Andy’s mattress

This Week in InfoSec (11:46)

With content liberated from the “today in infosec” Twitter account

 7th December 1999: The Recording Industry Association of America sues the peer-to-peer file sharing service Napster alleging copyright infringement for allowing users to download copyrighted music for free. The RIAA would eventually win injunctions against Napster forcing the service to suspend operations and eventually file bankruptcy. In the end the RIAA and its members would settle with Napster’s financial backers for hundreds of millions of dollars.

How The Founder of Napster Trolled Metallica at the VMAs

Shawn Fanning at the MTV Video Music Awards in 2000

December 2009, when Yahoo! Doesn't Want You To Know Its Spying Price List; Issues DMCA Takedown

Compliance Guide for Law Enforcement

Rant of the Week (22:37)

The vice president should not be using Bluetooth headphones

This week, Politico opened its newsletter with an article on Vice President Kamala Harris’ aversion to using Bluetooth headphones. The VP was “Bluetooth-phobic,” the story claimed, “wary” of her AirPods and cautious with her technology use to an extent former aides described as “a bit paranoid.” Proof could be seen in her televised appearances: wires dangling from her ears in an interview with MSNBC’s Joy Reid or clutched in her hand during the famous “We did it, Joe” call.

But for a high-profile public official, this is a lot more reasonable than you might think. As security researchers were quick to point out, Bluetooth has a number of well-documented vulnerabilities that could be exploited if a bad actor wanted to hack, say, the second most powerful person in the US government.

Billy Big Balls of the Week

Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments

Alleged scheme said to have netted $20m since 2017

"Batista and Teran perpetrated their fraud by falsely representing to Y.T. [YouTube] and to A.R., an intermediate company responsible for enforcing their music library, that they were the owners of a wide swath of music and that they were entitled to collect any resulting royalty payments."

The government claims that around April, 2017, two men, through their company MediaMuv, LLC, entered into a contract with A.R., which administers and distributes YouTube royalty payments, claiming to control a 50,000 song catalog of music.

They subsequently sent the corresponding song files to A.R., which in turn uploaded the files to YouTube, the indictment claims. The court filing cites as an example the song "Viernes Sin Tu Amor," which A.R. is said to have uploaded to YouTube in 2017 and has earned around $24,000 in royalty payments since then.

This was allegedly done for numerous songs, with A.R. eventually, at the direction of the MediaMuv, writing to YouTube "to bulk clear potential copyright conflicts from MediaMuv's entire music catalog."

Industry News (36:28) 

Nine State Department Phones Hijacked by Spyware

Cyber-attack Closes UK Convenience Stores

French Transport Giant Exposes 57,000 Employees and Source Code

Hotel Guests Locked Out of Rooms After Ransomware Attack

Passports Now Most Attacked Form of ID

AWS Outage Hits Eastern US

IT Execs Half as Likely to Face the Axe After Breaches

Most Phishing Pages are Short-lived

Half of Websites Still Using Legacy Crypto Keys

Tweet of the Week (44:08)

https://twitter.com/TJ_Null/status/1469006847449440262

https://twitter.com/johnjhacking/status/1468860997272174594

Come on! Like and bloody well subscribe!