This week in InfoSec is a story about a catalyst for change Rant of the Week puts the X-it in BreXit Billy Big Balls asks why no one thought of this before Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week brings us full circle
This week in InfoSec (07:11)
With content liberated from the “today in infosec” twitter account and further afield
26th October 2006: Christopher Soghoian created a website allowing visitors to generate fake airlines boarding passes. A congressman called for his arrest, his ISP shut down his site, the FBI raided his home, and then the same congressman said DHS should hire him. His career since? Notable.
https://twitter.com/todayininfosec/status/1717530966229475523
24th October 2010: Eric Butler announced Firefox extension Firesheep's release at Toorcon, making HTTP session hijacking on open Wi-Fi trivial. Today >95% of websites have enabled HTTPS and efforts like browser HTTPS-Only mode have largely eliminated the risk. A security industry success!
https://twitter.com/todayininfosec/status/1716990537171918976
Rant of the Week (16:00)
First Brexit, now X-it: Musk 'considering' pulling platform from EU over probe
Elon Musk is said to be toying with the idea of withdrawing access to X in the European Union rather than go to the effort of complying with the bloc's Digital Services Act.
As The Register reported last week, His Muskiness had a rather public spat on the website with Thierry Breton, EU Commissioner for Internal Market, who was simply reminding social media platforms of their content moderation obligations under the law.
This was particularly in light of renewed hostilities between Israel and Hamas, and the potential disinformation campaigns that had begun swirling online. Meta, TikTok, and YouTube were also sent letters.
"Free speech absolutist" Musk's response was sarcastic and juvenile, the kind of smack talk that would get a teen grounded. It would take a couple of days for the adult in the room, CEO Linda Yaccarino, to get a formal response written.
However, by then the EU had indicated that X was now under investigation on account of its designation as Very Large Online Platform under the Digital Services Act, which means it has to follow rules regarding how it handles illegal content among many other things.
Since Musk increasingly appears to see obeying the law as optional for him, it would be very unlike the X owner to actually do anything, and whispers out of the company seem to support this.
That most watertight of sources, "a person familiar with the matter," told Insider that Musk "has discussed simply removing the app's availability in the region, or blocking users in the European Union from accessing it," much like how Meta's Threads declined to launch in the EU because it was unwilling and/or unable to meet the union's onerous data protection and privacy requirements.
Twitter, which was once intensely moderated, has become a wild west of violence, misinformation, disinformation, racism, and hardcore pornography. Many of the website's rules judging what users can and can't post have been screwed up and tossed in the trash.
Billy Big Balls of the Week (26:45)
US and South Korean authorities have updated their guidance on how to avoid hiring North Korean agents seeking work as freelance IT practitioners
Thousands of North Korean techies are thought to prowl the world’s freelance platforms seeking work outside the Republic. Kim Jong Un’s regime uses the workers to earn hard currency, and infiltrate organizations they work for to steal secrets and plant malware. The FBI has previously warned employers to watch for suspicious behavior such as logging in from multiple IP addresses, working odd hours, and inconsistencies in name spellings across different online platforms.
The updated advice adds other indicators that freelancer you are thinking about hiring could be a North Korean plant, including:
The updated guidance suggests requiring recruitment companies to document their background checking processes, to be sure that they can screen out North Korean stooges.
Conducting your own due diligence on workers suggested by recruiters is also recommended.
Industry News (33:45)
Okta Breached Via Stolen Credential
Generative AI Can Save Phishers Two Days of Work
AI to Create Demand for Digital Trust Professionals, ISACA Survey Finds
AWS: Security Not a Priority For a Third of SMBs
Humans Need to Rethink Trust in the Wake of Generative AI
UK Parliament Opens Inquiry into Cyber-Resilience
CISA Releases Cybersecurity Toolkit For Healthcare
Europol: Police Must Start Planning For Post-Quantum Future
UK IT Pros Express Concerns About C-Suite’s Generative AI Ambitions
NADINE DORRIES: I Googled my name, and learnt all about Big Tech!
https://www.dailymail.co.uk/debate/article-12663701/NADINE-DORRIES-Googled-learnt-Big-Tech.html
https://twitter.com/AdamBienkov/status/1716735397802233947
“Nadine Dorries, who until last year was in charge of digital regulation in the UK, says tech executives have “big dials” which they deliberately use to “nudge opinion ever leftwards” and suggests this was somehow hidden from her when she met them”
Tweet of the Week (41:05)
