This week in InfoSec reminds us of CNETs own goal Rant of the Week is asking you think of the children, yet AGAIN Billy Big Balls is a minor step to save us from being prematurely cancelled Industry News is the latest and greatest news stories from around the world And Tweet of the Week is our first prediction for 2024
This week in InfoSec (07:51)
With content liberated from the “today in infosec” twitter account and further afield
5th December 2011: Fyodor reported that CNET's http://Download.com had been wrapping its Nmap downloads in a trojan installer...in order to monetize spyware and adware. CNET quickly stopped, then resumed within days, it affected other downloads, and was a debacle.
Download.com Caught Adding Malware to Nmap & Other Software
https://twitter.com/todayininfosec/status/1732073893912047860
4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches. Search your email addresses for free.
https://twitter.com/todayininfosec/status/1731673318560801228
Rant of the Week (13:29)
It's ba-ack... UK watchdog publishes age verification proposals
The UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act.
The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include credit card checks, facial age estimation, and photo ID matching.
The checks are all in the name of protecting children from the grot that festoons large swathes of the world wide web. However, service providers will likely be stuck between a rock and a hard place in implementing the guidance without also falling foul of privacy regulations. For example, Ofcom notes the following age checks as potentially "highly effective":
It doesn't take a genius to imagine how a determined teenager might circumvent many of these restrictions, nor the potential privacy nightmare inherent in many of them if an adult is forced to share this level of info when accessing age-restricted sites.
Billy Big Balls of the Week (23:12)
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password
Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.
The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else."
Secret Code builds on another feature called Chat Lock that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics.
By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted.
"You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added.
The development comes weeks after WhatsApp introduced a "Protect IP Address in Calls" feature that masks users' IP addresses to other parties by relaying the calls through its servers.
Industry News
Sellafield Accused of Covering Up Major Cyber Breaches
Porn Age Checks Threaten Security and Privacy, Report Warns
US Federal Agencies Miss Deadline for Incident Response Requirements
Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics
Police Arrest 1000 Suspected Money Mules
Deutsche Wohnen Ruling Set to Drive Up GDPR Fines
Cambridge Hospitals Admit Two Excel-Based Data Breaches
Governments Spying on Apple and Google Users, Says Senator
Liability Fears Damaging CISO Role, Says Former Uber CISO
Tweet of the Week