This week in InfoSec tells the tale of DES’s dastardly demise Rant of the Week Is another slap on the wrist for losing your spit Billy Big Balls show Reddit’s woes are continuing Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week Is a story of layers (and possible cages)
This week in InfoSec (10:26)
With content liberated from the “today in infosec” twitter account and further afield
17th June 1997: A group of users organised over the Internet cracked the Data Encryption Standard — the strongest legally exportable encryption software in the United States to that point — after only five months of work. The United States at the time banned the export of stronger encryption software out of fear that it would be used by terrorists, but companies designing the software claimed such restrictions were worthless because foreign countries offer much stronger programs. The US eventually relaxed certain restrictions but to this day still claims to exert authority over encryption technologies under the commerce clause.
17th June 1983: The movie "Superman III" was released. Gus Gorman lands a data entry job at Webscoe Industries, hacks into its computer systems, and funnels all of the half-cents into his next check, accruing $85,789.90. This type of crime would later be named "salami slicing".
https://twitter.com/todayininfosec/status/1405615484091916294
Rant of the Week (15:16)
FTC accuses DNA testing company of lying about dumping samples
The Federal Trade Commission has alleged that genetic testing firm 1Health.io, also known as Vitagene, deceived people when it said it would dispose of their physical DNA sample as well as their collected health data.
To make matters worse, the FTC also alleged in a consent order made public last week that the company didn't secure the information properly, and further, that it changed its privacy policy retroactively without properly notifying or getting consent from people whose data the company had already collected – people who had signed a different, earlier version of the policy.
Under the proposed settlement, Vitagene/1Health.io will have to sharpen its data protection practices and put into place procedures to keep them sharp, as well as a pay a fine. The company has neither admitted nor denied any of the allegations.
Billy Big Balls of the Week (24:29)
Reddit confirms BlackCat gang pinched some data
Reddit this week confirmed ransomware gang BlackCat, aka AlphaV, broke into its corporate systems in February.
The crew just the other day had bragged it stole 80GB from the biz, and had demanded the social media company pay $4.5 million to keep a lid on the data as well as ditch its controversial API pricing changes.
A spokesperson for Reddit declined to comment on BlackCat's specific boasts, and insisted it's not the result of a fresh intrusion. The theft happened a few months ago, and was the result of a "sophisticated phishing campaign" against its staff that Reddit said it encountered on February 5 and disclosed on February 9.
See also: Reddit hackers demand $4.5 million ransom and API pricing changes
Industry News (31:14)
US Offers $10m Reward For MOVEit Attackers
Smart Pet Feeders Expose Personal Data
Security Researchers Uncover New Spyware Implant TriangleDB
#InfosecurityEurope: Hackers Are the Immune System of the Digital Age
#InfosecurityEurope: It’s Time to Think Creatively to Combat Skills Shortages
#InfosecurityEurope: Drones Contain Over 156 Different Cyber Threats, Angoka Research Finds
RedEyes Group Targets Individuals with Wiretapping Malware
US Justice Department Launches New National Security Cyber Section
Apple Addresses Exploited Security Flaws in iOS, macOS and Safari
Tweet of the Week (41:36)
https://twitter.com/tarah/status/1671691691965939712
----
Back up story: Mark Zuckerberg is ready to fight Elon Musk in a cage match