The Host Unknown Podcast

Episode 136 - The old man is in New York

Episode Summary

With Thom in New York, your favourite host, Andy, and his sidekick, Javvad, bring you unresearched opinions on security news from around the globe. This week in InfoSec takes us back to rioters preferred mode of secure communication Rant of the Week is a some monkey business deja vu Billy Big Balls is a competitive smackdown Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is why you should use Duck Duck Go

Episode Notes

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

  1. 19th January 1999: BlackBerry Introduced

RIM introduces the BlackBerry. The original BlackBerry devices were not phones, but instead were the first mobile devices that could do real-time e-mail. They looked like big pagers. They way the story goes, the name “BlackBerry” came from the similarity that the buttons on the original device had to the surface of a blackberry fruit. Those crazy Canadians!

  1. 17th January 1994: Supreme Court Rules on Home VCR Recordings

The US Supreme Court rules 5-4 that private use of home VCRs to tape TV programs for later viewing does not violate federal copyright laws. This ruling opens the floodgate for VCR sales, changing the landscape of TV watching forever.


Rant of the Week

Mailchimp 'fesses up to second digital burglary in five months

Email marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack.

This is the second data spill in five months and yet the company, bought by Intuit for $12 billion in September 2021, continues to tell customers – with a straight face – that it takes the "security of users' data seriously."

The latest digital burglary happened on January 11 when the resident security team spotted an "unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration," the company blog states.


Billy Big Balls of the Week

Illegal Solaris darknet market hijacked by competitor Kraken

Solaris, a large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named 'Kraken,' who claims to have hacked it on January 13, 2022.

The Tor site of Solaris currently redirects to Kraken, while blockchain monitoring experts at Elliptic report no movements in the cryptocurrency addresses associated with the site after January 13, 2022.

Taking down competitors

Solaris was a Russian-speaking platform reportedly affiliated with Killnet, a pro-Kremlin hacktivist group that launched several DDoS attacks against organizations in the western world in 2022.

Elliptic has traced several donations from Solaris to Killnet, amounting to more than $44,000 worth of Bitcoin. The DDoS group presumably used this money to purchase more firepower for launching disruptive attacks.

In December 2022, Ukrainian cyber-intelligence analyst Alex Holden claimed to have breached Solaris and stolen $25,000, which was donated to a humanitarian charity in Ukraine.

While Solaris disputed the claims about the hack and called out the lack of evidence, Holden later released more details and leaked source code and databases allegedly associated with the marketplace.

On Friday, January 13, 2023, Kraken announced they had taken over Solaris' infrastructure, GitLab repository, and all project sources, thanks to "several huge bugs in the code."

Kraken's statement claims that it took them three days to steal the clear text passwords and keys stored in Solaris' servers, access its infrastructure located in Finland, and then download everything without anyone stopping them.

Finally, the attackers said they disabled Solaris' Bitcoin server, which aligns with Elliptic's observations in the blockchain.


Industry News

European Businesses Admit Major Privacy Skills Gap

Nissan Supplier Leaked Data on Thousands of Customers

ChatGPT Creates Polymorphic Malware

1000 Shipping Vessels Impacted by Ransomware Attack

Over Four Billion People Affected By Internet Censorship in 2022

FTX: Over $400m Stolen from Bankrupt Exchange

Mailchimp Hit By Another Data Breach Following Employee Hack

ThreatModeler Makes DevSecOps More Accessible With New Marketplace

Roaming Mantis' Hacking Campaign Adds DNS Changer to Mobile App


Tweet of the Week 


These are the Google searches Brian Walshe made before and after killing his wife Ana Walshe, according to prosecutors