‘#cyberattack’ trending on Twitter – the true cause of the incident was less sensational, although nonetheless concerning.What caused the Internet to crash?Websites begin to work again after major outage Billy Big Balls of the WeekAlleged drug syndicates, contract killers and weapons dealers thought they were using high-priced, securely encrypted phones that would protect them as they openly discussed drug deals by text message and swapped photos of cocaine-packed pineapples. What they were really doing, investigators revealed Tuesday, was channeling their plots straight into the hands of U.S. intelligence agents.An international coalition of law enforcement officials announced they had ensnared alleged criminals around the world after duping them into using phones loaded with an encrypted messaging app controlled by the FBI.Street value of cocaineANOM: Hundreds arrested in massive global crime sting using messaging appFBI-controlled Anom app ensnares scores of alleged criminals in global police stingTrojan Shield: How the FBI Secretly Ran a Phone Network for CriminalsANOM: Alleged drug kingpin told to hand himself in after being tricked into spreading fake phone app  Industry NewsBiden Expands Trump’s Investment Ban on Chinese FirmsMore US Kids Warned About Internet Than Unsafe SexUS to Treat Ransomware Like TerrorismHacker Group Gunning for MuskFrench Antitrust Regulator Slaps $268 Million Fine on GoogleMicrosoft Fixes Seven Zero-Days This Patch TuesdayA Third of Execs Plan to Spy on Staff to Guard Trade SecretsJBS Admits Paying REvil Ransomware Group $11 MillionSchools Forced to Shut Following Critical Ransomware Attack Tweet of the Weekhttps://twitter.com/Eskenzi/status/1402684475243438081https://twitter.com/KimZetter/status/1402695107640393729 Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” Twitter account1st June 1864: The first record of electronic spam was broadly revealed. A recipient was so infuriated by the dentist's poppycock that he composed a letter to the editor of The Times about the telegram, begging the newspaper to kindly demand a stop to the nonsense.https://twitter.com/todayininfosec/status/139986437741571277328th May 2014: The TrueCrypt website unexpectedly announced that the development of TrueCrypt had ended and that the tool wasn't secure.The Fall of TrueCrypt and Rise of VeraCrypthttps://twitter.com/todayininfosec/status/1266260968004136962 Rant of the WeekDeadline draws near to avoid auto-joining Amazon's mesh network SidewalkOwners of Amazon Echo assistants and Ring doorbells have until June 8 to avoid automatically opting into Sidewalk, the internet giant's mesh network that taps into people's broadband and may prove to be a privacy nightmare.'A stalker can abuse it to stalk people better. There are no mitigations mentioned'Sidewalk privacy and security whitepaper by Amazon Bill Big Balls of the WeekAntivirus that mines Ethereum sounds a bit wrong, right? Norton has started selling itNortonLifeLock, the company that offers the consumer products Broadcom didn’t want when it bought Symantec, has started to offer Ethereum mining as a feature of its Norton 360 security suite. Industry NewsNCSC: Act Now to Protect Streaming AccountsInterpol Seizes $83 Million Headed for Online ScammersMeat Processing Giant JBS Pulls IT Plug After Cyber-AttackScripps Notifying 147K People of Data BreachTeen Crashes Florida School District’s NetworkSextortion Lands Inmate in Federal PrisonBattle for the Galaxy: 6 Million Gamers Hit by Data LeakRansomware Disrupts Largest Ferry Service in MassachusettsMandiant to Re-Emerge After $1.2 Billion FireEye Sale Tweet of the Weekhttps://twitter.com/Cyber_Cox/status/1400082437095387137https://twitter.com/ryanaraine/status/1399724475092983812?s=20 (Edited 00:18 7the June 2020 to seed Apple Podcast update.) Come on! Like and bloody well subscribe!

This Week in InfoSec20th May 1993: Neil Woods (24) and Karl Strickland (22) became the first people imprisoned under the UK's 1990 Computer Misuse Act. Hackers given six months for 'intellectual joyriding': Judge says jail sentences inevitable to deter others 'similarly tempted'https://twitter.com/todayininfosec/status/139571116658073190822nd May 1991: Michael John Lauffenburger's logic bomb was set to detonate on a system at General Dynamics. He'd implemented it 2 months prior. Lauffenburger later pleaded guilty to a misdemeanor charge of computer tampering.Hacker Pleads Guilty in ‘Logic Bomb’ Scheme : Crime: Ex-General Dynamics programmer tried to sabotage computers so the company would have to pay him to fix the problem.https://twitter.com/todayininfosec/status/1396858379285549059 Rant of the WeekCitizen is an app where users report "incidents" in their neighborhoods and, based on those reports and police scanner transcriptions, the app sends "real-time safety alerts" to users about crime and other incidents happening near where a user is located. It is essentially a mapping app that allows users to both report and learn about crime (or what users of the app perceive to be crime) in their neighborhood.CITIZEN CEO OFFERED TO PERSONALLY FUND LA ARSON MANHUNT — FOR THE WRONG PERSONMore on Citizen Shithousery:Leaked Emails Show Crime App Citizen Is Testing On-Demand Security ForceCitizen data scraped and dumped on dark web Billy Big Balls of the WeekNigerian cyber criminals target Texas unemployment systemCyber criminals use Gmail feature to register the same email address multiple times Industry NewsTelemarketing Fraudster Jailed for 10 YearsRansomware Gang Gifts Decryption Tool to HSEAir India: Supplier Breach Hit 4.5 Million PassengersAmex Fined After Sending Over Four Million Spam EmailsFBI Employee Indicted Over Illegal Document RemovalEurope’s Top Human Rights Court Rules UK Mass Surveillance IllegalInfluencers Offered Money to Vilify VaccineData Breach at Canada PostChinese Phishing Attack Targets High-Profile Uyghurs Tweet of the WeekStudents Stuff the Context Boxhttps://twitter.com/todayininfosec/status/1395843517189132300 Come on! Like and bloody well subscribe!

This Week in InfoSecLiberated from the “today in infosec” Twitter account:15th May 1998: The first issue of Bruce Schneier's (@schneierblog) monthly Crypto-Gram internet newsletter was published. And The Secret Story of Non-Secret Encryption is a pretty pretty pretty pretty...good read.https://www.schneier.com/crypto-gram/archives/1998/0515.htmlhttps://www.schneierfacts.com/https://twitter.com/sirjester/status/867809572173602817https://twitter.com/todayininfosec/status/1393708868304359426  22nd May 2010: A Floridian man named Laszlo Hanyecz, received what he thought was a “free lunch”.https://bitcointalk.org/index.php?topic=137.0Bitcoin Pizza Day: Why Bitcoiners Are Celebrating Today By Eating PizzaBitcoin's surge beyond $60,000 means the famed programmer Laszlo Hanyecz effectively paid $613 million for 2 pizzas Rant of the WeekWe'd love to report on the outcome of the CREST exam cheatsheet probe, but the UK infosec body won't publish ithttps://www.theregister.com/2021/05/17/crest_not_publishing_cert_exam_cheat_report/ Billy Big Balls of the WeekThe Military Is Creating a ‘Gig Eagle’ App to Uber-ize Its Workforce“We are creating a gig economy for the Department of Defense,” said one official.https://www.vice.com/en/article/n7bzvw/the-military-is-creating-a-gig-eagle-app-to-uber-ize-its-workforce Industry NewsRapid7 Source Code Accessed in Cyber-attackQuarter of CISOs Self-Medicate as Pandemic Stress SpikesUS Sentences Cyber-Stalker Who Sent Sex Workers to Family’s HomeToshiba Business Reportedly Hit by DarkSide RansomwareCybercrime Forum Bans Ransomware ActivityAXA Faces DDoS After Ransomware AttackFamilies of Missing Persons Receive Fake Ransom DemandsDarkSide Gang Retires on $90mUSPS Reportedly Uses Clearview AI to Spy on Americans Tweet of the Weekhttps://twitter.com/WeldPond/status/1395151316809306114https://twitter.com/GossiTheDog/status/1395502236101451777 Come on! Like and bloody well subscribe!

This Week in InfoSecLiberated from the “today in infosec” Twitter account6th May 1995: Chris Lamprecht (aka "Minor Threat") became the first person banned from the Internet. He received a 70 month sentence for money laundering...and was banned from the Internet until 2003.https://www.wired.com/1997/12/twice-removed-locked-up-and-barred-from-net/https://twitter.com/todayininfosec/status/12578628173711564807th May 2004: 18-year-old German computer science student Sven Jaschan was arrested for writing the Sasser worm and the NetSky worm. One of Jaschan's friends had informed Microsoft that Jaschan had created the worm.https://en.m.wikipedia.org/wiki/Sasser_(computer_worm)https://twitter.com/todayininfosec/status/13906895366704209989th May 1990: Operation Sundevil was revealed in a press release. It was a US Secret Service crackdown on "illegal computer hacking activities." Raids occurred in ~15 cities, resulting in a measly 3 arrests.https://twitter.com/todayininfosec/status/1259301463102074880The Hacker Crackdown audiobook https://boingboing.net/2008/01/13/podcast-of-bruce-ste.html   Rant of the WeekRansomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anywayColonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.News of the payoff was broken by Bloomberg – which not only cited anonymous sources but also mocked other news outlets' anonymous sources for saying earlier this week that the American pipeline operator would never pay the ransom.https://www.theregister.com/2021/05/13/colonial_pipeline_ransom/https://twitter.com/KimZetter/status/1392923544753872896 Colonial Pipeline hackers apologize, promise to ransom less controversial targets in futurehttps://www.theverge.com/2021/5/10/22428996/colonial-pipeline-ransomware-attack-apology-investigationColonial Pipeline was looking to hire a cybersecurity manager before the ransomware attack shut down operationshttps://www.theregister.com/2021/05/13/colonial_pipeline_hiring_cybersecurity_manager/  Billy Big Balls of the WeekHackers Are Having a Field Day With AirTagsJust two weeks after their release, several hackers and security researchers are tearing Apple’s AirTags apart and finding some issues with them.https://www.vice.com/en/article/pkbpa7/hackers-are-having-a-field-day-with-airtags Industry NewsMisconfigured Database Exposes 200K Fake Amazon ReviewersRansomware Takes Down East Coast Fuel PipelineUniversity Cancels Exams After Cyber-AttackStaff Bonus was “Crass” Phishing SimulationGermany Bans Facebook from Processing WhatsApp DataAXA to Stop Reimbursing Ransom PaymentsMore Domestic Abuse Cases Involve TechHome Working Parents and Young Adults Are Most Risky IT UsersBiden Executive Order Mandates Zero Trust and Strong Encryption Tweet of the Weekhttps://twitter.com/browninfosecguy/status/1392503491042611202Olaf Hartong @olafhartong: FreemiumBackupsIain Cyto @IainCyto: Surprise Pen Test Posse.Biteater @illustrioushefe: WindowsOffenderDavid Shipley @davidshipley: Trailer Park Crypto BoysAdrian @Nutritionist_AP: RanSomewhereOld Navy Dude next @ DEFCON & HIMMS @0ldNavyDude: Ransom McRansomface Come on! Like and bloody well subscribe!

This Week in InfoSecLiberated from the “today in infosec” Twitter account4th May 1990: Robert Tappan Morris was sentenced to 3 years probation, fined $10,000, and ordered to perform 400 hours of community service. Why? For releasing the Morris worm in 1988, then becoming the first person convicted under the then-new Computer Fraud and Abuse Act (CFAA).https://en.wikipedia.org/wiki/Morris_wormhttps://twitter.com/todayininfosec/status/12573523703354654724th May 2000: The ILOVEYOU worm spread worldwide, infecting an estimated 10% of the Internet-connected computers.Its author was never prosecuted because the Philippines didn’t have any relevant laws. He was recently tracked down and interviewed about the worm:https://www.bbc.com/news/amp/technology-52458765https://twitter.com/todayininfosec/status/1257833516454211584 A little Billy Bonus...https://www.linkedin.com/feed/update/urn:li:activity:6794950191586836480/A Little Cheap Plug:https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Rant of the WeekTwitter introduced a tip jar - except, when you use paypal to send the tip, it sends your registered address too! Noice. It’s not really an issue with twitter - more of a feature of PayPal cos that's how it sends receipts for goods and services. This threat exists with all users of PayPal. Not just tip jar. But this isn’t really a rant about privacy or tipjar… let’s talk about Whitney Merrill’s tweet…. https://twitter.com/wbm312/status/1390444554587832324?s=20 Billy Big Balls of the WeekDashcam footage showed the moment a gang of armed robbers in South Africa attempted a cash-in-transit heist by chasing and firing shots into a bulletproof security vehicle.Members of a private security company were transporting money in a truck in the northern city of Pretoria on April 22 when they were attacked.In the three-minute video, a security officer is seen driving with a colleague. Both men are wearing bulletproof vests.https://twitter.com/Abramjee/status/1388194148210167810https://www.insider.com/watch-video-shows-armored-cars-crew-in-daring-escape-under-fire-2021-5 Industry NewsBritish Prime Minister’s Cell Phone Number ExposedFake Vaccine Domain SeizedShoppers Choose Guest Checkouts Over Security FearsMisconfigs and Unpatched Bugs Top Cloud Native Security IncidentsCyber-Attack on Belgian ParliamentResearcher Claims Peloton APIs Exposed All Users DataHomecoming Queen Hacker to be Tried as an AdultCaptureRx Data Breach Impacts Healthcare ProvidersFinancial Firms Report Puzzling 30% Drop in Breaches as Incidents Rise Tweet of the Weekhttps://edition.cnn.com/2021/05/05/entertainment/tiger-king-carole-baskin-crypto-coin/index.htmlhttps://twitter.com/carole_baskin/status/1389662255747325955https://twitter.com/krypt3ia/status/1389948564411932676 Come on! Like and bloody well subscribe!

https://cumrocketcrypto.com/This week in Infosec takes us back to a time Microsoft devalued a company, before buying it and another case of something being referred to as electronic graffiti.Rant of the week is about this one time, at basecampIndustry News brings us the latest and greatest infosec news from around the globeBilly Big Balls talks about Apple’s app transparencyTweet of the week tells us why the CEO of a $2bn Bay Area tech biz was fired (the real reason may SHOCK you)It’s hard being overlooked all the time and that is all we have to say on the topic of Little People this week. This week in InfosecLiberated from the “today in infosec” Twitter account:23rd April 2008: Microsoft announced that some of its antivirus tools had mislabeled Skype as adware for several days due to a bad definition update. 3 years later Microsoft bought Skype for $8.5 billion. https://www.computerworld.com/article/2787019/microsoft-mislabels-skype-as-adware.htmlhttps://www.theregister.com/2010/04/21/mcafee_false_positive/https://twitter.com/todayininfosec/status/125355864253771366427th April 1986: In protest of rates for satellite dish owners, Captain Midnight jammed HBO's satellite signal for 4 minutes.Why did he do it? To raise awareness about unfair pricing and restrictive trade practices.https://en.m.wikipedia.org/wiki/Captain_Midnight_broadcast_signal_intrusionhttps://youtu.be/gtdwD0qqApQhttps://ultimateclassicrock.com/captain-midnight-hbo/  https://twitter.com/todayininfosec/status/1254799686906425346 Rant of the Week1. No more societal and political discussions on our company Basecamp account. 2. No more paternalistic benefits.3. No more committees.4. No more lingering or dwelling on past decisions.5. No more 360 reviews. 6. No forgetting what we do here. https://world.hey.com/jason/changes-at-basecamp-7f32afc5Wider fallout:https://twitter.com/CaseyNewton/status/1387195551205105666https://twitter.com/jonasdowney/status/1386792772334768130https://twitter.com/fox/status/1386836877857099777 Billy Big Balls of the WeekApple’s AppTrackingTransparency for iOS 14.5 is finally out. Here’s what it means for your privacy.https://www.eff.org/deeplinks/2021/04/apples-apptrackingtransparency-upending-mobile-phone-tracking Industry NewsLockdown Hotel Bookings at Risk Due to DMARC FailLast Chance for Forensics Teams Ahead of Emotet Sunday DeadlineSpace Command to Launch Dedicated Cyber CenterNintendo Sues BowserThreat Actors Impersonate Chase BankREvil Removes Apple Extortion Attempt from Site: Report#COVID19 Rattles Banks and Insurers as Security Budgets Are SlashedEmotet Group Harvested Over 4.3 Million Victim EmailsUS Arrests Alleged Crypto Mixer The Cellebrite Physical Analyzer – the most intrusive phone-cracking tool offered by the company – no longer supports the direct extraction of iPhone datahttps://9to5mac.com/2021/04/27/cellebrite-physical-analyzer-iphone/ Tweet of the Week https://twitter.com/JenniferJJacobs/status/1387046218602225667https://www.bloomberg.com/technology?sref=yYYRek8e https://www.nytimes.com/2021/04/29/arts/disaster-girl-meme-nft.html?smid=tw-nytimes&smtyp=cur Come on! Like and bloody well subscribe!

Thom’s l33t crypto coin investments This week in InfosecLiberated from the “today in infosec” twitter account:18th April 1995: proff (Julian Assange) published "The Dan Farmer Rap", about SATAN author, Dan Farmer.Yes, that Julian Assange.Yes, the same one.Yes.https://seclists.org/bugtraq/1995/Apr/19519th April 2010: The OWASP Top 10 for 2010 was officially released.http://web.archive.org/web/20100628190859/http://www.owasp.org/index.php/OWASPTop10-2010-PressReleasehttps://twitter.com/todayininfosec/status/125189502259880345719th April 2011: Microsoft published a policy requiring employees to follow specific procedures when reporting vulnerabilities in 3rd-party products.https://twitter.com/todayininfosec/status/1252023386026340352 Rant of the WeekThey Hacked McDonald’s Ice Cream Machines—and Started a Cold Warhttps://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/ Billy Big BallsCellebrite makes software to automate physically extracting and indexing data from mobile devices.https://signal.org/blog/cellebrite-vulnerabilities/ELI5: https://twitter.com/ErrataRob/status/1385020198697291777?s=20 Industry NewsGoogle to Delay Publishing Bug Details for 30 DaysICO Issued Over £42 Million in Fines Last YearFIN7 Sysadmin Gets 10 Years Behind BarsGoogle Trumpets New Mobile App Security StandardMI5: 10,000+ Brits Approached by Spies on Social SiteDating Service Suffers Data BreachTikTok Sued Over Use of Minors’ DataDoJ Launches Ransomware Taskforce as Apple Hit by Extortion AttemptStallone Classic a Password Favorite Tweet of the Weekhttps://twitter.com/H3KTlC/status/1385232019387404296?s=20Related:Add another cause of mental health concern from the past year’s Pandemic-induced, work-from-home requirements.  New research from Microsoft shows the potential downside of the virtual workplace, confirming that stress increases over the course of back-to-back virtual meetings.https://www.forbes.com/sites/brucerogers/2021/04/20/our-brains-need-breaks-from-virtual-meetings/?sh=6de6770a21e9 Sticky Pickle of the WeekHat-tip to Martin @maxsec Hepworth for bringing this story to our attention (and the reason Smashing Security missed it is because they record on Tuesday and spend a day and a half editing their show before releasing it):“Linux kernel developers do not like being experimented on”https://twitter.com/gregkh/status/1384785747874656257?s=20https://lore.kernel.org/linux-nfs/YH%2FfM%[email protected]/ Come on! Like and bloody well subscribe!

We think we sound much better this week, all thanks to Krisp! Tighten up your audio, remove background noise, and annoying work colleagues, all with Krisp. Download it here:https://ref.krisp.ai/u/ue2a67ba76 One advantage of being short is that you get to be in the front of all pictures taken of a group and that is all we have to say about Little People this week. This week in InfosecLiberated from the “today in infosec” twitter account:15th April 2000: The RCMP arrested a Canadian juvenile known as MafiaBoy for a DDoS attack against cnn.com.https://twitter.com/todayininfosec/status/1250622615204454400 https://en.wikipedia.org/wiki/Michael_Calce14th April 2005: It was announced that the National Infrastructure Advisory Council (NIAC) had chosen FIRST to be the custodian of the Common Vulnerability Scoring System (CVSS), the then-emerging standard in vulnerability scoring.https://twitter.com/todayininfosec/status/125025120339027558416th April 2014: Host Unknown released their debut music video to great acclaim within the Infosec echo-chamberhttps://twitter.com/HostUnknownTV/status/456395301159305216Jav’s proposal for Pulp Security from 2011 (cue Mesirlou  clarinet version to avoid copyright infringment notices)Cynic: So tell me more about America.Jester: Well it's the same shit we got here, it's just a little different.Cynic: Example?Jester: Well I mean, you can get encryption products out there. It's legal for you to own it, it's legal for you to install it… but get this. If you try to export it out of the country it's illegal for you to do it.Cynic: Damn man, that's harsh.Jester: You know what they call a router (pronounced rooter) out in the US?Cynic: They don't call it a Rooter?Jester: Nah man, they got their own system, they call it a Router (pronounced rowter)Cynic: haha Rant of the Week Industry NewsHackers Hacked as Underground Carding Site is BreachedFacebook Removes 16k Groups for Trading Fake ReviewsBrits Still Confused by Multi-Factor AuthenticationFood Shortages at Dutch Supermarkets After Ransomware OutageCyber-Attack Shutters Half of Tasmania’s CasinosMicrosoft Patches Four More Critical Exchange Server BugsLawsuit Filed After Facial Recognition Tech Leads to Wrongful ArrestMan Gets 10 Years for Multimillion-Dollar Medicare Fraud SchemeEurope's Data Protection Guardians Green Light EU-UK Data Flows Javvad’s Weekly StoriesHow I pwned an ex-CISO and Smashing Security https://youtu.be/lb5htJmjcFM Tweet of the WeekRobert McArdle - @bobmcardleDirector FTR - CyberCrime Research for @TrendMicro. Lecturer in Malware Analysis.https://twitter.com/bobmcardle/status/1382602129005772801 Sticky Pickle of the WeekYour company is looking to promote an upcoming Women in Security webinar and you’re looking to maximise engagement on your social media channels so you come up with a single question which you believe will solicit engagement and believe the structure of the question is in a way that keeps responses on topic:“What according to you are the most common challenges faced by women in the cybersecurity domain?”.Sound good so far?  Can you make it simpler by providing multiple choice answers to choose from?  It’s not a bad strategy so what are the optional responses to the most common challenges faced by women in the industry are?A: “Only men can do this job”B: “Women can’t handle this job”C: “Women aren’t encouraged enough.”Now the responses you’re receiving to this insightful quiz are not going in the direction you thought they would - what are your next steps?https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/ Come on! Like and bloody well subscribe!

This week in Infosec(Liberated from the “today in infosec” twitter account):4th April 1977: Ron Rivest first introduced Alice and Bob in the paper "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems".https://twitter.com/todayininfosec/status/1246652917605527554http://web.mit.edu/jemorris/humor/alice-and-bobhttps://xkcd.com/177/Javvad explains it better: https://en.wikipedia.org/wiki/Alice_and_Bob8th April 2014: Extended support for Microsoft Windows XP Service Pack 3 ended, nearly 6 years after SP3's release and 12 1/2 after general availability of Windows XP.https://twitter.com/todayininfosec/status/1247920644030738433 Rant of the WeekThe UK Cyber Security Council launches itself by pointing world+dog to domain it doesn't ownThe UK Cyber Security Council announced itself to the public realm last week by touting a domain it doesn't own. Helpfully, internet jokesters then bought up variations on the official address.A brainchild of the Department for Digital, Culture, Media and Sport, the UK Cyber Security Council is billed by the government as "the regulatory body, and voice, for UK cybersecurity education, training, and skills." As part of that it "drives progress towards meeting the key challenges the profession faces."All very worthy and important. When British infosec folk noticed that the official press release mentioned an email address for ukcybersecurity[.]org[.]uk, however, everything started unraveling.Why? Because the UK Cyber Security Council didn't own ukcybersecurity[.]org[.]uk. Nobody did – until Adrian Kennard bought it and pointed it at his personal blog, where he dispensed some gentle advice to the new org."One of the tips I can give you when it comes to cybersecurity is that you should be careful to ensure that contact details you publish actually belong to you," wrote Kennard, who runs a UK ISP, adding: "It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at [email protected] for more information (be nice)."https://www.theregister.com/2021/04/06/uk_cybersecurity_council_domain_fail_launch/ Billy Big Balls of the WeekThis Tech Exec Had Her Kids Sign a User Agreement Before She Got Them Their First PhoneWhen it came to tech and their own kids, both Steve Jobs and Bill Gates were famously strict about how much screen time they allowed. Jobs didn't let his kids use the iPad he helped invent. Gates banned his kids from getting phones until they were 14. Just like Gates and Jobs, Jennifer Zhu Scott, a Hong Kong-based tech executive and TED speaker focused on privacy issues, was concerned about the dangers of giving her two children, aged 10 and 11, smartphones--given her deep understanding of the power and perils of technology.  She drew on her professional experience and made them sign a three-page, 15-point "user agreement" for their phones. They had to agree to share their passwords with her, ask for permission before signing up for social media accounts, be open about harassment or strange phone calls or messages, and answer any questions about how they were using their phones.Part of the agreement is a crash course in internet privacy. It tells her daughters what we adults so often forget--that everything we put online is likely to be read, used, and sold in ways that we can't begin to imagine.Etiquette and overuse are also covered by the agreement. It bans phone use after 8 p.m. and requires the girls put their phones down while socializing and walking. It also contains a strong warning about the long life of potentially embarrassing photos and posts shared online. A copy of the agreement is in the show notes. https://www.inc.com/jessica-stillman/this-tech-exec-had-her-kids-sign-a-user-agreement-before-she-got-them-their-first-phone.html#:~:text=Try%20a%20'user%20agreement',power%20and%20perils%20of%20technology.Link to the agreement: https://drive.google.com/file/d/1Yc3Np00vEgAIvNV7VzEIHoxbWqqC0Oon/view Industry NewsMicrosoft Suffers Second Outage in Two WeeksData of Half a Billion Facebook Users LeakedAustralia Considers Social Media ID RequirementFlorida School District Held to Impossibly High RansomCybersecurity Industry Must Find Solutions for Third-Party Data SecurityChemical Weapon Shopping Sends Dark Web User to PrisonItalian Arrested After Allegedly Paying Hitman to Murder Ex-Girlfriend College Track Coach Accused of CyberstalkingWormable Netflix Malware Spreads Via WhatsApp Messages Tweet of the Weekhttps://www.teiss.co.uk/ziggy-ransomware-admin-to-refund-victims/The administrators of Ziggy ransomware have reportedly decided to lead an honest life and refund the victims of their ransomware attacks. This historic announcement comes a couple of months after the hacker group decided to shut shop and release decryption keys for free.As admitted by the ransomware's operators in statements given to the likes of Bleeping Computer and Threatpost, the Ziggy ransomware gang decided to shut shop in February following a string of law enforcement successes against well-established ransomware gangs, notably Emotet and NetWalker. Gripped by the fear of being next, the ransomware gang quickly released an SQL file with 922 decryption keys that could be used by the victims to unlock their files.https://twitter.com/M_Shahpasandi/status/1376116414608736258?s=20 Bonus Tweet of the Weekhttps://twitter.com/yarden_shafir/status/1380147188416778245 Come on! Like and bloody well subscribe!

April 1st!https://www.facebook.com/burgerking/posts/4438200159526619https://twitter.com/VW/status/1376868756782219266https://www.animationmagazine.net/tv/the-cats-out-of-the-bag-cn-rebrands-as-cat-toon-network/  This week in InfosecLiberated from the “today in infosec” twitter account:27th March 1979: 33-year-old computer consultant Stanley Mark Rifkin was sentenced to 8 years in prison for stealing $10.2 million from a bank via computer. Federal District Judge Matthew‐Byrne Jr., rejecting an appeal from Mr. Rifkin that he be placed on probation.https://twitter.com/todayininfosec/status/1243427187165814785https://www.social-engineer.org/wiki/archives/Hackers/hackers-Mark-Rifkin-Social-Engineer-furtherInfo.htmRant of the WeekWhistleblower: Ubiquiti Breach "Catastrophic"https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/https://community.ui.com/questions/Update-to-January-2021-Account-Notification/3813e6f4-b023-4d62-9e10-1035dc51ad2e Billy Big BallsThoughts on Selling to Security LeadersJason Chan - VP Security NetflixIf I ask to not be contacted by your company, ensure that fulfilling my request covers all channels (phone, LinkedIn, email, snail mail, etc.) and extends to your colleagues.Don’t sell based on FUD (Fear, Uncertainty, and Doubt). Security is a tough field to work in, and bad things happen. I don’t need scare tactics from sales folks.It’s fine to follow up to an unanswered message - once. And give it at least a week between messages. If someone doesn’t respond after the second reachout, it’s likely they are not interested. I’d not have time to do my job if I replied or unsubscribed to every reach out I receive.Don’t assume you understand the problems I’m facing or that you know what should be at the top of my priority list. Every organization has a different threat model, culture, and risk tolerance.If you’re selling something, don’t ask to “pick my brain” or for “feedback on your approach.”DO NOT CALL ME ON THE PHONE. There is no situation where I'm looking to have this conversation. Email or LinkedIn is fine.If you’re working with someone on my team, don’t escalate to me if things don’t go your way. I trust my team to make good decisions.Your solution or product doesn’t solve every security problem. That’s okay, I don’t expect it to. Just be clear about the value you believe your solution brings.Your solution won’t save me from the next [INSERT BREACH/EXPLOIT/VULNERABILITY] here. Don’t say it will. Perhaps it’s additive or helpful, but operating a security program successfully is complex and involves people and technology working together. Again, just be clear about your product’s value.Don’t offer me a gift card, gift, or cash in exchange for a meeting. Just no.Keep your word, and follow up on time if and when asked. I appreciate folks who meet their commitments and respect my time.If I’m a customer, think long term partnership vs. transactional sale. There is a lot of overhead to switching vendors and I appreciate folks that I can build a long term, mutually beneficial relationship with. Industry NewsFBI Issues Mamba AlertBurned Out Employees Put Corporate Security at RiskAussie TV Network Taken Off Air by RansomwareGerman MPs Hit by Russian-Backed Phishing AttacksCyberbullying Linked to Social Media AddictionUK Cyber Security Council Officially Launches as Independent BodyCISA and RH-ISAC to Run Cybersecurity DrillThree-Quarters of Legal Breaches Caused by InsidersMost Global Chip Companies Show Signs of Compromise Tweet of the Weekhttps://twitter.com/0x26d/status/1377415060759269377 Come on! Like and bloody well subscribe!

The Biggest Loser, Week 0Andy is running a book if you are interested in a little flutter on who will be the healthiest in the next six months.Jav issues an apology to our listeners for misinformation and to Andy for correcting him when he stated the opposite had occurred: https://mashable.com/article/joe-biden-green-screen-conspiracy-debunked/?europe=trueEvil Knievel:https://twitter.com/little_birdy__/status/1373722427126116352?s=21Andy *Bathes in the glory of a heartfelt apology from Jav* Jav spoke at Infosecurity Conference and Thom spoke at The SASIGhttps://www.infosecurity-magazine.com/news/imos21-overcoming-defenders-dilemma/Thom mentions  the Nextdoor supplemental episode released midweek and how we could have saved many more people from the Royal Mail text scam had we not run out of time: https://www.standard.co.uk/business/royal-mail-text-scam-victim-banking-security-checks-b925810.html This week in Infosec(Liberated from the “today in infosec” twitter account):25th March 2010: Albert Gonzalez was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.https://www.independent.co.uk/life-style/gadgets-and-tech/news/albert-gonzalez-200-million-damage-hacker-sentenced-1928313.htmlhttps://twitter.com/todayininfosec/status/124304097074195661021st March 2021: Announcement from Attrition that on March 20, 2021, an argument was made to open their mirror back up to everyone.“While we had provided access to the mirror for a couple dozen people over the last ten years, we think it may be beneficial to be public. Some defacers from back then want a trip down nostalgia lane. We still have reporters doing in-depth research on various topics that request access to dig up historical citations. It stands to reason more might be interested in revisiting the 'good old days' and the content that would lead us to over one million hits a few days. With that, the doors are open again. We hope you enjoy”.https://attrition.org/news/content/21-03-21.001.html Rant of the WeekDaniel Kelley, Associate Director, Center for Technology and Society at Anti-Defamation LeagueToday we're releasing our annual nationally representative survey of hate and harassment on social media.In a year where tech companies made bold statements about their efforts to address hate on their platforms, Americans' experience of harassment remained constant.41% of Americans experienced harassment online according to this year's survey, with 27% experiencing severe harassment, which includes stalking, sustained harassment, physical threats, sexual harassment, doxing and swatting.Overwhelmingly, the platform where Americans experience harassment was Facebook- 75% of Americans who were harassed reported being harassed on Facebook with the next highest being Twitter at 24%https://www.adl.org/online-hate-2021https://www.linkedin.com/posts/activity-6780520538549882880-ZmYD/ Billy Big Balls of the WeekStory of Helen Bevan, Chief Transformation Officer at the NHS, had her two Twitter accounts, with nearly 140,000 followers, stolen by hackers and used to promote fake PlayStation 5 sales.She now has the accounts back but has received dozens of messages from people who fell for the scam.Ms Bevan also paid money to someone who said they could help - but they turned out to be a scammer too.She said she wanted to highlight the importance of extra security measures.NHS Horizons chief transformation officer Ms Bevan mistakenly thought she had activated two-factor authentication (2FA), which requires account-holders to use two methods to log in, the second often involving a code sent by text or email.https://www.bbc.co.uk/news/technology-56456002https://twitter.com/HelenBevanTweet/status/1372955366212898816  She’s got an easy out if she doesn’t want to upset this guy: Industry NewsRussian Man Pleads Guilty in Tesla Extortion PlotUK Govt Department Loses 306 Mobiles and Laptops in Two YearsDelhi Police Bust Call Center ScammersFired IT Contractor Jailed for Retaliatory Cyber-AttackUK Govt Department Loses 306 Mobiles and Laptops in Two YearsFirms Urged to Patch as Attackers Exploit Critical F5 BugsDrug Maker to Pay $50m for Destroying DataFatFace Faces Customer Anger After Controversial Breach ResponseHalf of UK Firms Suffer Cyber-Skills Gaps Javvad’s Weekly StoriesJav interviewed by PureVPN Tweet of the Weekhttps://twitter.com/ParikPatelCFA/status/1375096656933306369https://www.wired.co.uk/article/suez-canal-ship-stuck-ever-given Come on! Like and bloody well subscribe!

Jav, Andy and Thom chat about the delights of the Nextdoor app. For our international listeners, just head to https://nextdoor.co.uk/ to find out about the uniquely Britishness of complaining about your neighbours on a public forum in a passive aggressive way without actually openly complaining about them. And it is all OK because it is on an App.In their own words:"It's where communities come together to greet newcomers, exchange recommendations, and read the latest local news. Where neighbours support local businesses and get updates from public services. Where neighbours borrow tools and sell sofas. It's how to get the most out of everything nearby. Welcome, neighbour."You're welcome. Come on! Like and bloody well subscribe!

Our regular know our regular features, so here is our regular update for our regular features for our regular listeners.This week in InfosecTweet of the WeekBilly Big BallsRant of the weekIndustry NewsThere is no Little People, there has never been a Little PeopleWill we have a Sticky Pickle of the Week?  This Week in InfoSec(Liberated from the “today in infosec” twitter account):6th March 1995: The SATAN (Security Administrator Tool for Analyzing Networks) security tool was released by Dan Farmer and Wietse Venema. The release stirred huge debate about security auditing tools being given to the public.Fun fact: @neilhimself drew the tool's documentation artwork. https://www.latimes.com/archives/la-xpm-1995-03-01-fi-37458-story.htmlhttps://twitter.com/todayininfosec/status/1240452423778308097 Rant of the WeekCatalin Cimpanu:Check Point says it is seeing a doubling in ProxyLogon exploitation attempts every few hours.Please, red teamers, explain it to us like we're 5 how releasing PoCs for highly-dangerous bugs too early doesn't help threat actorsWe're listening!Dave Kennedy:Blaming red teamers is already an inaccurate statement as it's typically security researchers who publish these.It was already actively exploited with hundreds of thousands of already compromised systems with little to no direction from Microsoft.Yet offsec is to blame?https://twitter.com/HackingDave/status/1370424240801996809?s=20 Billy Big BallsTIKTOK INTRODUCES NEW ‘KINDNESS’ FEATURES AS IT URGES PEOPLE TO BE NICER TO EACH OTHERTikTok has introduced new features in an attempt to make its users be “kinder” to each other.They include a new prompt that will attempt to spot cruel comments and advise people to reconsider their posts before they are sent.Video creators will also be able to filter comments – removing any comments at all, unless the owner of the video approves them.That feature is called “filter all comments” and TikTok said it was an extension of existing tools that look out for “spam and offensive comments” so they can be filtered out, as well as a feature that allows for the hiding of specific keywords.https://www.independent.co.uk/life-style/gadgets-and-tech/tiktok-update-new-feature-kind-comment-b1815148.html[That was this week's BILLY BIG BALLS]Our source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe!  Industry NewsEncrypted Comms Firm Denies Police Cracked User MessagesEncrypted Comms CEO Indicted in Drug Trafficking ConspiracyExchange Exploit Attempts Surge Sixfold as Ransomware LandsOVH Data Center Fire Impacts Cyber-criminalsUK Nurseries Get First Official Cyber-Attack WarningTwitter Updates 2FA to Enable Use of Multiple Security KeysDropbox to Make Password Manager Feature Free for All UsersSecurity Consultant Indicted on Cyberstalking ChargesMom Charged in Deepfake Cheerleading Plot Javvad’s Weekly Storieshttps://mashable.com/article/joe-biden-green-screen-conspiracy-debunked/?europe=truehttps://futurism.com/the-byte/deepfake-elon-musk-zoom-meetings Tweet of the Weekhttps://www.nytimes.com/2021/03/18/business/hacking-cars-cybersecurity.htmlhttps://twitter.com/WeldPond/status/1372530409536380931 Sticky Pickle of the WeekTheree is no Sticky Pickle of the Week Come on! Like and bloody well subscribe!

 This week in Infosec(Liberated from the “today in infosec” twitter account):6th March 1992: For the second year in a row the Michelangelo virus activated on this date. However, the lead up to March 6th, 1992 was the first instance of mass hysteria about a virus, though the hysteria was overblown. https://en.wikipedia.org/wiki/Michelangelo_(computer_virus)https://nakedsecurity.sophos.com/2012/03/05/michelangelo-virus/https://twitter.com/todayininfosec/status/1368258690143371264https://nakedsecurity.sophos.com/2010/04/08/fame-bbc-newsround/5th March 2003: A Sendmail remote buffer overflow vulnerability was made public. Discovered by ISS 2 months prior, exploit code was published within 24 hours.https://www.techrepublic.com/article/watch-out-for-critical-buffer-overflow-vulnerability-in-sendmail/https://twitter.com/todayininfosec/status/1235425049923862529 Rant of the WeekNike’s Resell Scandal and VP Ann Hebert’s Resignation, Explainedhttps://www.complex.com/sneakers/nike-ann-hebert-son-sneaker-resale-scandal-explained/how-was-joe-hebert-getting-shoes19-year-old entrepreneur from Portland, Oregon. Known as “West Coast Joe” and runs the @west.coast.streetwear account on Instagram, along with its affiliates.Starting his business in high school, Joe begins selling limited-edition drops, “Deadstock”, and establishes Discord channels to share his unique knowledge of Nike sale schedules, sale locations, and more. His success caught the eye of Joshua Hunt, who sought to write a piece for Bloomberg.Fame and fortune got to Joe’s head when he sends through an American Express statement to demonstrate the company’s revenue. The name on the card? It wasn’t Joe. It was Ann Hebert, VP and GM of Nike’s North American market. Joe's mom. Hunt reaches out to Joe to discuss the relationship. Joe begs Hunt to not disclose this information in the article and ceases communication with Bloomberg entirely. Ann Hebert resigns just days after the publication of Hunt’s article outlining the story.  Billy Big Balls of the WeekSTURGIS, Mich. – A virtual preliminary examination in Michigan was interrupted last week after the defendant was found to be at the same home as an alleged victim of assault while the hearing took place.Coby James Harris, 21, had gone before St. Joseph County District Court on March 2, accused of assault with intent to commit bodily harm less than murder, stemming from an incident Feb. 9 in Sturgis, Michigan.About seven minutes into the proceeding, Deborah Davis, assistant to the prosecuting attorney and representing Lindsey, said she believed Lindsey and Harris were in close proximity during the livestream, based on Lindsey’s answers and body language.“Your Honor … I have reason to believe that the defendant is in the same apartment as the complaining witness right now, and I am extremely scared for her safety,” Davis said. “The fact that she’s looking off to the side and he’s moving around, I want some confirmation that she is safe before we continue."Middleton asked Lindsey where she was at that moment.“Um, I’m at a house,” Lindsey said, with hesitation, giving a Hatch Street address in Sturgis.Middleton then asked Harris to divulge the address where he was. Harris gave a house number on East Lafayette Street.Middleton told Harris to go outside with his cell-phone and take a photograph of the house number. Harris declined, saying he was limited by low phone battery and that his device was connected to a charger.A few moments later, Davis said the police were at the door of Lindsey’s confirmed location to check on her. Lindsey was instructed to go to the door to speak to police.“We may need to adjourn this, your Honor,” Davis said to Middleton.Lindsey's connection to the court proceeding went offline after it showed her speaking to police outside the home. Moments later, Lindsey’s livestream came back online, showing Harris inside on Lindsey's phone and in the custody of police. Davis briefly “face-palmed” upon the reveal that Harris was at the same location as Lindsey.https://eu.sturgisjournal.com/story/news/crime/2021/03/05/court-hearing-postponed-after-accused-found-same-house-witness/4587600001/(start at 06:30.) Rollerblading Karachi cops https://youtu.be/Q0jED85uwbw Our source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe! Industry newsSITA Supply Chain Breach Hits Multiple AirlinesDocker Hub and Bitbucket Resources Hijacked for Crypto-MiningMcAfee Faces Decades Behind Bars After Fraud IndictmentNCSC: Don’t Fall for Mother’s Day Scams This WeekMicrosoft Expands Coverage of Exchange Server PatchesMost Threat Analysts Banned from Sharing Intel with PeersThird of Office Workers Warned After Sharing Data Via Unofficial AppsSuperstar K-Pop Band’s TikTok HackedSchool Boss Resigns After Porn Found on Computer Javvad’s Weekly StoriesIndustry Leaders Javvad Malik and Wendy Nather to Headline Infosecurity Magazine Online Summit - industry pioneers Javvad Malik, security awareness advocate at KnowBe4, and Wendy Nather, head of advisory CISOs at Duo Security (Cisco), will be headlining the upcoming Infosecurity Magazine Online Summit, taking place on March 23 and 24. Tweet of the WeekDr Jen Golbeck reminding us how creepy Facebook and other advertisers (but mostly Facebook) are:Accelerometer Vibrations to Speech — How your phone’s accelerometer can snoop on your calls (popular press)La Liga Soccer App Spying Scandal — Without telling users, Spain’s soccer app used GPS and microphone access to fine bars who hadn’t paid licensing feesSonitor’s Lyra system uses your phone’s microphone to track your position — an example of the ultrasonic beacons mentioned in one of my videosLocation tracking through WiFi signals — Your location can be tracked even if you turn off location servicesFacebook Shadow Profiles — Even if you haven’t set up a Facebook account, the company likely maintains a “shadow profile” of you.Target Knows You’re Pregnant before you tell anyone else — here’s howhttps://www.tiktok.com/@jengolbeck? https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620https://twitter.com/jengolbeck/status/1368991334309257216?s=20 Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” twitter account:2nd March 2002: Zone-H was launched in Estonia and began saving and publishing copies of defaced websites 7 days later. http://www.zone-h.org/news/id/4742?hz=2https://twitter.com/todayininfosec/status/12344923508330086402nd March 2010: Gregory  D. Evans' book "How To Become The World's No. 1 Hacker" was published. The book was heavily plagiarized and not held in high regard. Evans was quite controversial...to say the least. And got a lot of attention for a couple of years. Google him if you wish.https://twitter.com/todayininfosec/status/1234320212117221376https://attrition.org/errata/charlatan/gregory_evans/ https://blog.c22.cc/2010/06/17/threats/comment-page-2/ Rant of the Week (not covered)A warning went up on the perl.org infrastructure weblog late in January notifying users that perl.com now directed to a parking site and advised against visiting "as there are some signals that it may be related to sites that have distributed malware in the past."The site later returned an ERR_CONNECTION_CLOSED error message.The hijack appears to have followed the age-old path of an attacker pouncing on a compromised account and swiping the domain rather than a simple expiration.A good read out of what happened from Perl’s point of view as well as their Incident Response processes (link at the bottom).We had learned very quickly that when you use the registered domain for your email contact, no one can contact you when that domain no longer handles your mail. What we think happenedThis part veers into some speculation, and Perl.com wasn’t the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. There’s no reason for Network Solutions to reveal anything to me (again, I’m not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported.John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars makes the recovery much harder.RANT: Domain was hijacked, old methods, there are no new hacks!https://www.perl.com/article/the-hijacking-of-perl-com/ Billy Big BallsAOL phishing email states your account will be closedhttps://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/https://mashable.com/2014/08/21/aol-disc-marketing-jan-brandt/?europe=true Industry NewsOur source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe!  TikTok Set for Massive $92m Payout Over Privacy SuitFacebook Photo-tagging Lawsuit Settled for $650mGo Malware Detections Increase 2000%Quarter of Healthcare Apps Contain High Severity BugsMicrosoft Patches Four Zero-Day Exchange Server BugsPassword Reuse at 60% as 1.5 Billion Combos Discovered OnlineRansomware Attacks Soared 150% in 2020Canadian Cyber-Agency Workers Threaten StrikeMissing Teens Used School Laptops to Chat with Alleged Abductors Javvad’s Weekly StoriesJav has the COVID Jab Tweet of the WeekMalwareAndPickles @malwrandpicklesIt's probably nothing.Marc J @DrGeekthumbThe server room had no lock.Andy Cooke แอนดี้ คุกส์ @cooke_andyOK, 3389 open to the internet.MrR3b00t | it's safe just don't go outside @UK_Daniel_Cardi wiped the right drive right?Christopher J. Marcinko @christoperjI’m compliant so I’m definitely secureDavid Downs @drdownsWe have a strong password policySimon @cigh033"sorry, your password is too long"Josh Centers @jcentersRudy Giuliani, professional cyber security expertwim letzer @wimletzerThat does not happen to me.David Robert Newman @davidnewman“I wrote my own crypto libraries”Jeroen Jetten @TheTallestJJWe’re too small to be attackedJames Kelley @kelleyllcClient required SolarWinds for security reasons.dao ming si @dms1899Our security policy protects against abuse.Moreno Daltin @morenjiWe have always done this wayPaul Stephenson @tupelofortitudeWife found my credit card statementhttps://twitter.com/Sophos/status/1367082335997427720 The Little PeopleThere will no longer be a Little People segment for the foreseeable future. Sticky Pickle of the WeekImagine you are the CEO of an American based, billion dollar global company.  You hit a SNAFU and are called to testify before congress about what happened.  Obviously the members of congress will want to know in layman's terms how your IT infrastructure was left so unprotected that it was used to deliver malware to several branches of the federal government as well as a series of high-profile private sector targets?What might be your go-to responses?Correct answer: Blame the internAccording to Thompson and current SolarWinds CEO Sudhakar Ramakrishna, an intern who worked at the company posted the “solarwinds123” password on GitHub back in 2017. Security researcher Vinoth Kumar later discovered that the password had been posted publicly since at least June 2018 and informed the company of the leak in 2019, at which point, according to Ramakrishna, it was removed from GitHub.Needless to say, that explanation still leaves a lot of questions unanswered. For instance, was the intern actually responsible for setting the “solarwinds123” password? And, if so, why on earth had the company delegated responsibility for setting such an important password to an intern? Was the password actually changed when the leak was discovered in 2019 or was it just removed from GitHub? And why was there no multifactor authentication protecting that server if it could be used to transfer files onto company servers?It’s a tempting narrative—as the stories about how a massive, complicated breach is the fault of a single actor often are—in which some clueless college student shows up for a summer and sets a dumb password and then carelessly leaves it up in some publicly accessible code on GitHub. Above all, it’s a story that’s easy to understand, especially for members of Congress. For instance, California Rep. Katie Porter pointed out at the hearing, “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad.”https://slate.com/technology/2021/03/solarwinds-hack-cyber-espionage-intern-password.html Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” twitter account:25th February 1989: Knight Lightning published an Enhanced 911 technical doc (it had been stolen from a BellSouth computer) to Phrack under the pseudonym "The Eavesdropper".http://phrack.org/issues/24/5.html#articlehttps://en.wikipedia.org/wiki/United_States_v._RiggsOn This Day: Feb. 25, 2005, authorities arrested Dennis Rader, a municipal employee and church leader, for the so-called BTK (blind, torture, kill) serial killings that terrorized Wichita, Kan. Rader was convicted and sentenced to 10 consecutive life terms.Between 1974 and 1991, he murdered at least 10 people in Wichita, Kansas. He apparently got away with it for over a decade.In 2004 an article was published suggesting that nobody remembered him.Desperate for notoriety, he began to write to the police and media gloating and showboating.In 2005 he sent a floppy disk with some bragging. When police examined the disk, they found metadata of an old word document on it which revealed the name of the Church where he worked and his surname.https://www.abajournal.com/magazine/article/how_the_cops_caught_btk Bill Big Balls of the WeekI use an email tracker to spy on people I work with. This is whyhttps://www.independent.co.uk/life-style/email-trackers-how-to-work-b1806723.html Rant of the WeekApple has long held its position on iCloud backups. It has focused on usability rather than total security. If a user changes iPhone and wants all their old iMessages, the easiest way to retrieve them is by getting Apple to store and send them from the iCloud to the new device. It’s the same for other messaging apps like WhatsApp, which offers backups.But Apple has reportedly considered making iClouds much more difficult for police to access. A Reuters report last year suggested that Apple did have plans to fully encrypt iCloud accounts too, so only users had the key, but backed down. Though the report claimed the decision was made after the FBI asked for iClouds to remain accessible, Reuters found no evidence of Apple’s motivation for ditching the plans.https://www.forbes.com/sites/thomasbrewster/2021/02/15/when-imessages-arent-private-government-raids-apple-icloud-in-a-dark-web-drug-investigation/ Industry NewsInternet Registry RIPE NCC Warns of Credential Stuffing AttackConcern as Attacker “Breakout” Time Halves in 2020US Retailer Kroger Admits Accellion BreachAircraft-Maker Bombardier Breached by Accellion FTA HackersLegal Firm Leaks 15,000 Cases Via the CloudKia Denies Ransomware AttackAston Martin Partners with SentinelOneCrowdStrike Slams Microsoft Over SolarWinds HackEducational Adaptation Required to Close the Cyber-Skills Gap Javvad’s Weekly Stories6000 vmware vcentre devices vulnerable to remote attacksIs Clubhouse safe, and should CISOs stop its use?Google Alerts used to launch fake Adobe Flash Player updaterHackers are using Google Alerts to help spread malwareJavvad wins 2021 Cybersecurity Professional Awards – Winners Tweet of the Week (not aired)https://twitter.com/HackingDave/status/1364945642599182344?s=20 The Little PeopleYousef Syed and security architects Come on! Like and bloody well subscribe!

This week in InfosecNot liberated from the “today in infosec” twitter account:12th February 2009: 2009: Microsoft announced a $250,000 reward for info resulting in the arrest and conviction of those responsible for the Conficker worm. As of 2018, Microsoft's offer was still open.https://web.archive.org/web/20120418094401/http://www.microsoft.com/en-us/news/press/2009/feb09/02-12confickerpr.aspxhttps://www.dailymail.co.uk/sciencetech/article-6058565/Microsoft-offering-hackers-250-000-bounty-remove-Conficker-malware.htmlhttps://twitter.com/todayininfosec/status/1227775375565918208 Billy Big BallsAfter the failure of the Facebook Phone, get ready for a Facebook Watchhttps://arstechnica.com/gadgets/2021/02/after-the-failure-of-the-facebook-phone-get-ready-for-a-facebook-watch/ Rant of the WeekPassword manager LastPass is making its free accounts effectively useless by limiting account holders to one type of device, leaving millions of users stranded.https://www.forbes.com/sites/barrycollins/2021/02/17/lastpass-breaks-free-accounts-where-to-store-your-passwords-now/?ss=cybersecurityJohn Deere being dicks:https://www.bloomberg.com/news/features/2020-03-05/farmers-fight-john-deere-over-who-gets-to-fix-an-800-000-tractor Industry NewsNearly Two-Thirds of CVEs Are Low ComplexityPolice Reportedly Arrest Egregor Ransomware MembersYandex Insider Breach Hits Nearly 5000 InboxesDuo Charged with Multimillion-Dollar Dark Web Drugs SchemeMicrosoft: 1000+ Hackers Worked on SolarWinds CampaignCentreon: Sandworm Attacks Targeted Legacy Open Source ProductNHS Phishing Scam Promises #COVID19 VaccineSingtel Breach Hits 129,000 CustomersTwo More Lazarus Group Members Indicted for North Korean Attacks Javvad’s Weekly Stories Tweet of the Weekhttps://twitter.com/torriangray/status/1361778280521605122 Come on! Like and bloody well subscribe!

10 minutes before rolling, our show notes were empty. This is what you get when you are dealing with professionals.This week in InfosecTweet of the WeekBilly Big BallsRant of the weekIndustry NewsSticky Pickle of the Week This week in Infosec(Liberated from the “today in infosec” twitter account):11th February: 1956: 'Cambridge spies' surface in MoscowTwo British diplomats who vanished in mysterious circumstances five years ago have reappeared in the Soviet Union.Guy Burgess and Donald Maclean handed a statement to four representatives from the press in a hotel room overlooking Moscow's Red Square.In their 1,000-word statement the former diplomats denied ever having been Soviet agents.They said they had come to the USSR to "work for the aim of better understanding between the Soviet Union and the West".http://news.bbc.co.uk/onthisday/hi/dates/stories/february/11/newsid_2721000/2721413.stmAgent Garbo: https://www.mi5.gov.uk/agent-garbo Billy Big Ballshttps://www.theguardian.com/business/2021/feb/12/kpmg-bill-michael-resigns-after-telling-staff-to-stop-moaningKPMG’s UK chairman, Bill Michael, has resigned after telling staff to “stop moaning” during a virtual meeting about the coronavirus pandemic and the impact of lockdown on people’s lives.Michael, who has headed the company since 2017, was speaking at a virtual town hall meeting on Monday with members of the firm’s financial services consulting team when he made the comments.The 52-year old Australian, who also said that staff should stop “playing the victim card” and described the concept of unconscious bias as being “complete and utter crap for years”, apologised and said on Friday the scandal over his comments had made his position at the accounting giant “untenable”.“I love the firm and I am truly sorry that my words have caused hurt among my colleagues and for the impact the events of this week have had on them,” Michael said. “In light of that, I regard my position as untenable and so I have decided to leave the firm. It has been a privilege to have acted as chair of KPMG. I feel hugely proud of all our people and the things they have achieved, particularly during these very challenging times.”KPMG, which said that it will undertake a “leadership election” to replace Michael in due course, has appointed senior elected board member Bina Mehta as acting UK chair.“Bill has made a huge contribution to our firm over the last 30 years, especially over the last three years as chairman, and we wish him all the best for the future,” said Mehta. Rant of the WeekFlorida county sheriff Bob Gualtieri held a remarkably clear-headed and fact-filled news conference about an attempt to poison the water supply of Oldsmar, a town of around 15,000 not far from Tampa.Gualtieri told the media that someone (they don’t know who yet) remotely accessed a computer for the city’s water treatment system (using Teamviewer) and briefly increased the amount of sodium hydroxide (a.k.a. lye used to control acidity in the water) to 100 times the normal level.“The city’s water supply was not affected,” The Tampa Bay Times reported. “A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.”https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all/ Industry NewsEuropol Breaks $14m Card Fraud RingCyber-Attacker Tries to Remotely Poison Florida CityExperts Warn of “Beg Bounty” Extortion AttemptsNew Council Will Drive UK’s Cyber-Training and StandardsScammers Selling Fake #COVID19 Vaccination Cards for Just $20Credential Theft Attacks Doubled Between 2016 and 2020UK Cops Arrest Eight in US Celeb SIM Swap CaseUN Links North Korea to $281m Crypto Exchange HeistPolitical Bias and Impulsive Behavior Open Door to Misinformation Javvad’s Weekly Stories Tweet of the Weekhttps://www.theregister.com/2021/02/11/facebook_phishing_domains/https://www.zdnet.com/article/proofpoint-sues-facebook-to-get-permission-to-use-lookalike-domains-for-phishing-tests/https://twitter.com/campuscodi/status/1359708438859776002?s=20 Sticky Pickle of the WeekYou’re the head of a trio - have been wrongfully accused of having an over-inflated ego. And you get this amazing interview and coverage in the largest magazine in the UK.How do you bring it up without reinforcing their image of you having a large ego, and being insecure of your greatness. https://edition.pagesuite-professional.co.uk/html5/reader/production/default.aspx?pubname=&edid=f73de865-57f0-49d7-9a61-318ea24773c7 Come on! Like and bloody well subscribe!

Nobody will look at Javvad in the eye again without seeing that image. It could be worse, you could have seen it live like Andy and Thom had to.This week in InfoSec(Liberated from the “today in infosec” twitter account):3rd February 2007: A former Coca-Cola secretary to a executive was convicted after stealing documents and unlaunched product samples, then conspiring with coworkers to sell them to Pepsi, which warned Coca-Cola.https://www.thestar.com/business/2007/02/03/former_coke_secretary_convicted_in_spy_case.htmlhttps://edition.cnn.com/2007/LAW/05/23/coca.cola.sentencing/https://twitter.com/todayininfosec/status/12245225616539197441st February 1952:A new method for tracking down users of unlicensed television sets was unveiled in the UK.http://news.bbc.co.uk/onthisday/hi/dates/stories/february/1/newsid_2521000/2521357.stm5th February 1953: Sweet rationing ends in BritainChildren all over Britain have been emptying out their piggy-banks and heading straight for the nearest sweet-shop as the first unrationed sweets went on sale today.Toffee apples were the biggest sellers, with sticks of nougat and liquorice strips also disappearing fast.http://news.bbc.co.uk/onthisday/hi/dates/stories/february/5/newsid_2737000/2737731.stm Rant of the WeekThe Biggest Threat to Facebook Isn’t Apple, It’s Mark ZuckerbergDuring Facebook's earnings call, the company's founder and CEO, Mark Zuckerberg, made a point of talking about the risk Apple's upcoming iOS 14 changes pose to Facebook's business. Those changes will require apps to ask permission before they are able to track users across apps and the internet. For Facebook, a company whose entire business model is built on the ability to track users, collect their data, and then sell targeted ads based on all of that information, losing the ability to track users could be a real problem. The thing is, Apple isn't stopping any app from tracking any user. It's only requiring that apps ask permission first. The real problem is that now everyone will be given a choice about whether to let Facebook track them, and the company logically assumes that most people will opt out. Suddenly people will be confronted with the reality that Facebook isn't free at all--it's just that most people weren't aware of the cost.https://www.inc.com/jason-aten/mark-zuckerberg-is-worried-apples-privacy-changes-could-be-end-of-facebook.html Tweet of the Weekhttps://twitter.com/TatianaDior/status/1357178566413287426Almost ran: https://twitter.com/fs0c131y/status/1356291273255227392?s=20 Industry NewsApprenticeships Could Solve Cyber-Skills Crisis, Say ExpertsGlobal Government Outsourcer Serco Hit by RansomwareTrickbot Trojan Back from the Dead in New CampaignMan Charged in $11m Crypto Scheme that Featured Steven SeagalSocial Media Oversharing Exposes 80% of Office WorkersData on Thousands of Foxtons Customers Posted OnlineOver Three Million US Drivers Exposed in Data BreachUS Shipping Giant Loses $7.5m in Ransomware AttackThree More Vulnerabilities Found in SolarWinds Products Javvad’s Weekly StoriesFoxtons rejects claims of slow reaction to data leakSMS Bandits owner arrested for carrying out large-scale phishing scamsRansomware attack disrupts UKRI services and web assets Billy Big BallsRansomware: A company paid millions to get their data back, but forgot to do one thing.A cautionary tale shows how organisations that fall foul of ransomware should concentrate on finding how it happened before anything else A company that fell victim to a ransomware attack and paid cyber criminals millions for the decryption key to restore their network fell victim to the exact same ransomware gang under two weeks later after failing to examine why the attack was able to happen in the first place.https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/ The Little PeopleWant to star in The Little People? Have an opinion you want to share, but don't have the social media clout to be heard?  Send us a 30-60 second voice recording and we might even play it on the show. [email protected] Come on! Like and bloody well subscribe!

This week in Infosec19th January 2012: US federal authorities shut down /Megaupload.com, a popular hub for illegal media downloads, and arrested its leaders. Hours later, the hacktivist collective Anonymous, knocked the US Department of Justice website offline.https://en.wikipedia.org/wiki/Seizure_of_Megauploadhttps://twitter.com/todayininfosec/status/1219086142428999681?s=2025th January 2003: The SQL Slammer worm was first observed. Slammer spread to the vast majority of all vulnerable hosts worldwide in 10 minutes. Yes, 10 minutes.Though Microsoft released MS02-039 to patch the buffer overflow vuln in SQL Server six months earlier, many orgs hadn't patched.https://www.wired.com/2003/07/slammer/https://twitter.com/todayininfosec/status/1221132001501007873?s=20 Tweet of the Weekhttps://www.mirror.co.uk/tv/tv-news/bbc-wales-today-viewers-gobsmacked-23391438https://twitter.com/Lovehoney/status/1354378061635063809?s=20https://twitter.com/BCredibility/status/1354514912299593729/photo/1 Industry NewsMore Malware May Be Lurking on Govt School LaptopsRussian Government Agency Warns Firms of US AttackMisconfigured Cloud Server Exposes 66,000 GamersTikTok Bug Gave Access to Contacts’ Profile DetailsUK Spies Called on to Help in Fraud FightManufacturing Giant Suffers Major Cyber-DisruptionMore Security Vendors Admit to SolarWinds AttacksConsumers Falling for $100m Clone Firm ScamsRemote Workers Could Offer Brexit Britain Cybersecurity Lifeline Javvad’s Weekly StoriesFears over cyber crime tool that can build phishing pages in real-timeShould We Be Cautious About Law Enforcement Requests for Digital Data?Nefilim Ransomware Gang Hits Jackpot with Ghost AccountLaptops handed out by Department of Education found laced with malware Billy Big BallsThe greatest pyramid scheme of 2021 so far...https://imgur.com/a/DCCpuZAhttps://www.bbc.co.uk/news/newsbeat-55841719https://twitter.com/swardley/status/1354482558147448835?s=20Thom: Financial industry wrecks entire economyJav: "we must bail them out"Thom: Senators do insider tradingAndy: "nothing we can do"Thom: Covid shuts everything downJav: "bail out big company stocks with $4 trillion"Thom: Random people do a stonk on redditAndy: "halt trading & bail out hedge funds they bankrupted" Sticky Pickle of the WeekIn October 2020, Kanye West bought Kim Kardashian West a hologram of her late father, Robert Kardashian, to celebrate her 40th birthday, bringing to the wealthy the idea of digital representations of the dead that can more authentically communicate with the living.The hologram spoke for around three minutes, directly addressing Kardashian and her decision to become a lawyer “and carry on my legacy”.Imagine you had a bank balance like Jav, and you wanted to do something for your loved ones when you’ve departed this life, how on earth do you get started with a trusted company to preserve your legacy?  What would you do in this situation?This is what someone else is doing...Microsoft has been granted a patent that would allow the company to make a chatbot using the personal information of deceased people.  The patent describes creating a bot based on the “images, voice data, social media posts, electronic messages”, and more personal information.https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-chatbot-patent-dead-b1789979.html Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” twitter account:19th January 1986: The first PC virus appeared. It was a boot sector virus called Brain, which spread via infected floppy disks to computers running MS-DOS. It was written by 2 brothers in Pakistan to protect their medical software from piracy. They later even licensed Brain.https://www.theregister.com/2006/01/19/pc_virus_at_20/https://twitter.com/todayininfosec/status/1351695480791715840Worth mentioning Mikko Hyponnen ‘s TED talk on when he went to Pakistan to meet the brothers https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net18th January 2011: Andrew Auernheimer and Daniel Spitler were arrested by FBI agents for hacking into AT&T's servers and downloading customer info in 2010. There's a lot more to the story - either you know it or you should research it.https://www.darkreading.com/risk-management/two-arrested-for-atandt-ipad-network-breach/d/d-id/1095520https://twitter.com/todayininfosec/status/1351277900834742274 Rant of the WeekGoogle threatens to pull out of Australiahttps://www.bbc.co.uk/news/world-australia-55760673 Tweet of the Weekhttps://twitter.com/DanRaywood/status/1351555439612354562Defining what disinformation is, the role it played in the attack on the Capitol, social media as a vessel to deliver messages, etc.https://www.washingtonpost.com/lifestyle/magazine/disinformation-can-be-a-very-lucrative-business-especially-if-youre-good-at-it-media-scholar-says/2021/01/19/4c842f06-4a04-11eb-a9d9-1e3ec4a928b9_story.html  https://twitter.com/washingtonpost/status/1351985551419863040 Industry NewsNSA: DNS over HTTPS Provides “False Sense of Security”Leaked #COVID19 Vaccine Data “Manipulated” to Mislead PublicEnvironmental Regulator Suffers Ransomware BlowGDPR Fines Surge 39% Over Past Year Despite #COVID19Cloud Config Error Exposes X-Rated College PicsCoin-Mining Malware Volumes Soar 53% in Q4 2020Malwarebytes: SolarWinds Hackers Read Our EmailsInterpol: Dating App Victims Lured into Investment ScamsThreat Actor Dumps 1.9 Million Pixlr Records Online Javvad’s Weekly StoriesNada. Nothing. Niet. Non.  Billy Big Balls of the WeekAditya Singh: Man found 'living in airport for three months' over Covid fearsA man too afraid to fly due to the pandemic lived undetected in a secure area of Chicago's international airport for three months, US prosecutors say.Aditya Singh, 36, was arrested on Saturday after airline staff asked him to produce his identification.He pointed to a badge, but it allegedly belonged to an operations manager who reported it missing in October.Police say Mr Singh arrived on a flight from Los Angeles to O'Hare International Airport on 19 October.https://www.bbc.co.uk/news/world-us-canada-55702003 Thom's Podcasting Desk Other StoriesGo read this report about the US military endangering passenger jets by blocking GPSGPS jamming can shut off a pilot’s access to navigation — or worsehttps://www.theverge.com/2021/1/21/22242761/us-military-gps-jamming-tests-airplane-danger Ubiquiti, maker of prosumer routers and access points, has had a data breachThe email encourages users to change their passwordshttps://www.theverge.com/2021/1/11/22226061/ubiquiti-data-breach-email-third-party-unathorized-access In hidden message on White House website, Biden calls for codershttps://www.reuters.com/article/usa-biden-digital-service/in-hidden-message-on-white-house-website-biden-calls-for-coders-idINKBN29Q08Q Bugs in Signal, other video chat apps allowed attackers to listen in on usershttps://www.helpnetsecurity.com/2021/01/21/bugs-video-chat-apps/  Come on! Like and bloody well subscribe!

The boys are back in town. Jav's return has also reduced the average age of this podcast by roughly twenty years. The good news though is that we not only have a full program, but also new jingles too!This week in InfosecLiberated from the “today in infosec” twitter account:16th January 2007: Jeffrey Goodin became the first person convicted under the US CAN-SPAM Act. He sent emails pretending to be AOL's billing department. He could have faced...wait for it...wait for it...101 years in prison! Instead, he was sentenced to 70 months. https://www.nytimes.com/2007/01/17/technology/17spam.htmlhttps://www.lawdonut.co.uk/business/marketing-and-selling/marketing-and-advertising/your-email-marketing-and-anti-spam-lawhttps://twitter.com/todayininfosec/status/121796248290962636812th January 1984: The first issue of 2600 was mailed to several dozen people. At the time, it was a 3 page monthly newsletter. 2600: The Hacker Quarterly is still published today.https://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterlyhttps://twitter.com/todayininfosec/status/1216431003721293825?s=20 Rant of the WeekTech companies have grown a pair of balls in Trump’s last days in office.  Host Unknown remembers.Twitter, Facebook, Snapchat, Shopify are just some of the companies finally taking a stand. AirBnB have cancelled reservations in DC during the week of Biden’s inaugurationhttps://www.independent.co.uk/voices/trump-ban-facebook-twitter-parler-first-amendment-b1785631.html Tweet of the WeekWhatsApp clarifies it’s not giving all your data to Facebook after surge in Signal and Telegram usersThe company is trying to contain fallout over a privacy policy update“We want to be clear that the policy update does not affect the privacy of your messages with friends or family in any way. Instead, this update includes changes related to messaging a business on WhatsApp, which is optional, and provides further transparency about how we collect and use data,” the company writes on the new FAQ page.https://www.theverge.com/2021/1/12/22226792/whatsapp-privacy-policy-response-signal-telegram-controversy-clarificationhttps://twitter.com/nickstatt/status/1349029486734565380 Industry NewsCEO Refutes Reports of Involvement in SolarWinds CampaignRyuk Ransomware Attackers Have Made $150mJav: Emotet Tops Malware Charts in December After RebootHigh Court Rules Against Government Bulk HackingOver 100,000 UN Employee Records Accessed by ResearchersUS Announces Controversial State Department Cyber-BureauChinese Startup Leaks Social Profiles of 214 Million UsersNew Malware Implant Discovered as Part of SolarWinds AttackNew Zealand Central Bank Breach Hit Other CompaniesHealthcare Hit by 187 Million Monthly Web App Attacks in 2020Microsoft Fixes Windows Defender Zero-Day BugMimecast Cert Abused to Target Inboxes in “Sophisticated” AttackEuropean Regulator: #COVID19 Vaccine Data Leaked OnlineCISA Warns of Cloud Attacks Exploiting Poor Cyber-HygieneRing Rolls-Out End-to-End Encryption to Bolster Privacy Javvad’s Weekly StoriesVulnerable Database Exposed UN Employees' DataWill the National Cyber Force make the UK safer? Industry respondsUnited Nations suffers potential data breachBest practices for building a security culture programFive Key Cybersecurity Themes from 2020 Billy Big BallsDark Market taken offlineDarkMarket, the world's largest illegal marketplace on the dark web, has been taken offline in an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom (the National Crime Agency), and the USA (DEA, FBI, and IRS). Europol supported the takedown with specialist operational analysis and coordinated the cross-gender collaborative effort of the Host Unknown countries involved.DarkMarket in figures:almost 500 000 users;more than 2 400 sellers; over 320 000 transactions;more than 4 650 bitcoin and 12 800 monero transferred. At the current rate, this corresponds to a sum of more than €140 million. The vendors on the marketplace mainly traded all kinds of drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards and malware.https://gizmodo.com/the-internets-biggest-darknet-just-got-taken-down-1846044148https://www.europol.europa.eu/newsroom/news/darkmarket-worlds-largest-illegal-dark-web-marketplace-taken-down Will we have a Little people today?No Sticky Pickle of the weekImagine the year is 2009 and you’re sitting at home eating your lunch over your laptop as you always do and you spill your drink.Laptop stops working due to the spillage, you salvage the parts you can and over time you forget about them and they get thrown out with the household rubbish.Thinking nothing of it, you hear that this particular thing you threw out is now worth money.  Over time, you watch it’s value increase phenomenally.  You attempt to follow the trail and realise that what you threw out is sitting in the council landfill site.There are no guarantees that you’ll find it but you know in your heart it’s in there and if you can rummage through the landfill, you are sure you can find it.What would you do in this situation?https://www.bbc.co.uk/news/uk-wales-55658942  Come on! Like and bloody well subscribe!

Welcome back to the New year and the new look Host Unknown, with a slightly less ethnically diverse lineup than usual, but, but still the same average quality and distinctly suspect ethics you have come to expect from Host Unknown. This week Thom displays his love of the Animaniacs, Andy has audio issues and Graham has the voice of a midnight hour radio show host. Smutty or Security?Graham wins by a nose and a euphemism. This Week in InfoSecLiberated from the “today in infosec” twitter accoun):6th January 1982: The final draft of the script for the movie WarGames was printed. Due to the Cold War and relative ignorance about remotely accessible computers, the film released in 1983 scared the hell out of politicians, the military, and adults. And inspired a generation of hackers!https://twitter.com/todayininfosec/status/1214381338028953600  8th January 1986: "The Hacker Manifesto" was written by Loyd Blankenship (aka The Mentor) and originally titled "The Conscience of a Hacker".  8 months later it was published in issue 7 of the hacker zine Phrack.http://phrack.org/issues/7/3.html#articlehttps://twitter.com/todayininfosec/status/12150268696003133449th January 2001: Macromedia, the maker of the Flash media player, claimed that Flash was secure because it was "a constrained environment by design". https://web.archive.org/web/20010123231000/http://www.zdnet.com/zdnn/stories/news/0,4586,2672473,00.htmlhttps://twitter.com/todayininfosec/status/1215067971963375616End of the road for Flashhttps://twitter.com/gcluley/status/1344822920946872320https://www.bbc.co.uk/news/technology-55497353 Rant of the Weekhttps://www.bbc.co.uk/news/technology-55573149https://threatpost.com/facebooks-mandatory-data-sharing-whatsapp-ire/162828/WhatsApp is forcing users to agree to sharing information with Facebook if they want to keep using the service.The update is designed to “offer integrations across the Facebook Company Products”, which also includes Instagram and Messenger.Some of the data that WhatsApp collects includes:User phone numbersOther people’s phone numbers stored in address booksProfile namesProfile pictures andStatus message including when a user was last onlineDiagnostic data collected from app logsThe company warns users in a pop-up notice that they "need to accept these updates to continue using WhatsApp" - or delete their accounts."Opt in, or fuck off by 8th Feb."But…. some good news!And the UK is still considered part of the “European region”, even if we’re not in the EU.  Yes, we are still Europeans in 2021!However, the new version of the privacy policy for European users explicitly says that data can be shared with other Facebook companies to show personalised advertising and offers, make suggestions for content, and "help" to complete purchases, among other reasons.What’s telling to me...In 2018, the founders of WhatsApp quit FB over disagreements about privacy and encryption.  Walking away from $850 million...https://www.theguardian.com/technology/2018/apr/30/jan-koum-whatsapp-co-founder-quits-facebookhttps://www.forbes.com/sites/parmyolson/2018/09/26/exclusive-whatsapp-cofounder-brian-acton-gives-the-inside-story-on-deletefacebook-and-why-he-left-850-million-behind/If they can walk away from $850 million, surely WhatsApp users can switch to Signal.Alternatives:SignalWickr Billy Big BallsElon Musk has become the wealthiest person on the planet, surpassing Amazon CEO Jeff Bezos, thanks to the continued rise in Tesla’s stock price. Musk is now worth around $188 billion, according to Bloomberg’s Billionaires Index.“How strange,” Musk tweeted Thursday. “Well, back to work ...”Musk eclipsing Bezos’ own extravagant personal wealth of around $187 billion marks the latest development in a years-long rivalry between the two tech magnates.https://www.theverge.com/2021/1/7/22163361/elon-musk-billionaire-richest-world-jeff-bezos-tesla-stock-spacexEncrypted messaging app Signal says it’s seeing a swell of new users signing up for the platform, so much so that the company is seeing delays in phone number verifications of new accounts across multiple cell providers.As for what or who is responsible for so many new users interested in trying the platform, which is operated by the nonprofit Signal Foundation, there are two likely culprits: Tesla CEO Elon Musk and Signal competitor WhatsApp.https://www.theverge.com/2021/1/7/22218989/signal-new-signups-whatsapp-facebook-privacy-controversy-elon-musk Industry NewsNYSE to Delist Chinese Telcos on National Security GroundsOne Million Compromised Accounts Found at Top Gaming FirmsMicrosoft: SolarWinds Attackers Viewed Our Source CodeNYSE U-Turn Means Chinese Telcos Escape DelistingChinese APT Group Linked to Ransomware AttacksRansomware Surge Drives 45% Increase in Healthcare Cyber-AttacksUS: Fewer Than 10 Govt Agencies Hit by SolarWinds AttackMost Public Sector Victims Refuse to Pay Ransomware GangsDark Web User Numbers Spiked During #COVID19 LockdownOver a Third of TMT Firms Hit by Security Breach in 2020Social Media Neuters Trump’s Accounts After Fans Storm CapitolDoJ: SolarWinds Attackers Hit Thousands of O365 Inboxes Tweet)s) of the WeekGraham from the Smashing Security podcast: @modesty_blaise0: Due to travel restrictions, the USA had to organize a coup at home this year.https://twitter.com/modesty_blaise0/status/1346965502703198208Andy: @ChatGotNextYou can’t even do this shit on GTAhttps://twitter.com/ChatGotNext/status/1346911137439223822Thom:@YousefMunayyerWe spend $750 billion annually on "defense" and the center of American government fell in two hours to the duck dynasty and the guy in the chewbacca bikinihttps://twitter.com/YousefMunayyer/status/1347026407294201863Graham from the Smashing Security podcast:@bocxtopit’s literally harder to sign into gmail from a new device than it is to breach the capitol wallshttps://twitter.com/bocxtop/status/1347003538468204545Andy:@notvikingstarting to think it’d actually be incredibly easy to steal the declaration of independencehttps://twitter.com/notviking/status/1346923223489736704Thom: (serious)@Olivia_BeaversIf there is still any question about how rhetoric can manifest into action, that question has been answered today.https://twitter.com/Olivia_Beavers/status/1346901714767642630 They Pushed Me Out And Maced Me Sticky Pickle of the WeekSticky Pickle of the WeekSticky Pickle of the WeekGraham applies his razor sharp mind to this weeks triple sticky pickle. US nuclear launch codes were 00000000  Come on! Like and bloody well subscribe!

This might be the last episode of the week, but that doesn't mean we scraped the barrel (except maybe for The Little People, but Jav has had a written warning for that already). Andy misunderstands the concept of "this week in infosec" and Thom tries to hold it together while juggling his newly acquired career in the security industry.Your usual tasty festive treats this week are:This Week in InfosecLiberated from the “today in infosec” twitter account:5th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? The identification of 10.5 billion compromised accounts.https://twitter.com/todayininfosec/status/1335020238765744129?s=208th December 2020: December 8, FireEye, a well-known security firm, announced that they had experienced a security incident that involved the theft of  FireEye Red Team tools – the date of the incident was not revealed. Reportedly, evidence suggests that the compromise may have been carried out by a Russian nation-state threat actor “with top-tier offensive capabilities.” Per the blog post announcing the hack and authored by FireEye CEO Kevin Mandia, it appears that the attackers were also interested in the details related to FireEye customers that are government agencies. FireEye has engaged the FBI for this investigation.https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html Tweet of the Weekhttps://twitter.com/GrazianoDennis/status/1336796234120646662?s=20 Billy Big Balls3 Reasons Scientists Endure Social Media Trolls And Attackshttps://www.forbes.com/sites/marshallshepherd/2020/12/06/3-reasons-scientists-endure-social-media-trolls-and-attacks/?sh=668e1fb8424c Industry News#WebSummit: Nick Clegg Claims Internet Needs Accountability, Not RulesRansomware Set for Evolution in Attack Capabilities in 20212020: The Most Vulnerable Year Yet?Thales and Google Cloud Partner for External Encryption Key Management#BHEU: Collision of Cyber-Communities Creating Tension and Risk#BHEU: Focus on Security Fundamentals, Not Adversarial SophisticationData Loss Reports to ICO Increase Once Again#BHEU: North Korea’s Cyber-Offense Strategy Evolving to Focus on International Economic Targets Jav's industry NewsNear three in ten of workers furloughed feel less loyal to their employer post-furloughBusiness Executives’ Logins Sold on Russian Hacking Forum; Accounts Can Be Used for BEC ScamsPower banks could infect your smartphone with malwareExperts On Clop Ransomware Attacking Retail Giant E-LandCredential Stuffing Attack Targeted Spotify, Affecting More Than 300,000 AccountsSouth Korean retail giant E-Land Retail suffers Clop ransomware attack Rant of the WeekA new lawsuit brought by one of Apple’s oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant’s power.The lawsuit was filed on Thursday by the maker of Cydia, a once-popular app store for the iPhone that launched in 2007, before Apple created its own version. The lawsuit alleges that Apple used anti-competitive means to nearly destroy Cydia, clearing the way for the App Store, which Cydia’s attorneys say has a monopoly over software distribution on iOS, Apple’s mobile operating system.https://www.washingtonpost.com/technology/2020/12/10/cydia-apple-lawsuit/https://twitter.com/ihackbanme/status/1337079701756493825?s=20 The Little PeopleDon't go there. Seriously, just skip ahead. Look Back on the YearJanuary:Travelex: Travelex services were pulled offline following a malware infection. The company itself and businesses using the platform to provide currency exchange services were all affected.February:Estée Lauder: 440 million internal records were reportedly exposed due to middleware security failures. March:Marriott: The hotel chain suffered a cyberattack in which email accounts were infiltrated. 5.2 million hotel guests were impacted. April:Nintendo: Nintendo said 160,000 users were impacted by a mass account hijacking account caused by the NNID legacy login system.May:EasyJet: The budget airline revealed a data breach exposing data belonging to nine million customers, including some financial records.Blackbaud: The cloud service provider was hit by ransomware operators who hijacked customer systems. The company later paid a ransom to stop client data from being leaked online.June:University of California SF: The university paid a $1.14 million ransom to hackers in order to save COVID-19 research.July:MGM Resorts: A hacker put the records of 142 million MGM guests online for sale.August:Experian, South Africa: Experian's South African branch disclosed a data breach impacting 24 million customers. September:NS8: The CEO of the cyberfraud startup was accused of defrauding investors out of $123 million.October:Dickey's: The US barbeque restaurant chain suffered a point-of-sale attack between July 2019 and August 2020. Three million customers had their card details later posted online. November:Manchester United: Manchester United football club said it was investigating a security incident impacting internal systems.Fake Zoom invite cripples Aussie hedge fund with $8m hitDecember:FireEye: FireEye disclosed a cyberattack, suspected to be the work of a nation-state group. The cybersecurity firm said the hack resulted in penetration tools being stolen. The Dead DonkeyMicrosoft discloses fewest vulnerabilities in a month since JanuaryDescription: Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January. There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity exploits, and the remainder are considered "important." Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.https://blog.talosintelligence.com/2020/12/microsoft-patch-tuesday-dec-2020-.html Come on! Like and bloody well subscribe!

The penultimate episode of the year, so only one more to go until you have the full set for 2020.This week in Infosec(Liberated from the “today in infosec” twitter account):3rd December 1980: The Australian Law Reform Commission chairman called for new laws to deal with "computer crime". He said the old definition of theft was not apt for a "fleeting, transient medium, the ephemeral flicker of a screen or information stored on a disc..."https://trove.nla.gov.au/newspaper/article/126161975https://twitter.com/todayininfosec/status/1334231500448034824?s=201st December 2012: Pepsi Cola's official website in the Philippines has been hacked by the Malaysian hacker group Cyb3rSeC.The hackers did not come across any sensitive information, but changed the appearance of the website. https://www.flashback.se/artikel/2637/pepsi-cola-hackadehttp://www.zone-h.org/mirror/id/18675231?hz=1https://www.securityfocus.com/news/389 Tweet of the Weekhttps://twitter.com/BriannaWu/status/1333150373599715329?s=19  Billy Big Ballshttps://www.vice.com/en/article/4ad3jm/watch-google-hacker-ha-26-iphones-with-zero-day-exploitWatch This Google Hacker Pwn 26 iPhones With a 'WiFi Broadcast Packet of Death'A Google security researcher found bugs that allowed him to take over nearby iPhones with a Raspberry Pi and just $100 in WiFi gear. Industry NewsExperts Call for Online Fake News to Be Addressed as #COVID19 Vaccine EmergesHow to Reduce Fake News in Online AdvertisingRemote Workers Admit Lack of Security Training#thinkcybersec: Reconsider Hiring Strategies to Meet 2021’s Digital Challenges#thinkcybersec: Don’t Presume Legacy Tech is a Negative ThingSalesforce Set to Acquire Slack for $27bnNative Cloud Security Controls Still “Not Good Enough”#WebSummit: Companies of the Future Should Focus on Data Privacy Rather than Data Collection Jav’s industry newsMicrosoft’s New Productivity Score And Workplace Tracking: Here’s The ProblemThere’s no vaccine for ransomwareRemote Workers Admit Lack of Security TrainingMicrosoft 365: Corporate Privacy Invader Masked As A Collaboration Tool?NHS Error Exposes Data on Hundreds of Patients and StaffSales of CEO email accounts may give cyber criminals access to the "crown jewels" of a company Infosec Stig is moving on from 17th December: https://www.infosecurity-magazine.com/editorial/final-shot-farewell/ Rant of the weekhttps://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillanceMicrosoft has apologised for enabling a feature, “productivity score”, which critics said was tantamount to workplace surveillance.The company says it will now make changes to the service, which lets IT administrators “help their people get the most” from its products, in order to limit the amount of information about individual employees that is shared with managers. The Little PeopleIs it Leslie Show or William Lau? @lausecurity Come on! Like and bloody well subscribe!

Trigger warning, this episode is over an hour long; do not time anything with the length of this episode. This Week in InfoSec21st November 2008: The Conficker worm was first discovered. It spread quickly by exploiting a vulnerability that was addressed via the patch described in Microsoft's out-of-band bulletin MS08-067 four weeks prior. It infected millions of computers, at the time more than any worm since 2003.https://twitter.com/todayininfosec/status/1330292959766573056?s=2022nd November 1987: Chicago TV stations WGN and WTTW had their signals overridden in 2 separate incidents by a man in a Max Headroom mask. To this day, the perpetrator is unknown. The second incident was...uh...wow...just wow. It's a must-watch.  Video: https://youtu.be/tWdgAMYjYSshttps://allthatsinteresting.com/max-headroom-hackhttps://twitter.com/todayininfosec/status/1330512600539521027?s=2024th November 2014: The Washington Post published an article which included a picture of TSA master keys. As a result, a short time later functional keys were 3-d printed using the [unblurred] key patterns displayed in the picture.  https://www.washingtonpost.com/local/trafficandcommuting/where-oh-where-did-my-luggage-go/2014/11/24/16d168c6-69da-11e4-a31c-77759fc1eacc_story.htmlhttps://twitter.com/todayininfosec/status/1331385955916402690?s=20 Tweet of the Weekhttps://twitter.com/geoffbelknap/status/1331690657170157568?s=20An outage with Amazon's web infrastructure left smart-home enthusiasts unable to use basic household items.Amazon Web Services is a huge part of the company's business and the backbone of the internet's most popular sites and services.A widespread US outage late on Wednesday disrupted many of those services.Robot vacuums and smart doorbells suddenly stopped working in people's homes.https://www.bbc.co.uk/news/technology-55087054I Cut the 'Big Five' Tech Giants From My Life. It Was Hellhttps://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194 Billy Big BallsA Hacker Nearly Stole $8 Million From An Aussie Hedge Fund Using A Fake Zoom InviteA fake Zoom invite has led to the demise of a successful Sydney-based hedge fund and nearly cost it $8.7million after a hacker was able to send off fake invoices on behalf of the firm.On Monday, the AFR reported that Levitas Capital was forced to close after its major client Australian Catholic Super withdrew its funds in the wake of the September cyber attack.The hedge fund's cyber investigators have pinpointed a fake Zoom invite opened by one of the fund's cofounders Michael Fagan or Michael Brookes.https://www.gizmodo.com.au/2020/11/a-hacker-nearly-stole-8-million-from-an-aussie-hedge-fund-using-a-fake-zoom-invite/ Lost All The Money! Industry NewsMicrosoft Announces Pluton Processor for Better Hardware Security#ISSE2020: Focus on 2020's Crypto Successes Rather than Efforts to Break itNCSC Issues Warning About Expected #BlackFriday Scams#COVID19 Drives Massive Multi-Cloud AdoptionFines Less of a Concern than Reputational Damage for Public Sector SecurityHome Depot Settles with US States Over 2014 Data BreachDDoS Attacks Against Online Retailers Increase Four-Fold During PandemicDefining Codes of Conduct to Enable Post Brexit GDPR ComplianceGDPR Has Had Successes, Requires Public Knowledge of Data Spread Javvad's Weekly NewsUp to 350,000 Spotify Users Targeted by Credential StuffersBeware of Black Friday Deals That Are Too Good To Be TrueData Breach of Online Kids’ Game Exposed Personal Data of 46 Million Parents and ChildrenSpotify Hit by Credential Stuffing Attack, 300K+ Accounts VulnerableFraud Operation Targets Spotify Users With Leaked DatabaseThom calling it:Manchester United Investigating Cybersecurity IncidentUK Football Club Says No Evidence of Fan Data Being Breachedhttps://www.databreachtoday.eu/manchester-united-investigating-cybersecurity-incident-a-15438 Rant of the WeekLeaked docs from inside Amazon’s Global Security Operations Center reveal company’s use of Pinkerton operatives—private intel—to spy on workers and the extensive monitoring of labor unions, environmental activists, and other social movementshttps://www.vice.com/en/article/5dp3yn/amazon-leaked-reports-expose-spying-warehouse-workers-labor-union-environmental-groups-social-movementshttps://twitter.com/josephfcox/status/1330924178875109376?s=20 The Little PeopleThis week we are joined by the opinionated but equally correct Tricia Howard @TriciaKicksSaaS  Come on! Like and bloody well subscribe!

Join us for possibly the most incompetently performed and produced infosec podcast available today. At least we have some of your favourites to share and enjoy: This week in InfoSec(Liberated from the “today in infosec” twitter account):14th November 1990: During an NBC News broadcast, two computer hackers from the hacker group MOD identified only by the aliases "Acid Phreak", "Phiber Optik" and “Scorpion” took responsibility for posting the "Happy Thanksgiving" message on the Learning Link's system after destroying data on it.https://twitter.com/todayininfosec/status/1327615750564179970?s=2016th November 2000: The FBI released a second batch of documents related to its Carnivore email surveillance program as a result of a FOIA request by EPIC.https://www.cnet.com/news/new-documents-shed-more-light-on-fbis-carnivore/https://twitter.com/todayininfosec/status/1328481891901726721?s=20 Tweet of the Weekhttps://twitter.com/lapcatsoftware/status/1326990296412991489?s=20https://9to5mac.com/2020/11/15/apple-explains-addresses-mac-privacy-concerns/https://appleinsider.com/articles/20/11/15/big-sur-telling-apple-what-app-youve-opened-isnt-a-security-or-privacy-issue Billy Big Balls of the WeekTimothy John Watson of Ransom, West Virginia, was arrested by federal agents this week for selling full-auto AR-15 sears disguised as “portable wall hangers” from a website dubbed portablewallhanger.com (still up as of 11/5 @ 2:07PM).The product is ostensibly designed to hang keys, lanyards, and other small objects in a place where they can be easily accessed because, according to the site, “searching for your keys really sucks!”They even provide a helpful assembly video.https://www.gunsamerica.com/digest/man-selling-full-auto-ar-15-sears-as-portable-wall-hangers/ Industry NewsIT Leaders Reliant on Data for Threat Insight#ISSE2020: Look to Decentralized (Rather than Legacy) Identity ApprovalsEmployees Have Access to an Average of 10 Million Files#ISSE2020: ‘Real’ Digital Identity Can Exist with New TechnologyIncrease in Ransomware Sophistication and Leverage of Legacy Malware Predicted for 2021#DxPsummit: Use Quarantine in Your Ransomware Recovery#DxPsummit: How Zoom Met 2020’s Security ChallengesMoD Receives Funding Boost and Confirms Increase in Cyber-Spending Javvad's Weekly StoriesLazarus malware deployed in South Korea supply chain hackData belonging to 27.7M Texas drivers stolen in latest case of unsecured storageAnimal Jam Hacked, 46M Records Roam the Dark Web Rant of the WeekA Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x The Little PeopleSeriously? You honestly thought Jav could get a hot-trick of these together? Jog on!  Come on! Like and bloody well subscribe!

 Haribo feature heavily this week, with Andy and Jav fighting over how much and how they should be delivered.This Week in InfoSec(Liberated from the “today in infosec” twitter account):5th November 1993: The Bugtraq mailing list was created by Scott Chasin.In 1995 it became the property of SecurityFocus, in 2002 Symantec acquired SecurityFocus, and the last message was posted to the list on February 25th, 2020, with no explanation from Symantec. https://en.m.wikipedia.org/wiki/Bugtraqhttps://twitter.com/todayininfosec/status/1324497907245109248?s=2013th November 2012: John McAfee went into hiding because his neighbor Gregory Faull was found dead from a gunshot the day before. Belize police wanted McAfee to come in for questioning, but McAfee stated the police were “out to get him”.https://www.theguardian.com/world/2012/nov/14/john-mcafee-hiding-businessman-murderhttps://twitter.com/todayininfosec/status/1326993312247656451?s=20 Billy Big BallsChris Nikic becomes first person with Down's syndrome to finish an Ironman triathlonhttps://www.bbc.co.uk/sport/triathlon/54869998Please consider donating here:https://www.charityextra.com/noahsarkmoments Rant of the WeekRansomware Group Turns to Facebook Adshttps://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-adsMark Zuckerberg defends not suspending Steve Bannon from Facebook https://www.theguardian.com/technology/2020/nov/12/mark-zuckerberg-steve-bannon-facebook-fauci-ban Industry NewsHas the Rise of Identity Seen the Death of Anonymity?Price Dropped on Hacked Educational RDP DetailsMalicious Use of SSL Increases as Attackers Deploy Hidden Attacks#EdgeLive: DDoS Attacks Are Evolving into Extortion-Led RDoS Campaigns#EdgeLive: Stopping API Attacks with Bot MitigationTop Ten: Things Learned from the (ISC)2 Workforce Study#EdgeLive: Phishing Attacks Now Targeting Enterprise SpecificsPSD2 Faces Further Delays as UK Lags Behind European ComplianceRecommendations Accepted in Advancement for EU Data Protection Transfers Tweet of the Weekhttps://twitter.com/phil_branigan1/status/1324761080762163203?s=20But also a story brought to our attention by @mat: Google Photos is ending unlimited storage and people are not happyhttps://mashable.com/article/google-photos-ends-unlimited-free-storage/?europe=truehttps://twitter.com/mat/status/1326593729860231168?s=20 The Little PeopleThe marvellously moustachioed Christian Toon Come on! Like and bloody well subscribe!

 The fourth member of the Host Unknown trio, Carole Theriault, joins the podcast to bring an air of respectability to proceedings. Needless to say it was an uphill struggle. This weeks show brings you, dear listener:Smut or SecurityDo you know the difference between your smut and your security? This Week in InfoSec (Liberated from the “today in infosec” twitter account):30th October 2001:  The author of the Nimda worm released a new variant that was functionally identical, but included a comment that it should be referred to as Concept Virus, not Nimda. It didn't happen - it got named Nimda.e. That’s right bitches.https://twitter.com/todayininfosec/status/1322141461949927424?s=2030th October 2013: Adobe revealed that a breach of 2.9 million customer accounts made public 3 weeks earlier actually affected 38 million users.https://nakedsecurity.sophos.com/2013/10/30/adobe-breach-thirteen-times-worse-than-thought-38-million-users-affected/https://twitter.com/todayininfosec/status/1322306716114001920?s=2031st October 2005: Winternals researcher Mark Russinovich posted to his blog a detailed description and technical analysis of F4I's XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD.https://web.archive.org/web/20150317040653/http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspxhttps://twitter.com/todayininfosec/status/1322629012540157952?s=202nd November 1988: The Morris worm spread like wildfire and was the first worm to get wide media attention.After its author, Robert Tappan Morris, released his "experiment", it quickly spread and made many of the systems on the Internet unusable - an epoch for security...both good and bad. It was one of the first computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It also resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act.https://twitter.com/todayininfosec/status/1323248705164791814?s=20 Tweet of the WeekFlushing Away Preconceptions of Riskhttps://twitter.com/StevenShorrock/status/1323335595465318401?s=20https://www.independent.co.uk/news/uk/home-news/bacteria-toilets-flush-lid-closed-b1535481.html Double Rant of the week #1The Poilce in the US struck a deal with Amazon to violate peoples Ringshttps://www.eff.org/deeplinks/2020/11/police-will-pilot-program-live-stream-amazon-ring-camerasThe police surveillance center in Jackson, Mississippi, will be conducting a 45-day pilot program to live stream the security cameras, including Amazon Ring cameras, of participating residents.While people buy Ring cameras and put them on their front door to keep their packages safe, police use them to build comprehensive CCTV camera networks blanketing whole neighborhoods. says the EFFOnly a few months ago, Jackson stood up for its residents, becoming the first city in the southern United States to ban police use of face recognition technology. Clearly, this is a city that understands invasive surveillance technology when it sees it, and knows when police have overstepped their ability to invade privacy.  Industry NewsPing Identity Acquires Symphonic to Boost API and Data Security OfferingFlorida Invests in Security Controls Ahead of #Election2020NCSC Partners with Microsoft to Support Cyber Accelerator ProgramGoogle Forms Used In Password-Stealing Spree: What You Need To Know Double Rant of the week #2Carole's Nasty Tweet (no screenshot, the nob deleted it. The Little PeopleWe were joined by Smashing Security's Terry Graham.  Come on! Like and bloody well subscribe!

Our presenters delve into their darkest secrets from the past,  the internet is rebooted, the logs cleared, and cats play havoc with your home security (according to your training programme).This week in Infosec24th October 2010: 2010: Eric Butler announced Firefox extension Firesheep's release at Toorcon, making HTTP session hijacking on open Wi-Fi trivial.Today, by far, high traffic sites redirect HTTP requests by default - so 90% of Internet web traffic is encrypted. That long tail though? Sad face. https://twitter.com/todayininfosec/status/1320095119857561603?s=2027th October 1980: ARPANET ground to a halt because a bad status message propagated, causing all IMPs (routers) to exhaust memory. The solution? Reboot all IMPs! Yep, a reboot.This incident was such a big deal that the case study of it was published as RFC 789.https://twitter.com/todayininfosec/status/1321054719863828481?s=20 Tweet of the Weekhttps://twitter.com/KathsBurgess/status/1321509257431449600?s=20Very good awareness video: Billy Big Ballshttps://www.huffingtonpost.co.uk/entry/no-woolworths-is-not-returning-to-the-uks-high-streets_uk_5f97f50ec5b6b74d85f459ccHere to save 2020! Woolworths is coming back to your high street, as a physical store!A couple of legal things to get sorted, but we’re full steam ahead at Woolworths HQ.We want to get this right, so we need your help. What do you want at your UK #YourWoolworths?https://www.standard.co.uk/news/uk/woolworths-reopening-prank-student-a4573379.html Industry NewsUS and UK Issue Sanctions to Iran and RussiaAmazon Warns Users of Insider Disclosing Details to Third PartyReport: Application Flaws Being Fixed Faster Although Bugs PersistAkamai Boosts Mobile Security Offering with Asavie Acqusition Rant of the weekhttps://www.theregister.com/2020/10/26/finland_psychotherapy_clinic_ransom_attack/A Finnish psychotherapy centre was hit by hackers who stole therapy session notes – before threatening patients of the clinic with ransom demands amid selective dark web leaks of stolen material."Psychotherapy Center Vastaamo has been the victim of data breaches and blackmail," said the Helsinki-based clinical chain late last week (in Finnish), adding: "In recent days, the blackmailer has published sections of the information he obtained during the hacking. Now the blackmailer has begun to approach the victims of the breach with blackmail letters demanding a ransom." The Little PeopleMadelaine Howard of Cygenta and the NCSC Come on! Like and bloody well subscribe!

Perhaps a total IQ of 197 is a little ambitious, as this podcast clearly shows:This Week in InfoSec20th October 1995: Mudge published "How to Write Buffer Overflows", one of the first papers about buffer overflow exploitation. Then @dotMudge sent a copy to @aleph_one, who wrote "Smashing the Stack For Fun and Profit" in 1996. Seminal paper to seminal paper.https://insecure.org/stf/mudge_buffer_overflow_tutorial.htmlhttps://twitter.com/todayininfosec/status/1318551462000185353?s=2020th October 2006: IBM announced it had completed its acquisition of Internet Security Systems, Inc. (ISS).https://twitter.com/todayininfosec/status/1318652004894412808?s=20Billy Big BallsJavvad wouldn't say who he chose this week...https://news.sky.com/story/goldman-snubs-2bn-darktrace-float-amid-lynch-extradition-battle-12075941Sky News has learnt that Goldman has declined to seek a role on the initial public offering (IPO) of Darktrace, a leading player in the provision of artificial intelligence (AI) cybersecurity services. Tweet of the Weekhttps://twitter.com/wimremes/status/1318981442114867201?s=20 Industry NewsElection Security and Confidence Can Be Enabled Through Public-Private PartnershipsBA GDPR Data Breach Fine Lowered to £20m Due to COVID-19DDoS Attacks Triple in Size as Ransom Demands Re-EmergeModern Attacks Include Supply Chain "Hopping" and Reversing Agile Environments#InfosecurityOnline: Beware of Malicious URLs and Rogue Redirects#InfosecurityOnline: Consider Flexible Training for Different Skill SetsTrust in Remote Working Tools Declines as Need for Security Increases#InfosecurityOnline: Are the Cloud and Automation Driving or Hindering Your Business?#InfosecurityOnline: Tactics for Defending Against Credential Stuffing Rant of the WeekContributions from: @notameadow @astr0sec @Sinwindie @ginger_hax @Jaysonstreet @Mattjay @chrisculling @zwned @krypt3ia @0xBanana @gossithedog @secops_and_hops @dfirsamurai @stuarthare @lee_holmeshttps://en.wikipedia.org/wiki/List_of_burn_centers_in_the_United_States The Little People  Come on! Like and bloody well subscribe!

 All your regular Host Unknown goodness, proof we really are part of your five a day. This Week in InfoSec10th October 1990: The case of black hat hacker Kevin Poulsen aired on Unsolved Mysteries, 7 years after he went on the run. https://apnews.com/article/5998a45685b94e569c76c1908497d320https://twitter.com/todayininfosec/status/1314988791153790978?s=2014th October 2003: Microsoft launched its first Patch Tuesday, its program to release security updates the second Tuesday each month.https://twitter.com/todayininfosec/status/1316542893079834625?s=20 Tweet of the Weekhttps://www.huffingtonpost.co.uk/entry/government-branded-ad-telling-a-ballet-dancer-to-retrain-slammed-for-lack-of-respect-for-the-arts_uk_5f841a6ec5b62f97bac5140a?ncid=APPLENEWS00001&guccounter=1https://twitter.com/AnneVosser/status/1315419252783034368?s=20   Billy Big Balls of the Week(Not sure where we’re going with this one) Industry NewsGlobal Privacy Control Launched to Offer Users Greater Internet TrustGov-Linked “Fatima” Cybersecurity Career Advert Removed After BacklashHackney Hacked as Council Investigates AttackSecurity Serious Unsung Heroes Awards Winners AnnouncedRansomware Victims Struggle to Recover, Hire and Spend on Threat PreventionGovernment CIOs Praised for Pandemic Response, Better Collaboration Required Jav didn’t win a security serious award - boohooBut Jav did make another list, and it’s not the kind he’s usually on… https://onalytica.com/blog/posts/whos-who-in-cybersecurity/ Rant of the Weekhttps://www.independent.co.uk/life-style/scarlett-london-instagram-death-threats-blogger-twitter-viral-a8520311.htmlA London-based blogger has revealed that she received death threats after a tweet mocking one of her Instagram posts went viral.Scarlett Dixon, 24, posted a picture on Instagram of herself sitting in bed drinking a cup of tea.The blogger, who has 45,600 followers on the photo- and video-sharing social network under her blog name, Scarlett London, added that the picture was a sponsored post in collaboration with Listerine. The Little PeopleMagda de Jager Host Unknown at a Conference Come on! Like and bloody well subscribe!

Your regular features and even more, such as vegan sweets, Host Unknown imposters, Jav appears in the press with the same quote for different stories, and HMRC incompetence.Vegan sweetshttps://www.thejealouslife.com/products/tropical-wonderWill the real Host Unknown please stand up? This Week in Infosec5th October 1991: The Linux kernel was released by Linus Torvalds."This is a program for hackers by a hacker." -Linus Benedict TorvaldsFor those keeping score at home, he said "hacker[s]" 4 times in his post to the comp.os.minix newsgroup.https://twitter.com/todayininfosec/status/1313239418682179585?s=204th October 2005: The Samy worm, the first self-propagating cross-site scripting worm, was released onto the-then-mega-popular MySpace by Samy Kamkar.https://twitter.com/todayininfosec/status/1312752236712333312?s=204th October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault.https://twitter.com/todayininfosec/status/1312589059559170050?s=20 Tweet of the Week Billy Big balls of the Weekhttps://twitter.com/repshalala/status/1313187148540137474?s=21 Industry NewsFormer Australian PM Talks Importance of Cyber AwarenessHMRC Hit by Multiple Phishing and Spam EmailsEndpoint Security Primary Pain Point in 2020 Food Delivery Service Chowbus Experiences Data Breach Boards Increase Investment in Cybersecurity in Face of Threats and Regulatory Fines Rant of the Weekhttps://www.verdict.co.uk/excel-coronavirus-test-data/It has emerged that almost 16,000 cases were delayed in being transferred to the test-and-trace system because the government was using an Excel spreadsheet to store the data, with an individual column for each case.This reportedly caused problems because the maximum number of columns on an Excel spreadsheet is 16,384, meaning the sheet exceeded its maximum size and so failed to update, preventing the coronavirus test data from updating.Notably, if rows had been used instead, the problem would have been avoided, as Excel supports up to 1,048,576, although many experts are arguing that the software is wholly unsuited to the purpose at all.“If indeed the government was using Excel to track Covid cases, it is a wholly inappropriate use of the tool,” said Javvad Malik, security awareness advocate at KnowBe4.“Excel is a very good spreadsheet, but it has its limitations and in no way ever intended to be used as a database.” Come on! Like and bloody well subscribe!

It has been a quiet week, but Host Unknown still provides the goods. Admittedly the goods have come from Lidl.This Week in Infosec25th September 2003: A report critical of Microsoft, "CyberInsecurity - The Cost of Monopoly", was published. As a result, Dan Geer, one of seven co-authors of the report, was fired by @stake. https://cryptome.org/cyberinsecurity.htm#Fired30th Sept 2009: "Schneier on Security" was published. It consisted of a compilation of articles Bruce Schneier wrote between 2002 and 2008. Billy Big Balls Tweet of the Weekhttps://twitter.com/J4vv4D/status/1311682834738929665?s=20Industry NewsIvanti Adds VPN and MDM Technolgies in Double AcquisitionResearch: Cloud Skills and Solutions Are in Short SupplyUK Receives 2020 European CYBERSEC Award#DTXNOW: Time to Remove Security from ITTechnical and Cost Concerns of Passwordless Authentication Bother Security Leaders Rant of the Weekhttps://twitter.com/hacks4pancakes/status/1311295830838710273?s=20https://collider.com/hackers-movie-sequel-reboot-details/   Monkey Business Illusion / Invisible Gorilla:https://youtu.be/IGQmdoK_ZfYhttps://www.itsecurityguru.org/2020/09/23/the-invisible-risk/Drinking quotes: https://imgur.com/gallery/i0Wt7 Come on! Like and bloody well subscribe!

Andy's microphone is miraculously fixed, Thom's story is broken and Jav joins The Lemon Party.This Week in InfoSec19th September 2011: Thai Duong and Juliano Rizzo demonstrated a proof of concept at the Ekoparty security conference to decrypt encrypted cookies, exploiting a vulnerability in TLS 1.0 and earlier. They named the attack BEAST (Browser Exploit Against SSL/TLS.https://www.theregister.com/2011/09/19/beast_exploits_paypal_ssl/21st Sept 1996: An email began spreading about a destructive virus named Irina. Friend of the show Graham Cluley discovered it was a hoax "marketing ploy" from Penguin Books.http://web.archive.org/web/20170924094557/http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/static/vdat/ephoaxes.htmBilly Big Balls of the WeekHow to Sell Protest Footage to FOX AND CNNhttps://youtu.be/xiYZ__Ww02c“This isn’t even satire anymore. You are just giving away industry secrets.” Rant of the Weekhttps://www.epicgames.com/help/en-US/epic-accounts-c74/general-support-c79/how-do-i-delete-my-epic-games-account-a3636Industry NewsActivision Denies Hacking Claims Over Leaked AccountsUncomplicated Cyber Insurance Program LaunchedCisco: Ensure Collaboration to Better Survive Remote WorkingCisco: How Real is a Passwordless Future?Shopify Insiders Attempted to Steal Customer Transactional RecordsDoes Cybersecurity Have a Public Image Problem?Tweet of the WeekSwitching off a faulty telly sees internet speeds increase"The source of the ‘electrical noise’ was traced to a property in the village. It turned out that at 7:00 am every morning the occupant would switch on their old TV which would in-turn knock out broadband for the entire village,"https://twitter.com/BBCWalesNews/status/1308315605272080386Fake News! TV Did Not Wipe Out aa Villages Internet!  Come on! Like and bloody well subscribe!

It's definitely episode 24 and don't let anyone tell you otherwise.This week in Infosec17th Sept 2003: Court documents were unsealed which showed that Melissa virus author David Smith began working with the FBI within weeks of his 1999 arresthttp://web.archive.org/web/20030922234951/http://ap.tbo.com/ap/breaking/MGA2Q265QKD.html18th Sept 2014: Apple announced that the iOS 8 operating system (used on iPhone and iPad) would encrypt data by default for the first time. A day later Google made a similar announcement pertaining to Android.Tweet of the WeekThis weeks Tweet of the Week is from the second best Infosec Podcast after we discovered they crowdsource their content (which is why it’s probably better than ours):https://twitter.com/SmashinSecurity/status/1305801947149225986?s=20Billy Big Balls of the WeekBest security blog post you'll ever read - better than 90% of blackhat / defcon talks “When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number”https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagramIndustry NewsZero Trust Adoption Increases During Lockdown#GartnerSEC: Professionals Survived #COVID19 as Businesses Relied on Security#GartnerSEC: Top Projects for 2020 Include Authentication, Risk Management and Cloud#GartnerSEC: Five Steps to Ensuring Board Engagement#GartnerSEC: #COVID19 Created New Roles, More Data Collection and Flexible Businesses#GartnerSEC: Rewrite Recruitment Strategies to Fit New Roles and Career PathsOutbound Email Errors Cause 93% Increase in Breaches#GartnerSEC: Top Trends for Risk and Security Include Cloud, Automation and Privacy#GartnerSEC: How Midsized Enterprises Can Recover from RansomwareDDoS Attacks Hit 1 Tbps in 2020Universities Face Increase in Ransomware Attacks as Students ReturnRant of the WeekFirst rule of twitter - rather than just praise someone and applaud them for good work... make it all about you Novi Sad, Serbian Gangster (not for the faint of heart... unpleasantness abounds) https://newsbeezer.com/serbiaeng/the-novi-sad-attacker-is-the-director-of-the-company-that-founded-the-maxbet-bookmakers/ Come on! Like and bloody well subscribe!

Lest we forget. It is a scant 12 months since Host Unknown released this onto their unsuspecting public:Lost all the MoneyTweet of the Weekhttps://twitter.com/happygeek/status/1302582251159519233?s=20Billy Big Balls of the Weekhttps://www.bbc.co.uk/news/world-africa-54051424Industry Newshttps://www.infosecurity-magazine.com/news/incidents-third-ico-reports/https://www.infosecurity-magazine.com/news/credit-skimmer-1500/https://www.infosecurity-magazine.com/news/ransomware-2020-election/https://www.infosecurity-magazine.com/news/bsides-london-44con-cancel-2020/https://www.infosecurity-magazine.com/news/smbs-invest-budget-firewall/https://www.infosecurity-magazine.com/news/businesses-insider-breaches/https://www.infosecurity-magazine.com/news/threatconnect-nehemiah-quantifier/Rant of the WeekEntitlement and job searches.no notes supplied... Come on! Like and bloody well subscribe!

The now world famous Jav and Thom take Andy to task for not being as famous as them and not appearing on the recent InfoSecurity Magazine front cover. Next week's Little People will be by Andy.This week we have:Tweet of the Weekhttps://twitter.com/WBLooneyTunes/status/1301375017515712513Billy Big Balls Industry Newshttps://www.infosecurity-magazine.com/news/covid19-spam-emails-analyzed/https://www.infosecurity-magazine.com/news/fake-login-detections/https://www.infosecurity-magazine.com/news/tls-certificates-398/https://www.infosecurity-magazine.com/news/dhs-biometric-collection-rules/Rant of the WeekThe Little PeopleThe spectacularly lovely, furry and moist James McQuiggan Come on! Like and bloody well subscribe!

Marital advice, PETA safe hobbies, Aimee Laycock and Cardi B's WAP. We are nothing if not varied.The Little People (Part 1)Aimee Laycock talks about ResearchTweet of the Weekhttps://www.wired.com/story/how-four-brothers-allegedly-fleeced-19-million-amazon/Billy Big Ballshttps://www.zdnet.com/article/russian-arrested-for-trying-to-recruit-an-insider-and-hack-a-nevada-company/Industry Newshttps://www.infosecurity-magazine.com/news/palo-alto-crypsis/https://www.infosecurity-magazine.com/news/tls-vpn-flaws-tester/https://www.infosecurity-magazine.com/news/bt-security-vendor-partners/Rant of the Weekhttps://www.linkedin.com/posts/brianbrackenborough_im-more-sympathetic-than-ive-ever-been-activity-6704317848841420801-lYr-/The Little People (Part 2)Aimee Laycock is still talking about Research. Come on! Like and bloody well subscribe!

The one without Jav. Mostly.Tweet of the WeekKnowBe4 release thier Organisational Cyber Security Culture Research Report, and no registration wall to download it!https://www.knowbe4.com/organizational-cyber-security-culture-research-reportBilly Big BallsAthena Health guy holds his hands up after Host Unknown attentionIndustry Newshttps://www.infosecurity-magazine.com/news/reported-data-breaches-down-2020/https://www.infosecurity-magazine.com/news/huawei-phones-updates-ban/https://www.infosecurity-magazine.com/news/outsource-cyber-services/Rant of the weekhttps://www.theregister.com/2020/08/20/uber_sullivan_chargesAs Uber's chief security officer, Joe Sullivan broke the law by hushing up the theft of millions of people's details from the app maker's databases by hackers, prosecutors say.Sullivan, 52, formerly of eBay, Facebook, and PayPal, was today charged with obstruction of justice and misprision – concealing knowledge of a crime from law enforcement – by the US District Attorney for Northern California, an office he briefly worked for back in the day. These come with potentially five and three-year prison sentences, respectively, and a fine of up to $250,000 apiece. Come on! Like and bloody well subscribe!

Technical issues abound, and the boys nearly miss this episode. It started slow, but we warmed up by the end. TRIGGER WARNING: Jimmy SavilleIn this episode:Tweet of the WeekHamptons He-Hooker for Hire Hoses High Class Hussieshttps://twitter.com/jaimeprimak/status/1292653091582615552?s=21 Billy Big BallsHealthcare Hissy-Fit Highlights His Holier-than-though Haughtiness   Rant of the WeekPhone Provider Pisses off Parent of Premium Pioneerhttps://twitter.com/mikko/status/1291718787507662849 The Little PeopleJust kidding, Jav let us down again. Come on! Like and bloody well subscribe!

The episode where Andy's redundant broadband connections both fail, mid podcast. Don't worry, we fixed it in post and you would never notice.Tweet of the WeekTik Tok doesn't do anything untoward with your data.https://twitter.com/fs0c131y/status/1290229777870159873?s=20http://appleinsider.com/articles/20/08/04/apple-allegedly-in-the-running-to-buy-tiktokBilly Big Balls of the WeekLow paid servitude in LAhttps://twitter.com/taylorlorenz/status/1289245991346925574?s=21Rant of the WeekAndy gets upset with a clients "problem statement"The Little PeopleJust kidding, not this week, although Thom retracts his statement that Lee Munson is "some nobody from my distant past" and that they regularly exchange Christmas cards.  Come on! Like and bloody well subscribe!

This weeks show is sponsored, demonstrating Host Unknown's 200% performance increase year on year when it comes to sponsorship deals. Who wouldn't want to be a sponsor of our show with those stats?Andy's Percy Pig Problemhttps://twitter.com/trevolafoam/status/1288364716004450304?s=20Thom's Bonobo Problem Jav's Instagram Problemhttps://www.independent.co.uk/life-style/gadgets-and-tech/news/instagram-camera-spying-iphone-ios-14-feature-bug-a9641286.html... and the much anticipated return of the little people with the ineffable Lee Munson.That's a full show, and yet we still manage to fit in Industry news and an offer of free advertising for anyone who took out lifetime sponsorship packages at Peerlyst, which unfortunately closed its doors this week.  Come on! Like and bloody well subscribe!

It's a day late, it was Thom's fault, but the episode is all the better for it (probably).This episode is bought to you by Thom's mum (I am so sorry Mum, they made me do it...).Tweet of the weekDaniel Cuthbert's hair talks sense on the latest static testing tools.https://twitter.com/dcuthbert/status/1286226224172404738?s=20Billy Big Balls of the WeekJav drives traffic to his content through the news of the new Meow Bot worm.https://www.forbes.com/sites/daveywinder/2020/07/22/not-all-internet-cats-are-cute-meow-bot-is-a-database-destroyer/#264687e930e2Rant of the WeekAndy unknowingly drives traffic to Jav's content on an awful breach response.https://www.computerweekly.com/news/252486556/A-question-of-trust-University-and-supplier-on-the-hook-for-data-breachThe Little PeopleJav has a surprise for us in the little people. Not.This weeks show also features Thom's amazing Mother, Sheila Langford. Love you Mum! xxx  Come on! Like and bloody well subscribe!

Tweet of the Weekhttps://news.sky.com/story/twitter-accounts-of-obama-biden-musk-and-others-hacked-in-apparent-bitcoin-scam-12029394https://javvadmalik.com/2020/07/16/twittersupport-a-lesson-in-incident-response-comms/Billy Big BallsIndustry NewsRant of the Weekhttps://twitter.com/TriciaKicksSaaS/status/1283721814896771072?s=20Oh, and Carole Baskin as well. Come on! Like and bloody well subscribe!

If you thought Avengers was the greatest crossover event of all time, hold our beer.Host Unknown was sans Jav this week, but we were crashed by the Friends of the Show, Smashing Security. We managed to get the Tweet of the Week and Billy Big Balls before we were rudely crashed by the fragrant Carole Theriault and the plummy Graham Cluley.Four grenades recovered by police.Industry News.Ranting about the copy clipboard scandal.It then pretty much goes off the rails.Thank you Carole and Graham for you assistance in filling the Jav sized ego space in the podcast.  Come on! Like and bloody well subscribe!