This week in InfoSec talks voting systems Rant of the Week asks Parliament to engage with yoof without using the PLA Billy Big Balls unlocks the secrets behind making millions in coin Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week exposes the secrets behind becoming a Whitehat hacker
This week in InfoSec (9:23)
With content liberated from the “today in infosec” twitter account and further afield
29th July 1985: An article in the New York Times cited multiple experts who alleged the vote counting systems of Computer Election Systems are vulnerable to tampering.
Yep. Election systems vulnerabilities aren't a new phenomenon. Not even close.
COMPUTERIZED SYSTEMS FOR VOTING SEEN AS VULNERABLE TO TAMPERING
https://twitter.com/todayininfosec/status/1156078284603416582
30th July 2013: Chelsea Manning was found guilty of espionage, theft, and computer fraud, as well as military infractions.
https://twitter.com/todayininfosec/status/1288925289465208834
6th August 1997: Microsoft Buys $150M of Apple stock. In an effort to help save Apple Computer and possibly deflect criticism in its own anti-trust trial, Microsoft Corp. buys $150 million in shares of Apple Computer Inc. Apple, which had been struggling to find direction and profits for years, agreed to the boost in funding with terms that dictated cooperation in the design of computers as well as shared patents. Microsoft agreed to continue supporting MS-Office for the Mac for another five years as well.
Rant of the Week (18:11)
India scraps data protection law in favor of better law coming … sometime
The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will – eventually – unveil a superior bill.
The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows. It also included restrictions on sharing of personal data without explicit consent, proposed establishment of a new Data Protection Authority within the government, and more.
On Wednesday, telecom minister Ashwini Vaishnaw tweeted that the bill was nixed because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill's 99 sections.
"Therefore the bill has been withdrawn and a new bill will be presented for public consultation," said Vaishnaw.
and...
UK Parliament bins its TikTok account over China surveillance fears
Plan to educate the children turned out to be a 'won't someone think of the children?' moment
The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Beijing.
The existence of the account saw half a dozen MPs write to the presiding officers of the Houses of Lords and Commons — Lord McFall of Alcluith and Sir Lindsay Hoyle, respectively — to ask for the account to be discontinued.
"While efforts made to engage young people in the history and functioning of parliament should always be welcomed, we cannot and should not legitimise the use of an app which has been described by tech experts as 'essentially Chinese government spyware'," wrote MPs Nusrat Ghani, Tim Loughton, Sir Iain Duncan Smith, Tom Tugendhat, plus Lord Alton of Liverpool and Baroness Kennedy of the Shaws.
Billy Big Balls of the Week (26:21)
Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
A now-former T-Mobile US store stole at least 50 employees' work credentials to run a phone unlocking and unblocking service that prosecutors said netted $25 million.
Argishti Khudaverdyan, 44, of Burbank, California, was found guilty of 14 criminal charges [PDF] by a US federal jury on Friday.
According to the Dept of Justice, Khudaverdyan co-owned a T-Mobile US store in Los Angeles, operating as a business called Top Tier Solutions, for about five months in 2017.
T-Mo ended its contract with Khudaverdyan in June 2017 after being sketched out by his suspicious use of the carrier's computer system. It turned out he had been unlocking phones for customers without T-Mobile US's permission so that the devices could be used on different networks.
Even after the self-styled un-carrier gave him the boot, he continued his illicit scheme, advertising unlocking and unblocking services through brokers, email spam, and websites that Khudaverdyan and Gharehbagloo controlled, such as unlocks247[.]com and swiftunlocked[.]com.
Industry News (33:37)
UK’s Top 10 Universities Failing on DMARC
Thousands of Apps Leaking Twitter API Keys
LockBit Ransomware Exploits Windows Defender to Sideload Cobalt Strike Payload
Tory Leadership Voting Delayed Over Security Concerns
T-Mobile Retailer Guilty of $25m Fraud Scheme
xperts Warn of Fake Football Ticket Scams
Ukraine Shutters Major Russian Bot Farm
Users Still in the Dark Over $5m Theft From Blockchain Firm Solana
CREST and OWASP Partner on Verification Standard Program
Tweet of the Week (40:16)
https://twitter.com/AndrewMohawk/status/1555430194743111683?s=20