This week in Infosec takes us back to a time when sharing was caring Rant of the week is a complaint about people criticising good security practice Billy Big Balls pays homage to people who take credit on group projects without contributing anything Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week Is a new CVE about an old issue
This Week in InfoSec (11:46)
With content liberated from the “today in infosec” Twitter account
7th December 1999: The Recording Industry Association of America sues the peer-to-peer file sharing service Napster alleging copyright infringement for allowing users to download copyrighted music for free. The RIAA would eventually win injunctions against Napster forcing the service to suspend operations and eventually file bankruptcy. In the end the RIAA and its members would settle with Napster’s financial backers for hundreds of millions of dollars.
How The Founder of Napster Trolled Metallica at the VMAs
Shawn Fanning at the MTV Video Music Awards in 2000
December 2009, when Yahoo! Doesn't Want You To Know Its Spying Price List; Issues DMCA Takedown
Compliance Guide for Law Enforcement
Rant of the Week (22:37)
The vice president should not be using Bluetooth headphones
This week, Politico opened its newsletter with an article on Vice President Kamala Harris’ aversion to using Bluetooth headphones. The VP was “Bluetooth-phobic,” the story claimed, “wary” of her AirPods and cautious with her technology use to an extent former aides described as “a bit paranoid.” Proof could be seen in her televised appearances: wires dangling from her ears in an interview with MSNBC’s Joy Reid or clutched in her hand during the famous “We did it, Joe” call.
But for a high-profile public official, this is a lot more reasonable than you might think. As security researchers were quick to point out, Bluetooth has a number of well-documented vulnerabilities that could be exploited if a bad actor wanted to hack, say, the second most powerful person in the US government.
Billy Big Balls of the Week
Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments
Alleged scheme said to have netted $20m since 2017
"Batista and Teran perpetrated their fraud by falsely representing to Y.T. [YouTube] and to A.R., an intermediate company responsible for enforcing their music library, that they were the owners of a wide swath of music and that they were entitled to collect any resulting royalty payments."
The government claims that around April, 2017, two men, through their company MediaMuv, LLC, entered into a contract with A.R., which administers and distributes YouTube royalty payments, claiming to control a 50,000 song catalog of music.
They subsequently sent the corresponding song files to A.R., which in turn uploaded the files to YouTube, the indictment claims. The court filing cites as an example the song "Viernes Sin Tu Amor," which A.R. is said to have uploaded to YouTube in 2017 and has earned around $24,000 in royalty payments since then.
This was allegedly done for numerous songs, with A.R. eventually, at the direction of the MediaMuv, writing to YouTube "to bulk clear potential copyright conflicts from MediaMuv's entire music catalog."
Industry News (36:28)
Nine State Department Phones Hijacked by Spyware
Cyber-attack Closes UK Convenience Stores
French Transport Giant Exposes 57,000 Employees and Source Code
Hotel Guests Locked Out of Rooms After Ransomware Attack
Passports Now Most Attacked Form of ID
IT Execs Half as Likely to Face the Axe After Breaches
Most Phishing Pages are Short-lived
Half of Websites Still Using Legacy Crypto Keys
Tweet of the Week (44:08)
https://twitter.com/TJ_Null/status/1469006847449440262
