This Week in InfoSec (04:09)

With content liberated from the “today in infosec” twitter account

16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, then posted her emails to 4chan.

2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS.

Student convicted of hacking Sarah Palin e-mail account

Sarah Palin email hack

https://twitter.com/todayininfosec/status/1306360597915865097

9th September 2015: The security of 300 million travel locks was compromised after 3-D printing files were posted online.

Then again, these travel locks never were particularly secure.

Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos

https://twitter.com/todayininfosec/status/1303847394556219392  

Tweet of the Week (13:06)

https://twitter.com/yolkfolk_com/status/1438580784294735875

Sticky Pickle of the Week (18:16)

Sticky Pickle of the Week is the part of the show where everyone chooses something that they like. It could be a funny story, a book they’ve read, a TV show, movie, record, a podcast, a website, or an app, whatever they like.  It doesn’t have to be security-related necessarily.

Better not be!

Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude'

Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.

That's according to the trade association UK Finance, which found that the number of "impersonation scam cases" more than doubled in the first half of 2021 to 33,115 – up from 14,947 during the same period last year.

That is a Sticky Pickle

It's time to delete that hunter2 password from your Microsoft account, says IT giant

From this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence or a reconfiguration of an ex’s name and birthday to access the Windows giant's services.

That is to say, you can delete the password from your Microsoft account, and login using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your cellphone or email inbox. (Last year, Redmond said SMS codes were unsafe for authentication, we note.)

That is a Sticky Pickle

Ransomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anyway

A couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools.

Grief Corp is the latest criminal crew to warn its victims with instant data destruction if it suspects a mark has engaged a mediator.

In a statement posted to its Tor-hosted blog, Grief Corp said: "We wanna play a game. If we see professional negotiator from Recovery Company™ – we will just destroy the data.

That is a Sticky Pickle

Industry News (31:16)

Poland Extradites Alleged Botnet Operator to US

UK Man Gets Five Years for Online Abuse Campaign

WhatsApp to Roll Out Encrypted Backups

US Locks Up Key Player in Nigerian Romance Scam

Apple Releases Urgent Patch Following Discovery of Pegasus Spyware

Massachusetts AG Launches Probe into T-Mobile Data Breach

Microsoft Patches OMIGOD, MSHTML and PrintNightmare Bugs

Americans Fined After Hacking for Foreign Government

Household Names Hit with £500K Fine for Spamming Consumers

Tweet of the Week (38:05)

https://twitter.com/snipeyhead/status/1437935968460304384?s=20

Come on! Like and bloody well subscribe!