This week in InfoSec gets farked Rant of the Week tries hard to find the value in cyber insurance Billy Big Balls Janet Jackson (yes, that Janet Jackson) is the muse for a new CVE Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is a new security certification you didn’t know you qualified for
This week in InfoSec
With content liberated from the “today in infosec” twitter account and further afield
18th August 2003: The Nachi worm began infecting Windows computers to remove the Blaster worm and patch the vulnerability Nachi and Blaster exploited. Yes, you read that right. Yes, this happened. Gotta love it!
https://twitter.com/todayininfosec/status/1163142725740331008
17th August 2007: Drew Curtis, founder of http://Fark.com, accused Darrell Phillips, reporter at Fox13, of hacking into the social networking news site
https://twitter.com/todayininfosec/status/1162868155015761920
Rant of the Week
PC store told it can't claim full cyber-crime insurance after social-engineering attack
A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.
SJ Computers alleged in a November lawsuit [PDF] that Travelers Casualty and Surety Co. owed it far more than paid on a claim for nearly $600,000 in losses due to a successful business email compromise (BEC) attack.
According to its website, SJ Computers is a Microsoft Authorized Refurbisher, reselling Dell, HP, Lenovo and Acer products, as well as providing tech services including software installs and upgrades.
Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud. The motion was granted [PDF] with prejudice last Friday.
Billy Big Balls of the Week
Janet Jackson music video declared a cybersecurity exploit
The music video for Janet Jackson's 1989 pop hit Rhythm Nation has been recognized as a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers.
"A colleague of mine shared a story from Windows XP product support," wrote Microsoft blogger Raymond Chen.
The story detailed how "a major computer manufacturer discovered that playing the music video for Janet Jackson's Rhythm Nation would crash certain models of laptops."
Further investigation revealed that multiple manufacturers' machines also crashed. Sometimes playing the video on one laptop would crash another nearby laptop. This is mysterious because the song isn't actually that bad.
Investigation revealed that all the crashing laptops shared the same 5400 RPM hard disk drive.
"It turns out that the song contained one of the natural resonant frequencies for the model of 5400 RPM laptop hard drives that they and other manufacturers used," Chen wrote.
The manufacturer that found the problem apparently added a custom filter in the audio pipeline to detect and remove the offending frequencies during audio playback.
Industry News
Critical Infrastructure at Risk as Thousands of VNC Instances Exposed
Three Extradited from UK to US on $5m BEC Charges
Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels
Water Company Says Supply Safe After Ransom Group Claims
Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium
Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data
Bug Bounty Giant Slams Quality of Vendor Patching
Suspected Russian Money Launderer Extradited to US
Hackers Deploy Bumblebee Loader to Breach Target Networks
Tweet of the Week
