The Host Unknown Podcast

This week in InfosecLiberated from the “today in infosec” Twitter account.5th June 1991: Philip Zimmermann sent the first release of PGP to 2 friends, Allan Hoeltje and Kelly Goen, to upload to the Internet.Read his story about the release, including his disclosure of how little he understood about Usenet and what newsgroups even were. http://www.philzimmermann.com/EN/news/PGP_10thAnniversary.htmlPGP Marks 30th Anniversaryhttps://twitter.com/todayininfosec/status/1269043313404862465  7th June 1989: The beta release of the Bourne Again SHell (Bash) was announced as version 0.99. 2 months later Shellshock was introduced into the Bash source code and persisted in subsequent versions for over 25 years.https://groups.google.com/g/gnu.announce/c/hvhlR1Vn1P0/m/NYwp-4_0CaUJ?pli=1https://twitter.com/todayininfosec/status/1269788726156124160 9th June 1993: The first DEF CON hacker conference was held at the Sands Hotel & Casino in Las Vegas, Nevada. Initially planned by Jeff Moss as a farewell party for a hacker friend, about 100 people attended. It has since grown to become a 4-day conference with 30,000 attendees.https://twitter.com/todayininfosec/status/1270389947753627648 Rant of the WeekThere was widespread panic on Tuesday after a major Internet outage knocked dozens of websites offline.Amazon, Reddit and Twitch were all affected, as were the Guardian, the New York Times and the Financial Times.Additionally, the UK government website crashed – on the day that Britons aged 25–29 were invited to book their COVID-19 vaccines.Despite initial speculation that the outage was the result of a cyber attack – with ‘#cyberattack’ trending on Twitter – the true cause of the incident was less sensational, although nonetheless concerning.What caused the Internet to crash?Websites begin to work again after major outage Billy Big Balls of the WeekAlleged drug syndicates, contract killers and weapons dealers thought they were using high-priced, securely encrypted phones that would protect them as they openly discussed drug deals by text message and swapped photos of cocaine-packed pineapples. What they were really doing, investigators revealed Tuesday, was channeling their plots straight into the hands of U.S. intelligence agents.An international coalition of law enforcement officials announced they had ensnared alleged criminals around the world after duping them into using phones loaded with an encrypted messaging app controlled by the FBI.Street value of cocaineANOM: Hundreds arrested in massive global crime sting using messaging appFBI-controlled Anom app ensnares scores of alleged criminals in global police stingTrojan Shield: How the FBI Secretly Ran a Phone Network for CriminalsANOM: Alleged drug kingpin told to hand himself in after being tricked into spreading fake phone app  Industry NewsBiden Expands Trump’s Investment Ban on Chinese FirmsMore US Kids Warned About Internet Than Unsafe SexUS to Treat Ransomware Like TerrorismHacker Group Gunning for MuskFrench Antitrust Regulator Slaps $268 Million Fine on GoogleMicrosoft Fixes Seven Zero-Days This Patch TuesdayA Third of Execs Plan to Spy on Staff to Guard Trade SecretsJBS Admits Paying REvil Ransomware Group $11 MillionSchools Forced to Shut Following Critical Ransomware Attack Tweet of the Weekhttps://twitter.com/Eskenzi/status/1402684475243438081https://twitter.com/KimZetter/status/1402695107640393729 Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” Twitter account1st June 1864: The first record of electronic spam was broadly revealed. A recipient was so infuriated by the dentist's poppycock that he composed a letter to the editor of The Times about the telegram, begging the newspaper to kindly demand a stop to the nonsense.https://twitter.com/todayininfosec/status/139986437741571277328th May 2014: The TrueCrypt website unexpectedly announced that the development of TrueCrypt had ended and that the tool wasn't secure.The Fall of TrueCrypt and Rise of VeraCrypthttps://twitter.com/todayininfosec/status/1266260968004136962 Rant of the WeekDeadline draws near to avoid auto-joining Amazon's mesh network SidewalkOwners of Amazon Echo assistants and Ring doorbells have until June 8 to avoid automatically opting into Sidewalk, the internet giant's mesh network that taps into people's broadband and may prove to be a privacy nightmare.'A stalker can abuse it to stalk people better. There are no mitigations mentioned'Sidewalk privacy and security whitepaper by Amazon Bill Big Balls of the WeekAntivirus that mines Ethereum sounds a bit wrong, right? Norton has started selling itNortonLifeLock, the company that offers the consumer products Broadcom didn’t want when it bought Symantec, has started to offer Ethereum mining as a feature of its Norton 360 security suite. Industry NewsNCSC: Act Now to Protect Streaming AccountsInterpol Seizes $83 Million Headed for Online ScammersMeat Processing Giant JBS Pulls IT Plug After Cyber-AttackScripps Notifying 147K People of Data BreachTeen Crashes Florida School District’s NetworkSextortion Lands Inmate in Federal PrisonBattle for the Galaxy: 6 Million Gamers Hit by Data LeakRansomware Disrupts Largest Ferry Service in MassachusettsMandiant to Re-Emerge After $1.2 Billion FireEye Sale Tweet of the Weekhttps://twitter.com/Cyber_Cox/status/1400082437095387137https://twitter.com/ryanaraine/status/1399724475092983812?s=20 (Edited 00:18 7the June 2020 to seed Apple Podcast update.) Come on! Like and bloody well subscribe!

This Week in InfoSec20th May 1993: Neil Woods (24) and Karl Strickland (22) became the first people imprisoned under the UK's 1990 Computer Misuse Act. Hackers given six months for 'intellectual joyriding': Judge says jail sentences inevitable to deter others 'similarly tempted'https://twitter.com/todayininfosec/status/139571116658073190822nd May 1991: Michael John Lauffenburger's logic bomb was set to detonate on a system at General Dynamics. He'd implemented it 2 months prior. Lauffenburger later pleaded guilty to a misdemeanor charge of computer tampering.Hacker Pleads Guilty in ‘Logic Bomb’ Scheme : Crime: Ex-General Dynamics programmer tried to sabotage computers so the company would have to pay him to fix the problem.https://twitter.com/todayininfosec/status/1396858379285549059 Rant of the WeekCitizen is an app where users report "incidents" in their neighborhoods and, based on those reports and police scanner transcriptions, the app sends "real-time safety alerts" to users about crime and other incidents happening near where a user is located. It is essentially a mapping app that allows users to both report and learn about crime (or what users of the app perceive to be crime) in their neighborhood.CITIZEN CEO OFFERED TO PERSONALLY FUND LA ARSON MANHUNT — FOR THE WRONG PERSONMore on Citizen Shithousery:Leaked Emails Show Crime App Citizen Is Testing On-Demand Security ForceCitizen data scraped and dumped on dark web Billy Big Balls of the WeekNigerian cyber criminals target Texas unemployment systemCyber criminals use Gmail feature to register the same email address multiple times Industry NewsTelemarketing Fraudster Jailed for 10 YearsRansomware Gang Gifts Decryption Tool to HSEAir India: Supplier Breach Hit 4.5 Million PassengersAmex Fined After Sending Over Four Million Spam EmailsFBI Employee Indicted Over Illegal Document RemovalEurope’s Top Human Rights Court Rules UK Mass Surveillance IllegalInfluencers Offered Money to Vilify VaccineData Breach at Canada PostChinese Phishing Attack Targets High-Profile Uyghurs Tweet of the WeekStudents Stuff the Context Boxhttps://twitter.com/todayininfosec/status/1395843517189132300 Come on! Like and bloody well subscribe!

This Week in InfoSecLiberated from the “today in infosec” Twitter account:15th May 1998: The first issue of Bruce Schneier's (@schneierblog) monthly Crypto-Gram internet newsletter was published. And The Secret Story of Non-Secret Encryption is a pretty pretty pretty pretty...good read.https://www.schneier.com/crypto-gram/archives/1998/0515.htmlhttps://www.schneierfacts.com/https://twitter.com/sirjester/status/867809572173602817https://twitter.com/todayininfosec/status/1393708868304359426  22nd May 2010: A Floridian man named Laszlo Hanyecz, received what he thought was a “free lunch”.https://bitcointalk.org/index.php?topic=137.0Bitcoin Pizza Day: Why Bitcoiners Are Celebrating Today By Eating PizzaBitcoin's surge beyond $60,000 means the famed programmer Laszlo Hanyecz effectively paid $613 million for 2 pizzas Rant of the WeekWe'd love to report on the outcome of the CREST exam cheatsheet probe, but the UK infosec body won't publish ithttps://www.theregister.com/2021/05/17/crest_not_publishing_cert_exam_cheat_report/ Billy Big Balls of the WeekThe Military Is Creating a ‘Gig Eagle’ App to Uber-ize Its Workforce“We are creating a gig economy for the Department of Defense,” said one official.https://www.vice.com/en/article/n7bzvw/the-military-is-creating-a-gig-eagle-app-to-uber-ize-its-workforce Industry NewsRapid7 Source Code Accessed in Cyber-attackQuarter of CISOs Self-Medicate as Pandemic Stress SpikesUS Sentences Cyber-Stalker Who Sent Sex Workers to Family’s HomeToshiba Business Reportedly Hit by DarkSide RansomwareCybercrime Forum Bans Ransomware ActivityAXA Faces DDoS After Ransomware AttackFamilies of Missing Persons Receive Fake Ransom DemandsDarkSide Gang Retires on $90mUSPS Reportedly Uses Clearview AI to Spy on Americans Tweet of the Weekhttps://twitter.com/WeldPond/status/1395151316809306114https://twitter.com/GossiTheDog/status/1395502236101451777 Come on! Like and bloody well subscribe!

This Week in InfoSecLiberated from the “today in infosec” Twitter account6th May 1995: Chris Lamprecht (aka "Minor Threat") became the first person banned from the Internet. He received a 70 month sentence for money laundering...and was banned from the Internet until 2003.https://www.wired.com/1997/12/twice-removed-locked-up-and-barred-from-net/https://twitter.com/todayininfosec/status/12578628173711564807th May 2004: 18-year-old German computer science student Sven Jaschan was arrested for writing the Sasser worm and the NetSky worm. One of Jaschan's friends had informed Microsoft that Jaschan had created the worm.https://en.m.wikipedia.org/wiki/Sasser_(computer_worm)https://twitter.com/todayininfosec/status/13906895366704209989th May 1990: Operation Sundevil was revealed in a press release. It was a US Secret Service crackdown on "illegal computer hacking activities." Raids occurred in ~15 cities, resulting in a measly 3 arrests.https://twitter.com/todayininfosec/status/1259301463102074880The Hacker Crackdown audiobook https://boingboing.net/2008/01/13/podcast-of-bruce-ste.html   Rant of the WeekRansomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anywayColonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.News of the payoff was broken by Bloomberg – which not only cited anonymous sources but also mocked other news outlets' anonymous sources for saying earlier this week that the American pipeline operator would never pay the ransom.https://www.theregister.com/2021/05/13/colonial_pipeline_ransom/https://twitter.com/KimZetter/status/1392923544753872896 Colonial Pipeline hackers apologize, promise to ransom less controversial targets in futurehttps://www.theverge.com/2021/5/10/22428996/colonial-pipeline-ransomware-attack-apology-investigationColonial Pipeline was looking to hire a cybersecurity manager before the ransomware attack shut down operationshttps://www.theregister.com/2021/05/13/colonial_pipeline_hiring_cybersecurity_manager/  Billy Big Balls of the WeekHackers Are Having a Field Day With AirTagsJust two weeks after their release, several hackers and security researchers are tearing Apple’s AirTags apart and finding some issues with them.https://www.vice.com/en/article/pkbpa7/hackers-are-having-a-field-day-with-airtags Industry NewsMisconfigured Database Exposes 200K Fake Amazon ReviewersRansomware Takes Down East Coast Fuel PipelineUniversity Cancels Exams After Cyber-AttackStaff Bonus was “Crass” Phishing SimulationGermany Bans Facebook from Processing WhatsApp DataAXA to Stop Reimbursing Ransom PaymentsMore Domestic Abuse Cases Involve TechHome Working Parents and Young Adults Are Most Risky IT UsersBiden Executive Order Mandates Zero Trust and Strong Encryption Tweet of the Weekhttps://twitter.com/browninfosecguy/status/1392503491042611202Olaf Hartong @olafhartong: FreemiumBackupsIain Cyto @IainCyto: Surprise Pen Test Posse.Biteater @illustrioushefe: WindowsOffenderDavid Shipley @davidshipley: Trailer Park Crypto BoysAdrian @Nutritionist_AP: RanSomewhereOld Navy Dude next @ DEFCON & HIMMS @0ldNavyDude: Ransom McRansomface Come on! Like and bloody well subscribe!

This Week in InfoSecLiberated from the “today in infosec” Twitter account4th May 1990: Robert Tappan Morris was sentenced to 3 years probation, fined $10,000, and ordered to perform 400 hours of community service. Why? For releasing the Morris worm in 1988, then becoming the first person convicted under the then-new Computer Fraud and Abuse Act (CFAA).https://en.wikipedia.org/wiki/Morris_wormhttps://twitter.com/todayininfosec/status/12573523703354654724th May 2000: The ILOVEYOU worm spread worldwide, infecting an estimated 10% of the Internet-connected computers.Its author was never prosecuted because the Philippines didn’t have any relevant laws. He was recently tracked down and interviewed about the worm:https://www.bbc.com/news/amp/technology-52458765https://twitter.com/todayininfosec/status/1257833516454211584 A little Billy Bonus...https://www.linkedin.com/feed/update/urn:li:activity:6794950191586836480/A Little Cheap Plug:https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Rant of the WeekTwitter introduced a tip jar - except, when you use paypal to send the tip, it sends your registered address too! Noice. It’s not really an issue with twitter - more of a feature of PayPal cos that's how it sends receipts for goods and services. This threat exists with all users of PayPal. Not just tip jar. But this isn’t really a rant about privacy or tipjar… let’s talk about Whitney Merrill’s tweet…. https://twitter.com/wbm312/status/1390444554587832324?s=20 Billy Big Balls of the WeekDashcam footage showed the moment a gang of armed robbers in South Africa attempted a cash-in-transit heist by chasing and firing shots into a bulletproof security vehicle.Members of a private security company were transporting money in a truck in the northern city of Pretoria on April 22 when they were attacked.In the three-minute video, a security officer is seen driving with a colleague. Both men are wearing bulletproof vests.https://twitter.com/Abramjee/status/1388194148210167810https://www.insider.com/watch-video-shows-armored-cars-crew-in-daring-escape-under-fire-2021-5 Industry NewsBritish Prime Minister’s Cell Phone Number ExposedFake Vaccine Domain SeizedShoppers Choose Guest Checkouts Over Security FearsMisconfigs and Unpatched Bugs Top Cloud Native Security IncidentsCyber-Attack on Belgian ParliamentResearcher Claims Peloton APIs Exposed All Users DataHomecoming Queen Hacker to be Tried as an AdultCaptureRx Data Breach Impacts Healthcare ProvidersFinancial Firms Report Puzzling 30% Drop in Breaches as Incidents Rise Tweet of the Weekhttps://edition.cnn.com/2021/05/05/entertainment/tiger-king-carole-baskin-crypto-coin/index.htmlhttps://twitter.com/carole_baskin/status/1389662255747325955https://twitter.com/krypt3ia/status/1389948564411932676 Come on! Like and bloody well subscribe!

https://cumrocketcrypto.com/This week in Infosec takes us back to a time Microsoft devalued a company, before buying it and another case of something being referred to as electronic graffiti.Rant of the week is about this one time, at basecampIndustry News brings us the latest and greatest infosec news from around the globeBilly Big Balls talks about Apple’s app transparencyTweet of the week tells us why the CEO of a $2bn Bay Area tech biz was fired (the real reason may SHOCK you)It’s hard being overlooked all the time and that is all we have to say on the topic of Little People this week. This week in InfosecLiberated from the “today in infosec” Twitter account:23rd April 2008: Microsoft announced that some of its antivirus tools had mislabeled Skype as adware for several days due to a bad definition update. 3 years later Microsoft bought Skype for $8.5 billion. https://www.computerworld.com/article/2787019/microsoft-mislabels-skype-as-adware.htmlhttps://www.theregister.com/2010/04/21/mcafee_false_positive/https://twitter.com/todayininfosec/status/125355864253771366427th April 1986: In protest of rates for satellite dish owners, Captain Midnight jammed HBO's satellite signal for 4 minutes.Why did he do it? To raise awareness about unfair pricing and restrictive trade practices.https://en.m.wikipedia.org/wiki/Captain_Midnight_broadcast_signal_intrusionhttps://youtu.be/gtdwD0qqApQhttps://ultimateclassicrock.com/captain-midnight-hbo/  https://twitter.com/todayininfosec/status/1254799686906425346 Rant of the Week1. No more societal and political discussions on our company Basecamp account. 2. No more paternalistic benefits.3. No more committees.4. No more lingering or dwelling on past decisions.5. No more 360 reviews. 6. No forgetting what we do here. https://world.hey.com/jason/changes-at-basecamp-7f32afc5Wider fallout:https://twitter.com/CaseyNewton/status/1387195551205105666https://twitter.com/jonasdowney/status/1386792772334768130https://twitter.com/fox/status/1386836877857099777 Billy Big Balls of the WeekApple’s AppTrackingTransparency for iOS 14.5 is finally out. Here’s what it means for your privacy.https://www.eff.org/deeplinks/2021/04/apples-apptrackingtransparency-upending-mobile-phone-tracking Industry NewsLockdown Hotel Bookings at Risk Due to DMARC FailLast Chance for Forensics Teams Ahead of Emotet Sunday DeadlineSpace Command to Launch Dedicated Cyber CenterNintendo Sues BowserThreat Actors Impersonate Chase BankREvil Removes Apple Extortion Attempt from Site: Report#COVID19 Rattles Banks and Insurers as Security Budgets Are SlashedEmotet Group Harvested Over 4.3 Million Victim EmailsUS Arrests Alleged Crypto Mixer The Cellebrite Physical Analyzer – the most intrusive phone-cracking tool offered by the company – no longer supports the direct extraction of iPhone datahttps://9to5mac.com/2021/04/27/cellebrite-physical-analyzer-iphone/ Tweet of the Week https://twitter.com/JenniferJJacobs/status/1387046218602225667https://www.bloomberg.com/technology?sref=yYYRek8e https://www.nytimes.com/2021/04/29/arts/disaster-girl-meme-nft.html?smid=tw-nytimes&smtyp=cur Come on! Like and bloody well subscribe!

Thom’s l33t crypto coin investments This week in InfosecLiberated from the “today in infosec” twitter account:18th April 1995: proff (Julian Assange) published "The Dan Farmer Rap", about SATAN author, Dan Farmer.Yes, that Julian Assange.Yes, the same one.Yes.https://seclists.org/bugtraq/1995/Apr/19519th April 2010: The OWASP Top 10 for 2010 was officially released.http://web.archive.org/web/20100628190859/http://www.owasp.org/index.php/OWASPTop10-2010-PressReleasehttps://twitter.com/todayininfosec/status/125189502259880345719th April 2011: Microsoft published a policy requiring employees to follow specific procedures when reporting vulnerabilities in 3rd-party products.https://twitter.com/todayininfosec/status/1252023386026340352 Rant of the WeekThey Hacked McDonald’s Ice Cream Machines—and Started a Cold Warhttps://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/ Billy Big BallsCellebrite makes software to automate physically extracting and indexing data from mobile devices.https://signal.org/blog/cellebrite-vulnerabilities/ELI5: https://twitter.com/ErrataRob/status/1385020198697291777?s=20 Industry NewsGoogle to Delay Publishing Bug Details for 30 DaysICO Issued Over £42 Million in Fines Last YearFIN7 Sysadmin Gets 10 Years Behind BarsGoogle Trumpets New Mobile App Security StandardMI5: 10,000+ Brits Approached by Spies on Social SiteDating Service Suffers Data BreachTikTok Sued Over Use of Minors’ DataDoJ Launches Ransomware Taskforce as Apple Hit by Extortion AttemptStallone Classic a Password Favorite Tweet of the Weekhttps://twitter.com/H3KTlC/status/1385232019387404296?s=20Related:Add another cause of mental health concern from the past year’s Pandemic-induced, work-from-home requirements.  New research from Microsoft shows the potential downside of the virtual workplace, confirming that stress increases over the course of back-to-back virtual meetings.https://www.forbes.com/sites/brucerogers/2021/04/20/our-brains-need-breaks-from-virtual-meetings/?sh=6de6770a21e9 Sticky Pickle of the WeekHat-tip to Martin @maxsec Hepworth for bringing this story to our attention (and the reason Smashing Security missed it is because they record on Tuesday and spend a day and a half editing their show before releasing it):“Linux kernel developers do not like being experimented on”https://twitter.com/gregkh/status/1384785747874656257?s=20https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/ Come on! Like and bloody well subscribe!

We think we sound much better this week, all thanks to Krisp! Tighten up your audio, remove background noise, and annoying work colleagues, all with Krisp. Download it here:https://ref.krisp.ai/u/ue2a67ba76 One advantage of being short is that you get to be in the front of all pictures taken of a group and that is all we have to say about Little People this week. This week in InfosecLiberated from the “today in infosec” twitter account:15th April 2000: The RCMP arrested a Canadian juvenile known as MafiaBoy for a DDoS attack against cnn.com.https://twitter.com/todayininfosec/status/1250622615204454400 https://en.wikipedia.org/wiki/Michael_Calce14th April 2005: It was announced that the National Infrastructure Advisory Council (NIAC) had chosen FIRST to be the custodian of the Common Vulnerability Scoring System (CVSS), the then-emerging standard in vulnerability scoring.https://twitter.com/todayininfosec/status/125025120339027558416th April 2014: Host Unknown released their debut music video to great acclaim within the Infosec echo-chamberhttps://twitter.com/HostUnknownTV/status/456395301159305216Jav’s proposal for Pulp Security from 2011 (cue Mesirlou  clarinet version to avoid copyright infringment notices)Cynic: So tell me more about America.Jester: Well it's the same shit we got here, it's just a little different.Cynic: Example?Jester: Well I mean, you can get encryption products out there. It's legal for you to own it, it's legal for you to install it… but get this. If you try to export it out of the country it's illegal for you to do it.Cynic: Damn man, that's harsh.Jester: You know what they call a router (pronounced rooter) out in the US?Cynic: They don't call it a Rooter?Jester: Nah man, they got their own system, they call it a Router (pronounced rowter)Cynic: haha Rant of the Week Industry NewsHackers Hacked as Underground Carding Site is BreachedFacebook Removes 16k Groups for Trading Fake ReviewsBrits Still Confused by Multi-Factor AuthenticationFood Shortages at Dutch Supermarkets After Ransomware OutageCyber-Attack Shutters Half of Tasmania’s CasinosMicrosoft Patches Four More Critical Exchange Server BugsLawsuit Filed After Facial Recognition Tech Leads to Wrongful ArrestMan Gets 10 Years for Multimillion-Dollar Medicare Fraud SchemeEurope's Data Protection Guardians Green Light EU-UK Data Flows Javvad’s Weekly StoriesHow I pwned an ex-CISO and Smashing Security https://youtu.be/lb5htJmjcFM Tweet of the WeekRobert McArdle - @bobmcardleDirector FTR - CyberCrime Research for @TrendMicro. Lecturer in Malware Analysis.https://twitter.com/bobmcardle/status/1382602129005772801 Sticky Pickle of the WeekYour company is looking to promote an upcoming Women in Security webinar and you’re looking to maximise engagement on your social media channels so you come up with a single question which you believe will solicit engagement and believe the structure of the question is in a way that keeps responses on topic:“What according to you are the most common challenges faced by women in the cybersecurity domain?”.Sound good so far?  Can you make it simpler by providing multiple choice answers to choose from?  It’s not a bad strategy so what are the optional responses to the most common challenges faced by women in the industry are?A: “Only men can do this job”B: “Women can’t handle this job”C: “Women aren’t encouraged enough.”Now the responses you’re receiving to this insightful quiz are not going in the direction you thought they would - what are your next steps?https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/ Come on! Like and bloody well subscribe!

This week in Infosec(Liberated from the “today in infosec” twitter account):4th April 1977: Ron Rivest first introduced Alice and Bob in the paper "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems".https://twitter.com/todayininfosec/status/1246652917605527554http://web.mit.edu/jemorris/humor/alice-and-bobhttps://xkcd.com/177/Javvad explains it better: https://en.wikipedia.org/wiki/Alice_and_Bob8th April 2014: Extended support for Microsoft Windows XP Service Pack 3 ended, nearly 6 years after SP3's release and 12 1/2 after general availability of Windows XP.https://twitter.com/todayininfosec/status/1247920644030738433 Rant of the WeekThe UK Cyber Security Council launches itself by pointing world+dog to domain it doesn't ownThe UK Cyber Security Council announced itself to the public realm last week by touting a domain it doesn't own. Helpfully, internet jokesters then bought up variations on the official address.A brainchild of the Department for Digital, Culture, Media and Sport, the UK Cyber Security Council is billed by the government as "the regulatory body, and voice, for UK cybersecurity education, training, and skills." As part of that it "drives progress towards meeting the key challenges the profession faces."All very worthy and important. When British infosec folk noticed that the official press release mentioned an email address for ukcybersecurity[.]org[.]uk, however, everything started unraveling.Why? Because the UK Cyber Security Council didn't own ukcybersecurity[.]org[.]uk. Nobody did – until Adrian Kennard bought it and pointed it at his personal blog, where he dispensed some gentle advice to the new org."One of the tips I can give you when it comes to cybersecurity is that you should be careful to ensure that contact details you publish actually belong to you," wrote Kennard, who runs a UK ISP, adding: "It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at press@ukcybersecurity.org.uk for more information (be nice)."https://www.theregister.com/2021/04/06/uk_cybersecurity_council_domain_fail_launch/ Billy Big Balls of the WeekThis Tech Exec Had Her Kids Sign a User Agreement Before She Got Them Their First PhoneWhen it came to tech and their own kids, both Steve Jobs and Bill Gates were famously strict about how much screen time they allowed. Jobs didn't let his kids use the iPad he helped invent. Gates banned his kids from getting phones until they were 14. Just like Gates and Jobs, Jennifer Zhu Scott, a Hong Kong-based tech executive and TED speaker focused on privacy issues, was concerned about the dangers of giving her two children, aged 10 and 11, smartphones--given her deep understanding of the power and perils of technology.  She drew on her professional experience and made them sign a three-page, 15-point "user agreement" for their phones. They had to agree to share their passwords with her, ask for permission before signing up for social media accounts, be open about harassment or strange phone calls or messages, and answer any questions about how they were using their phones.Part of the agreement is a crash course in internet privacy. It tells her daughters what we adults so often forget--that everything we put online is likely to be read, used, and sold in ways that we can't begin to imagine.Etiquette and overuse are also covered by the agreement. It bans phone use after 8 p.m. and requires the girls put their phones down while socializing and walking. It also contains a strong warning about the long life of potentially embarrassing photos and posts shared online. A copy of the agreement is in the show notes. https://www.inc.com/jessica-stillman/this-tech-exec-had-her-kids-sign-a-user-agreement-before-she-got-them-their-first-phone.html#:~:text=Try%20a%20'user%20agreement',power%20and%20perils%20of%20technology.Link to the agreement: https://drive.google.com/file/d/1Yc3Np00vEgAIvNV7VzEIHoxbWqqC0Oon/view Industry NewsMicrosoft Suffers Second Outage in Two WeeksData of Half a Billion Facebook Users LeakedAustralia Considers Social Media ID RequirementFlorida School District Held to Impossibly High RansomCybersecurity Industry Must Find Solutions for Third-Party Data SecurityChemical Weapon Shopping Sends Dark Web User to PrisonItalian Arrested After Allegedly Paying Hitman to Murder Ex-Girlfriend College Track Coach Accused of CyberstalkingWormable Netflix Malware Spreads Via WhatsApp Messages Tweet of the Weekhttps://www.teiss.co.uk/ziggy-ransomware-admin-to-refund-victims/The administrators of Ziggy ransomware have reportedly decided to lead an honest life and refund the victims of their ransomware attacks. This historic announcement comes a couple of months after the hacker group decided to shut shop and release decryption keys for free.As admitted by the ransomware's operators in statements given to the likes of Bleeping Computer and Threatpost, the Ziggy ransomware gang decided to shut shop in February following a string of law enforcement successes against well-established ransomware gangs, notably Emotet and NetWalker. Gripped by the fear of being next, the ransomware gang quickly released an SQL file with 922 decryption keys that could be used by the victims to unlock their files.https://twitter.com/M_Shahpasandi/status/1376116414608736258?s=20 Bonus Tweet of the Weekhttps://twitter.com/yarden_shafir/status/1380147188416778245 Come on! Like and bloody well subscribe!