This week in InfoSec talks Clipper Chip Rant of the Week brings us the latest on the Indian Government doubling down on their cybersecurity requirements Billy Big Balls is a review of the latest episode of Black Mirror Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week talks about bragging
This week in InfoSec (12:04)
With content liberated from the “today in infosec” twitter account and further afield
24th June 1998: The NSA published the Skipjack encryption algorithm used by the Clipper chip, after the algorithm was declassified.
https://twitter.com/todayininfosec/status/1275882063753699328
24th June 2012: In the wake of the Flashback botnet which targeted Macs, Apple removed a statement from its website bragging that OS X isn't susceptible to viruses.
Apple removes claim that ‘Macs don’t get PC viruses’
https://twitter.com/todayininfosec/status/1275969494330949632
Rant of the Week (19:12)
Government employees banned from using VPNs in India
In the latest chapter of India's ongoing battle against online privacy software, government employees are now barred from using third-party VPN services.
The new directive came following the decision of some of the best VPNs to shut down their Indian servers amid privacy concerns over new data law. So far, ExpressVPN, Surfshark and NordVPN have all announced they will physically leave the country before CERT-in directives come into force on June 27.
All this was discovered because:
Indian government issues confidential infosec guidance to staff – who leak it
India's government last week issued confidential information security guidelines that calls on the 30 million plus workers it employs to adopt better work practices – and as if to prove a point, the document quickly leaked on a government website.
The document, and the measures it contains, suggest infosec could be somewhat loose across India's government sector.
"The increasing adoption and use of ICT has increased the attack surface and threat perception to government, due to lack of proper cyber security practices followed on the ground," the document opens.
Billy Big Balls of the Week (28:13)
Amazon can't channel the dead, but its deepfake voices take a close second
In the latest episode of Black Mirror, a vast megacorp sells AI software that learns to mimic the voice of a deceased woman whose husband sits weeping over a smart speaker, listening to her dulcet tones.
Only joking – it's Amazon, and this is real life. The experimental feature of the company's virtual assistant, Alexa, was announced at an Amazon conference in Las Vegas on Wednesday.
Rohit Prasad, head scientist for Alexa AI, described the tech as a means to build trust between human and machine, enabling Alexa to "make the memories last" when "so many of us have lost someone we love" during the pandemic.
In an explanatory video, Amazon showed a child asking: "Alexa, can Grandma finish reading me The Wizard of Oz?" at which point the assistant's normally artificial voice shifted gears into a softer, more natural timbre. The point being that it's supposed to convincingly sound like the kid's grandma.
Industry News (36:07)
BRATA Android Malware Group Now Classified As Advanced Persistent Threat
Former Amazon Worker Convicted of Capital One Data Breach
Google Chrome Extensions Could Be Used to Track Users Online
New DFSCoerce NTLM Relay Attack Enables Hackers to Perform Windows Domain Takeover
Cloudflare Outage Knocks Hundreds of Websites Offline
US Bank Data Breach Impacts Over 1.5 Million Customers
Euro Cops Dismantle Multimillion-Dollar Phishing Gang
Yodel Cyber Incident Disrupts UK Deliveries
Less Than Half of Organizations Have Open Source Security Policy
Cloudflare lava lamps:
https://www.cloudflare.com/en-gb/learning/ssl/lava-lamp-encryption/
Michael Reeves goldfish trading
Tweet of the Week (44:01)
https://twitter.com/InfosecEditor/status/1539992708617568261
