The Host Unknown Podcast

Episode 175 - The Sam Altman Free Episode

Episode Summary

This week in InfoSec proves that 3 years is “a reasonable amount of time” Rant of the Week is a traditional hospital pass Billy Big Balls stretches the cooking analogy to the breaking point Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is proof that there is no such thing as paranoia, someone really is watching you

Episode Notes

This week in InfoSec (06:40) 

23rd November 2011: KrebsonSecurity reported that Apple took over 3 years to fix the iTunes software update process vulnerability which the FinFisher remote spying Trojan exploited. Evilgrade toolkit author Francisco Amato had reported it to Apple in 2008.

Apple Took 3+ Years to Fix FinFisher Trojan Hole

https://twitter.com/todayininfosec/status/1727687798017106025

12th November 2009: John Matherly announced the public beta launch of Shodan (@shodanhq) - the first search engine for internet-connected devices.

https://twitter.com/todayininfosec/status/1727462790330232951  

 

Rant of the Week (10:51)

Former infosec COO pleads guilty to attacking hospitals to drum up business

An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.

Under a plea deal he signed last week, Vikas Singla, a former business leader at network security vendor Securolytics – a provider to healthcare institutions, among others – admitted that in September 2018 he rendered the Ascom phone system of Gwinnett Medical Center inoperable.

Gwinnett Medical Center operates hospitals in Duluth and Lawrenceville and the deliberate disablement of the Ascom phone system meant the main communication line between doctors and nurses was unavailable to them.

More than 200 phones were taken offline, which were used for internal communications, including "code blue" incidents that often relate to cardiac or respiratory emergencies.

 

Billy Big Balls of the Week (18:52) 

UK's cookie crumble: Data watchdog serves up tougher recipe for consent banners

The UK's Information Commissioner's Office (ICO) is getting tough on website design, insisting that opting out of cookies must be as simple as opting in.

At question are advertising cookies, where users should be able to "Accept All" advertising cookies or reject them. Users will still see adverts regardless of their selection, but rejecting advertising cookies means ads must not be tailored to the person browsing.

However, the ICO noted that: "Some websites do not give users fair choices over whether or not to be tracked for personalized advertising." This is despite guidance issued in August regarding harmful designs that can trick users into giving up more personal information than intended.

A few months on, the ICO has upped the ante. It has now given 30 days' notice to companies running many of the UK's most visited sites that they must comply with data protection regulations or face enforcement action.

 

Industry News (26:16) 

Cybersecurity Executive Pleads Guilty to Hacking Hospitals

Regulator Issues Privacy Ultimatum to UK’s Top Websites

Microsoft Launches Defender Bug Bounty Program

Why Ensuring Supply Chain Security in the Space Sector is Critical

British Library: Ransomware Attack Led to Data Breach

North Korea Blamed For CyberLink Supply Chain Attacks

US Seizes $9m From Pig Butchering Scammers

North Korean Software Supply Chain Threat is Booming, UK and South Korea Warn

InfectedSlurs Botnet Resurrects Mirai With Zero-Days

 

Tweet of the Week (32:28)

https://twitter.com/MichaelaOkla/status/1721715089970274542