Sign up to save your podcasts
Or
Share Episode 177 - The Are We Doing This Episode
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 177 - The Are We Doing This Episode
This week in InfoSec (07:51)
With content liberated from the “today in infosec” twitter account and further afield
5th December 2011: Fyodor reported that CNET's http://Download.com had been wrapping its Nmap downloads in a trojan installer...in order to monetize spyware and adware. CNET quickly stopped, then resumed within days, it affected other downloads, and was a debacle.
Download.com Caught Adding Malware to Nmap & Other Software
https://twitter.com/todayininfosec/status/1732073893912047860
4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches. Search your email addresses for free.
https://twitter.com/todayininfosec/status/1731673318560801228
Rant of the Week (13:29)
It's ba-ack... UK watchdog publishes age verification proposals
The UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act.
The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include credit card checks, facial age estimation, and photo ID matching.
The checks are all in the name of protecting children from the grot that festoons large swathes of the world wide web. However, service providers will likely be stuck between a rock and a hard place in implementing the guidance without also falling foul of privacy regulations. For example, Ofcom notes the following age checks as potentially "highly effective":
- Open banking, where a bank confirms a user is over 18 without sharing any other personal information.
- Mobile network operator (MNO) age check, where the responsibility is shunted onto an MNO content restriction filter that can only be removed if the device user can prove to the MNO that they are over 18.
- Photo ID matching, where an image of the user is compared to an uploaded document used as proof of age to verify that they are the same person.
- Credit card checks, where a credit card account is checked for validity – in the UK, credit card holders must be over 18.
- Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age.
It doesn't take a genius to imagine how a determined teenager might circumvent many of these restrictions, nor the potential privacy nightmare inherent in many of them if an adult is forced to share this level of info when accessing age-restricted sites.
Billy Big Balls of the Week (23:12)
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password
Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.
The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else."
Secret Code builds on another feature called Chat Lock that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics.
By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted.
"You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added.
The development comes weeks after WhatsApp introduced a "Protect IP Address in Calls" feature that masks users' IP addresses to other parties by relaying the calls through its servers.
Industry News
Sellafield Accused of Covering Up Major Cyber Breaches
Porn Age Checks Threaten Security and Privacy, Report Warns
US Federal Agencies Miss Deadline for Incident Response Requirements
Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics
Police Arrest 1000 Suspected Money Mules
Deutsche Wohnen Ruling Set to Drive Up GDPR Fines
Cambridge Hospitals Admit Two Excel-Based Data Breaches
Governments Spying on Apple and Google Users, Says Senator
Liability Fears Damaging CISO Role, Says Former Uber CISO
Tweet of the Week
https://twitter.com/MalwareJake/status/1732463774949310547
Come on! Like and bloody well subscribe!
View all episodes
By Host Unknown, Thom Langford, Andrew Agnes, Javvad Malik
4.8
55 ratings
This week in InfoSec (07:51)
With content liberated from the “today in infosec” twitter account and further afield
5th December 2011: Fyodor reported that CNET's http://Download.com had been wrapping its Nmap downloads in a trojan installer...in order to monetize spyware and adware. CNET quickly stopped, then resumed within days, it affected other downloads, and was a debacle.
Download.com Caught Adding Malware to Nmap & Other Software
https://twitter.com/todayininfosec/status/1732073893912047860
4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches. Search your email addresses for free.
https://twitter.com/todayininfosec/status/1731673318560801228
Rant of the Week (13:29)
It's ba-ack... UK watchdog publishes age verification proposals
The UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act.
The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include credit card checks, facial age estimation, and photo ID matching.
The checks are all in the name of protecting children from the grot that festoons large swathes of the world wide web. However, service providers will likely be stuck between a rock and a hard place in implementing the guidance without also falling foul of privacy regulations. For example, Ofcom notes the following age checks as potentially "highly effective":
- Open banking, where a bank confirms a user is over 18 without sharing any other personal information.
- Mobile network operator (MNO) age check, where the responsibility is shunted onto an MNO content restriction filter that can only be removed if the device user can prove to the MNO that they are over 18.
- Photo ID matching, where an image of the user is compared to an uploaded document used as proof of age to verify that they are the same person.
- Credit card checks, where a credit card account is checked for validity – in the UK, credit card holders must be over 18.
- Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age.
It doesn't take a genius to imagine how a determined teenager might circumvent many of these restrictions, nor the potential privacy nightmare inherent in many of them if an adult is forced to share this level of info when accessing age-restricted sites.
Billy Big Balls of the Week (23:12)
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password
Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.
The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else."
Secret Code builds on another feature called Chat Lock that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics.
By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted.
"You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added.
The development comes weeks after WhatsApp introduced a "Protect IP Address in Calls" feature that masks users' IP addresses to other parties by relaying the calls through its servers.
Industry News
Sellafield Accused of Covering Up Major Cyber Breaches
Porn Age Checks Threaten Security and Privacy, Report Warns
US Federal Agencies Miss Deadline for Incident Response Requirements
Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics
Police Arrest 1000 Suspected Money Mules
Deutsche Wohnen Ruling Set to Drive Up GDPR Fines
Cambridge Hospitals Admit Two Excel-Based Data Breaches
Governments Spying on Apple and Google Users, Says Senator
Liability Fears Damaging CISO Role, Says Former Uber CISO
Tweet of the Week
https://twitter.com/MalwareJake/status/1732463774949310547
Come on! Like and bloody well subscribe!
More shows like The Host Unknown Podcast
View all
Security Now (Audio)
1,963 Listeners
Risky Business
361 Listeners
No Such Thing As A Fish
4,845 Listeners
Page 94: The Private Eye Podcast
284 Listeners
Smashing Security
313 Listeners
Click Here
387 Listeners
Darknet Diaries
7,822 Listeners
Hard Fork
5,359 Listeners
Risky Bulletin
33 Listeners
The Rest Is Entertainment
798 Listeners
The AI Fix
25 Listeners
16 Sunsets
34 Listeners