This week in InfoSec is moooving from one orifice to another Rant of the Week is all over your face Billy Big Balls is do as I say, not as I do Industry News is the latest and greatest news stories from around the world And Tweet of the Week is about the good old days
This week in InfoSec (09:40)
With content liberated from the “today in infosec” twitter account and further afield
24th November 2014: The Washington Post published an article which included a photo of TSA master keys. A short time later functional keys were 3-d printed using the key patterns in the photo.
https://twitter.com/todayininfosec/status/1728048404452782497
26th November 2001: "In an effort to turn the tide in the war on terrorism", Cult of the Dead Cow offered its expertise to the FBI. How did it plan on helping? By architecting a new version of Back Orifice for use by the US federal government.
"THE CULT OF THE DEAD COW OFFERS A HELPING HAND IN AMERICA'S TIME OF NEED"
https://twitter.com/todayininfosec/status/1728998509033238952
Rant of the Week (18:55)
Interpol makes first border arrest using Biometric Hub to ID suspect
European police have for the first time made an arrest after remotely checking Interpol's trove of biometric data to identify a suspected smuggler.
The fugitive migrant, we're told, gave a fake name and phony identification documents at a police check in Sarajevo, Bosnia and Herzegovina, while traveling toward Western Europe. And he probably would have got away with it, too, if it weren't for you meddling kids Interpol's Biometric Hub – a recently activated tool that uses French identity and biometrics vendor Idemia's technology to match people's biometric data against the multinational policing org's global fingerprint and facial recognition databases.
"When the smuggler's photo was run through the Biometric Hub, it immediately flagged that he was wanted in another European country," Interpol declared. "He was arrested and is currently awaiting extradition."
Interpol introduced the Biometric Hub – aka BioHub – in October, and it is now available to law enforcement in all 196 member countries.
Billy Big Balls of the Week (27:42)
https://www.theregister.com/2023/11/28/cert_in_rti_exemption/
India's government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information (RTI) requests – the nation's equivalent of the freedom of information queries in the US, UK, or Australia.
Reasons for the exemption have not been explained, but The Register has reported on one case in which an RTI request embarrassed CERT-In.
That case related to India's sudden decision, in April 2022, to require businesses of all sizes to report infosec incidents to CERT-in within six hours of detection. The rapid reporting requirement applied both to serious incidents like ransomware attacks, and less critical messes like the compromise of a social media account.
CERT-In justified the rules as necessary to defend the nation's cyberspace and gave just sixty days notice for implementation.
The plan generated local and international criticism for being onerous and inconsistent with global reporting standards such as Europe's 72-hour deadline for notifying authorities of data breaches.
The reporting requirements even applied to cloud operators, who were asked to report incidents on tenants' servers. Big Tech therefore opposed the plan.
Industry News (34:04)
Cybersecurity Incident Hits Fidelity National Financial
Cybercriminals Hesitant About Using Generative AI
Google Fixes Sixth Chrome Zero-Day Bug of the Year
DeleFriend Weakness Puts Google Workspace Security at Risk
Okta Admits All Customer Support Users Impacted By Breach
Thousands of Dollar Tree Staff Hit By Supplier Breach
Booking.com Customers Scammed in Novel Social Engineering Campaign
Manufacturing Top Targeted Industry in Record-Breaking Cyber Extortion Surge
North Korean Hackers Amass $3bn in Cryptocurrency Heists
Tweet of the Week (43:12)
