This week in Infosec takes us back to a 60’s swinging movie Rant of the week has some domain name shenanigans Billy Big Balls Karen’s Colossal Cahonas in the form of a techno Tiger Mom Industry News brings us the latest and greatest infosec news from around the globe Tweet of the Week - paid ransomware? You may be entitled to a refund! Hire cars are no good for short people. That is all we have to say about little people on this show
This week in Infosec
(Liberated from the “today in infosec” twitter account):
4th April 1977: Ron Rivest first introduced Alice and Bob in the paper "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems".
https://twitter.com/todayininfosec/status/1246652917605527554
http://web.mit.edu/jemorris/humor/alice-and-bob
Javvad explains it better:
https://en.wikipedia.org/wiki/Alice_and_Bob
8th April 2014: Extended support for Microsoft Windows XP Service Pack 3 ended, nearly 6 years after SP3's release and 12 1/2 after general availability of Windows XP.
https://twitter.com/todayininfosec/status/1247920644030738433
Rant of the Week
The UK Cyber Security Council launches itself by pointing world+dog to domain it doesn't own
The UK Cyber Security Council announced itself to the public realm last week by touting a domain it doesn't own. Helpfully, internet jokesters then bought up variations on the official address.
A brainchild of the Department for Digital, Culture, Media and Sport, the UK Cyber Security Council is billed by the government as "the regulatory body, and voice, for UK cybersecurity education, training, and skills." As part of that it "drives progress towards meeting the key challenges the profession faces."
All very worthy and important. When British infosec folk noticed that the official press release mentioned an email address for ukcybersecurity[.]org[.]uk, however, everything started unraveling.
Why? Because the UK Cyber Security Council didn't own ukcybersecurity[.]org[.]uk. Nobody did – until Adrian Kennard bought it and pointed it at his personal blog, where he dispensed some gentle advice to the new org.
"One of the tips I can give you when it comes to cybersecurity is that you should be careful to ensure that contact details you publish actually belong to you," wrote Kennard, who runs a UK ISP, adding: "It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at press@ukcybersecurity.org.uk for more information (be nice)."
https://www.theregister.com/2021/04/06/uk_cybersecurity_council_domain_fail_launch/
Billy Big Balls of the Week
This Tech Exec Had Her Kids Sign a User Agreement Before She Got Them Their First Phone
When it came to tech and their own kids, both Steve Jobs and Bill Gates were famously strict about how much screen time they allowed. Jobs didn't let his kids use the iPad he helped invent. Gates banned his kids from getting phones until they were 14.
Just like Gates and Jobs, Jennifer Zhu Scott, a Hong Kong-based tech executive and TED speaker focused on privacy issues, was concerned about the dangers of giving her two children, aged 10 and 11, smartphones--given her deep understanding of the power and perils of technology. She drew on her professional experience and made them sign a three-page, 15-point "user agreement" for their phones.
They had to agree to share their passwords with her, ask for permission before signing up for social media accounts, be open about harassment or strange phone calls or messages, and answer any questions about how they were using their phones.
Part of the agreement is a crash course in internet privacy. It tells her daughters what we adults so often forget--that everything we put online is likely to be read, used, and sold in ways that we can't begin to imagine.
Etiquette and overuse are also covered by the agreement. It bans phone use after 8 p.m. and requires the girls put their phones down while socializing and walking. It also contains a strong warning about the long life of potentially embarrassing photos and posts shared online.
A copy of the agreement is in the show notes.
Link to the agreement:
https://drive.google.com/file/d/1Yc3Np00vEgAIvNV7VzEIHoxbWqqC0Oon/view
Industry News
Microsoft Suffers Second Outage in Two Weeks
Data of Half a Billion Facebook Users Leaked
Australia Considers Social Media ID Requirement
Florida School District Held to Impossibly High Ransom
Cybersecurity Industry Must Find Solutions for Third-Party Data Security
Chemical Weapon Shopping Sends Dark Web User to Prison
Italian Arrested After Allegedly Paying Hitman to Murder Ex-Girlfriend
College Track Coach Accused of Cyberstalking
Wormable Netflix Malware Spreads Via WhatsApp Messages
Tweet of the Week
https://www.teiss.co.uk/ziggy-ransomware-admin-to-refund-victims/
The administrators of Ziggy ransomware have reportedly decided to lead an honest life and refund the victims of their ransomware attacks. This historic announcement comes a couple of months after the hacker group decided to shut shop and release decryption keys for free.
As admitted by the ransomware's operators in statements given to the likes of Bleeping Computer and Threatpost, the Ziggy ransomware gang decided to shut shop in February following a string of law enforcement successes against well-established ransomware gangs, notably Emotet and NetWalker. Gripped by the fear of being next, the ransomware gang quickly released an SQL file with 922 decryption keys that could be used by the victims to unlock their files.
https://twitter.com/M_Shahpasandi/status/1376116414608736258?s=20
Bonus Tweet of the Week
https://twitter.com/yarden_shafir/status/1380147188416778245