Sign up to save your podcasts
Or
Share Episode 166 - The Potato Quality Episode
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 166 - The Potato Quality Episode
This week in InfoSec (11:51)
With content liberated from the “today in infosec” twitter account and further afield
6th September 1987: Thomas Haynie was accused of intentionally jamming Playboy's satellite network with a text-only message. Haynie was an uplink engineer at the Christian Broadcasting Network and was on duty at the time of the jamming. He received 3 years of probation.
CBN engineer denies pre-empting soft-porn movies
https://twitter.com/todayininfosec/status/1302620593322438656
Rant of the Week (20:12)
If you like to play along with the illusion of privacy, smart devices are a dumb idea
Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected "smart" devices could be a dumb idea if you'd rather try to preserve your privacy.
The consumer rights organization's analysis of a number of IoT products – from speakers and security cameras to TVs and washing machines – found that they all demand customer data above and beyond what is needed for the product to perform its function, and then distribute that information to a horde of faceless corporations.
Consumer campaign group Which? pointed out that this means consumers are not only in many cases paying thousands for the product itself, with all its "smart" connected bells and whistles, but continue to pay in the form of their personal data.
The outfit broke down what information is required to set up an account with the product manufacturers, what permissions the associated apps request, and what customer activity companies are tapping into.
Spoiler alert: it's all for ads and marketing.
Disturbingly, every single brand examined required both exact and approximate location data – as though your fancy washing machine needed to "know" where it is to clean your clothes.
Billy Big Balls of the Week (28:52)
Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections
A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.
Charles James Randol, 33, who is now due to be sentenced, faces a maximum of five years in federal prison and three years supervised release, plus a fine of up to $250,000 or twice the total illicit proceeds from the scams, whichever amount is greater.
Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday. The Santa Monica man would handle crypto-cash transactions exceeding $10,000 without knowing who his customers were – folks known only as "Puppet Shariff," "White Jetta," "Aaavvv," "Aaaa," and "Yogurt Monster," for example – which is hardly in line with regulatory requirements.
To stay on the right side of American law, Randol should have verified and recorded their identities.
In his plea agreement, the cryptocurrency dealer admitted to three in-person transactions between October 2020 to January 2021 in which he gave an undercover FBI agent a total of $273,940 in cash for Bitcoin, and kept a four percent commission fee.
Randol "did not request a name, proof of identity, social security number, or any other information about [the undercover agent] or the source of the funds being exchanged," the plea agreement says.
[Good comment]: Working for an American financial institution, we must go through mandatory AML (anti money laundering) training each year, and the consequences for the firm if an audit finds a violation tend to be in the high 6-digit payouts.
With that in mind, a kid operating a blatantly open money laundering gig takes a proportionally much smaller punishment (assuming white-glove inmates usually manage to leave the can way before their time is served)]
Industry News (36:14)
UK Electoral Commission Fails Cybersecurity Test Amid Data Breach
Crypto Casino Stake.com Back Online After $40m Heist
UK Government Backs Down on Anti-Encryption Stance
Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign
Think Tank Urges Labour to Promote “Securonomics” Agenda
Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary
UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware
Zero-Day Flaw Exposes Atlas VPN User IPs
Tweet of the Week (44:39)
https://twitter.com/KimZetter/status/1699546860187472034
Come on! Like and bloody well subscribe!
View all episodes
By Host Unknown, Thom Langford, Andrew Agnes, Javvad Malik
4.8
55 ratings
This week in InfoSec (11:51)
With content liberated from the “today in infosec” twitter account and further afield
6th September 1987: Thomas Haynie was accused of intentionally jamming Playboy's satellite network with a text-only message. Haynie was an uplink engineer at the Christian Broadcasting Network and was on duty at the time of the jamming. He received 3 years of probation.
CBN engineer denies pre-empting soft-porn movies
https://twitter.com/todayininfosec/status/1302620593322438656
Rant of the Week (20:12)
If you like to play along with the illusion of privacy, smart devices are a dumb idea
Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected "smart" devices could be a dumb idea if you'd rather try to preserve your privacy.
The consumer rights organization's analysis of a number of IoT products – from speakers and security cameras to TVs and washing machines – found that they all demand customer data above and beyond what is needed for the product to perform its function, and then distribute that information to a horde of faceless corporations.
Consumer campaign group Which? pointed out that this means consumers are not only in many cases paying thousands for the product itself, with all its "smart" connected bells and whistles, but continue to pay in the form of their personal data.
The outfit broke down what information is required to set up an account with the product manufacturers, what permissions the associated apps request, and what customer activity companies are tapping into.
Spoiler alert: it's all for ads and marketing.
Disturbingly, every single brand examined required both exact and approximate location data – as though your fancy washing machine needed to "know" where it is to clean your clothes.
Billy Big Balls of the Week (28:52)
Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections
A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.
Charles James Randol, 33, who is now due to be sentenced, faces a maximum of five years in federal prison and three years supervised release, plus a fine of up to $250,000 or twice the total illicit proceeds from the scams, whichever amount is greater.
Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday. The Santa Monica man would handle crypto-cash transactions exceeding $10,000 without knowing who his customers were – folks known only as "Puppet Shariff," "White Jetta," "Aaavvv," "Aaaa," and "Yogurt Monster," for example – which is hardly in line with regulatory requirements.
To stay on the right side of American law, Randol should have verified and recorded their identities.
In his plea agreement, the cryptocurrency dealer admitted to three in-person transactions between October 2020 to January 2021 in which he gave an undercover FBI agent a total of $273,940 in cash for Bitcoin, and kept a four percent commission fee.
Randol "did not request a name, proof of identity, social security number, or any other information about [the undercover agent] or the source of the funds being exchanged," the plea agreement says.
[Good comment]: Working for an American financial institution, we must go through mandatory AML (anti money laundering) training each year, and the consequences for the firm if an audit finds a violation tend to be in the high 6-digit payouts.
With that in mind, a kid operating a blatantly open money laundering gig takes a proportionally much smaller punishment (assuming white-glove inmates usually manage to leave the can way before their time is served)]
Industry News (36:14)
UK Electoral Commission Fails Cybersecurity Test Amid Data Breach
Crypto Casino Stake.com Back Online After $40m Heist
UK Government Backs Down on Anti-Encryption Stance
Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign
Think Tank Urges Labour to Promote “Securonomics” Agenda
Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary
UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware
Zero-Day Flaw Exposes Atlas VPN User IPs
Tweet of the Week (44:39)
https://twitter.com/KimZetter/status/1699546860187472034
Come on! Like and bloody well subscribe!
More shows like The Host Unknown Podcast
View all
Security Now (Audio)
1,969 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Grumpy Old Geeks
6,019 Listeners
Hacked
184 Listeners
CyberWire Daily
1,007 Listeners
Open Source Security
43 Listeners
Smashing Security
312 Listeners
Click Here
397 Listeners
Darknet Diaries
7,864 Listeners
Hacking Humans
314 Listeners
Defense in Depth
77 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
33 Listeners
The AI Fix
24 Listeners