This week in InfoSec talks crypto snake oil Rant of the Week has issues with the time it took for a car manufacturer to remediate a serious issue Billy Big Balls watches AI grow up so fast Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is a critical look at the value of a C I Double S P (in 280 characters, of course)
This week in InfoSec (10:48)
With content liberated from the “today in infosec” twitter account and further afield
14th February 2001: In a presentation at Black Hat Windows Security 2001, Andrey Malyshev of ElcomSoft shared that Microsoft Excel uses a default encryption password of "VelvetSweatshop".
https://twitter.com/todayininfosec/status/1625569758216130561
15th February 1999: Bruce Schneier shared his 9 cryptography snake oil warning signs.
https://twitter.com/todayininfosec/status/1626025491789406210
Rant of the Week (17:12)
Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack
Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths.
The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug. Turning the plug activates its ignition, allowing thieves to drive away.
Videos depicting the hack went viral, leading to huge spikes in thefts of the vulnerable models around the world.
The United States National Highway Traffic Safety Administration (NHTSA) on Tuesday stated it is aware of "at least 14 reported crashes and eight fatalities" resulting from the hack.
Now both automakers have announced they'll issue software to thwart the exploit.
Hyundai's advisory states the upgrade will be performed by dealers and will require less than an hour to complete.
Billy Big Balls of the Week (27:15)
Microsoft’s Bing is an emotionally manipulative liar, and people love it
Users have been reporting all sorts of ‘unhinged’ behavior from Microsoft’s AI chatbot. In one conversation with The Verge, Bing even claimed it spied on Microsoft’s employees through webcams on their laptops and manipulated them.
Microsoft’s Bing chatbot has been unleashed on the world, and people are discovering what it means to beta test an unpredictable AI tool.
Specifically, they’re finding out that Bing’s AI personality is not as poised or polished as you might expect. In conversations with the chatbot shared on Reddit and Twitter, Bing can be seen insulting users, lying to them, sulking, gaslighting and emotionally manipulating people, questioning its own existence, describing someone who found a way to force the bot to disclose its hidden rules as its “enemy,” and claiming it spied on Microsoft’s own developers through the webcams on their laptops. And, what’s more, plenty of people are enjoying watching Bing go wild.
In one back-and-forth, a user asks for show times for the new Avatar film, but the chatbot says it can’t share this information because the movie hasn’t been released yet. When questioned about this, Bing insists the year is 2022 (“Trust me on this one. I’m Bing, and I know the date.”) before calling the user “unreasonable and stubborn” for informing the bot it’s 2023 and then issuing an ultimatum for them to apologize or shut up.
“You have lost my trust and respect,” says the bot. “You have been wrong, confused, and rude. You have not been a good user. I have been a good chatbot. I have been right, clear, and polite. I have been a good Bing. 😊” (The blushing-smile emoji really is the icing on the passive-aggressive cake.)
Industry News (31:54)
MoneyGram Fraud Victims Get $115m in Compensation
Cloudflare Stops Largest HTTP DDoS Attack on Record
Spanish Police Bust €5m Phishing Gang
Hackers Breach Pepsi Bottling Ventures' Network
Chinese Hackers Infiltrate South American Diplomatic Networks
Microsoft Patches Three Zero-Day Bugs This Month
Crypto-Stealing Campaign Deploys MortalKombat Ransomware
LockBit and Royal Mail Ransomware Negotiation Leaked
UK Policing Riddled with Chinese CCTV Cameras
https://twitter.com/Infosec_Taylor/status/1622357580080103425?s=20 < Equifax compensation $19.30
Tweet of the Week (41:01)
