This week in InfoSec is somewhat lost on Jav, why didn’t we keep Graham on? Rant of the Week proves that Elon isn’t finished with us yet Billy Big Balls is India’s take on “Whassssuuuuup” Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is straight from the Internet hall of fame
This week in InfoSec (09:16)
With content liberated from the “today in infosec” twitter account and further afield
11th May 1997: Deep Blue Defeats Kasparov in Tournament Match
The IBM computer and artificial intelligence Deep Blue defeats reigning chess champion and one of the greatest chess players of all time, Garry Kasparov, in the 6th and deciding game of a tournament match, thus becoming the first time a computer defeated a chess champion in match play. A year earlier, Deep Blue had bested Kasparov in 2 individual games but
Kasparov eventually won the match 4-2. This time, after being reprogrammed and upgraded, the 1997 Deep Blue, capable of calculating 200 million moves per second, won 2 matches out of 6 vs Kasparov’s 1 victory and 3 draws. After the defeat Kasparov asked for a rematch but IBM declined and retired Deep Blue.
The defeat of a reigning chess champion at the hands of artificial intelligence made headlines around the world and marked a milestone in the development of AI and machine learning. From this early landmark moment, the advancement of computing power and machine learning has created even more powerful artificial intelligence. Kasparov in 2016 stated that “Today you can buy a chess engine for your laptop that will beat Deep Blue quite easily”.
9th May 1996: Linux Gets Happy Feet
Linus Torvalds describes in an e-mail to a mailing list his conception of what he believes should be the logo for the Linux operating system. This is what soon becomes Tux the penguin, the “brand character” for Linux. Perhaps had he known the movie Happy Feet would be released a little over 10 years later, he would have chosen a Warbler instead.
Rant of the Week (15:24)
Twitter rolls out encrypted DMs, but only for paying accounts
Twitter has launched its 'Encrypted Direct Messages' feature allowing paid Twitter Blue subscribers to send end-to-end encrypted messages to other users on the platform.
End-to-end encryption (E2EE) uses private and public key pairs to encrypt information sent over the internet so that only the sender and the recipient can read it.
The private decryption key is only stored on the sender's device and is not shared with anyone else. However, the public encryption key is shared with others who want to send you encrypted data.
As the private decryption key is only stored on the local recipient's device and never stored anywhere else along the way, such as on the messaging app's servers, even if someone intercepts the message, they won't be able to read it without the decryption key.
End-to-end encrypted DMs on Twitter have been a sought-after and massively requested feature that was teased and retracted in 2018.
Last November, mobile researcher Jane Manchun Wong noticed that the source code of
Twitter for Android hinted at work towards implementing an E2EE system, with Elon Musk all but confirming the suspicions.
Almost half a year later, Twitter officially announced today the availability of an encrypted messages feature on the latest version of the Twitter apps for iOS and Android and on the web platform.
Based on the details in the announcement, which mentions using a device-generated private key and a centrally-provided public key, Twitter has implemented an asymmetric encryption scheme.
Billy Big Balls of the Week (23:18)
India to send official whassup to WhatsApp after massive spamstorm
India's IT minister Rajeev Chandrasekhar will ask WhatsApp to explain what's up, after the Meta-owned messaging service experienced a dramatic increase in spam calls.
India is the largest market for WhatsApp, with over 450 million users – many of whom have in the last couple of weeks received plenty of spam calls from overseas. Many of the calls involve fake job offers, usually with a request to negotiate the gig on a different messaging platform – which makes tracking the perps harder.
The timing of that spam storm is intriguing. On May 1, Indian carriers were required to implement AI-powered spam call filters. As The Register reported in November 2022, the AI-infused system was developed after a blockchain-based spam-buster bombed.
Might scammers have turned to WhatsApp after conventional carriers hardened up?
Whatever the exact reasons for WhatsApp being whacked, Chandrasekhar is not happy about the amount of spam it's carried. He told local media his ministry will send a "please explain" missive to WhatsApp.
HP
https://twitter.com/dcuthbert/status/1656926678096986112?s=20
Industry News (30:35)
Only 39% of IT Security Decision-Makers See it As Business Enabler
CISOs Worried About Personal Liability For Breaches
EU's Client-Side Scanning Plans Could be Unlawful
NextGen Healthcare Data Breach: One Million Patient Records Affected
Spanish Police Arrest 40 in Phishing Gang Bust
NSA and Allies Uncover Russian Snake Malware Network in 50+ Countries
Twitter Hacker Admits Guilt in New York Court, Extradited from Spain
NCSC and ICO Dispel Incident Reporting Myths
Threat Actors Use Babuk Code to Build Hypervisor Ransomware
Tweet of the Week (39:15)
Tweet of the Week is the part of the show where everyone chooses a tweet they like. It could be a funny tweet, an interesting tweet they’ve read, educational, amusing, or useful, whatever they like. It doesn’t have to be security-related necessarily.
[Better not be!]