The IT Privacy and Security Weekly Update.

What better way to get to grips with IT Privacy and Security topics than with a discussion. In this episode, we break out the issues and topics covered in Tuesday's update.

EP210 

For this update we kick off with 11 million devices and end with a way to track those that were supposed to be un-trackable.
We start with the reoccurrence from a family of malware that once was eradicated, but now seems to have reappeared.
We move from there to the US where the Federal Trade Commission has finally decided to weigh in on social media apps. and how they are making money.
From there a new way to get phished.  This one is aimed at developers, but the next, may have you in it's sights.
We are gifted a new browser in the Firefox class.  We tried it and we like it.  
The US moves on smart car bans for nation-states it thinks should not have access to hoover up data within the continental US
Then China breaks into a firm through an outdated IBM mainframe and lingers...
We close the update with an ingenious story of how China is using Starlink satellites to make the invisible visible.
This week we catch lots of frenetic activity.  Let's go see how China has kept busy!

Click here for a full transcript to this podcast.

This is the podcast about the IT Privacy and Security Weekly Update Tearing it Down for the week ending September 24th. 2024 podcast. Enjoy it. More learning and more fun!

EP209 

You can tear it up, or tear it down, and this week we get a bit of both as we circle the Earth with our update.
We start with Snapchat seemingly opting you in to yet another AI use case.  Subscribers are suspicious, but we let you be the judge.
From there we go to a story not so much about a hacker as an aggregator.  Wait how many email addresses have they collected?
For our third update we look at the other side of supply chain interference.  Exploding devices may be one thing when they are "over there" but what if they end up in your pocket of front room?
Google has announced it will soon tear down a big obstacle for passkeys in their synching across devices through the use of their password manager.
An international trade union calls out three of the "Fantastic Five" for their Undemocratic ways.  This could smart in a US election year.
And we finish this update with a new phenomenon called a noise storm and the interesting thing found in the midst of it.
We tear it down so you can have a better look inside.  Come join us!

Find the full transcript to this podcast here.

Listen as our AI hosts discuss Tuesday's update in this special update podcast.

https://rprescottstearns.weebly.com/news/the-it-privacy-and-security-weekly-update-with-a-side-of-post-quant-for-the-week-ending-september-17th-2024

Post-Quantum Cryptography Takes Center Stage: NIST finalizes three new encryption algorithms to counter future quantum threats, prompting Google and Microsoft to announce updates. This section emphasizes the rapid response of tech giants and the importance of proactive security measures.

Larry Ellison's AI Vision: Surveillance and Databases: Oracle's CTO highlights the company's role in AI infrastructure, emphasizing the importance of organized data. Ellison's controversial statements regarding AI-driven surveillance are explored, raising ethical questions about privacy in the age of AI.

North Korean Cyberthreat: Targeting Developers: The Lazarus Group's sophisticated malware campaign uses fake coding tests to target job-seeking developers. This section details the dangers of social engineering attacks and the importance of vigilance in cybersecurity practices.

Facebook's Data Harvesting Practices Exposed: Facebook admits to scraping data from Australian users, including public photos and posts, to train its AI models. The lack of opt-out options for Australians, in contrast to EU regulations, sparks concerns about data privacy and consent.

23andMe Data Breach Settlement: The genetic testing company agrees to a $30 million settlement following a data breach affecting millions of customers. Details of the settlement, including cybersecurity improvements and customer payouts, are outlined, raising questions about data security practices in the genetic testing industry.

The Hidden Threat in Your Smart TV: Over a million streaming devices found to be infected with malware capable of remote updates, highlighting vulnerabilities in open-source Android systems. This section explores the potential causes of the infection, including supply chain risks and the use of outdated software, urging consumers to be cautious about device security.

Quote of the Week: Reflecting on the week's themes, the update concludes with a quote from Tim Cook emphasizing the inherent risks of backdoors in technology, even for seemingly benevolent purposes.

Source 2: US: NIST finalizes trio of post-quantum encryption standards (The Register)

Introduction: Highlights the release of new post-quantum encryption standards by NIST, designed to withstand future quantum computing attacks.

New Encryption Standards: Details the three finalized algorithms, focusing on their specific purposes in protecting data transmission and ensuring online identity authentication.

Backup Algorithms and Transition Timeline: Discusses NIST's ongoing work on backup algorithms and emphasizes the need for system administrators to begin transitioning to the new standards promptly.

Industry Response: Showcases Google and Microsoft's swift actions in updating their encryption algorithms to align with NIST standards, illustrating the industry's proactive approach to quantum-resistant security.

Source 3: US: Ellison Declares Oracle 'All In' On AI Mass Surveillance (The Register)

Oracle's Role in the AI Landscape: Summarizes Larry Ellison's vision of Oracle as a leading provider of AI infrastructure, leveraging its networking architecture and partnerships with AWS and Microsoft.

AI and Mass Surveillance: Presents Ellison's controversial proposal for using AI to enable constant surveillance, highlighting his belief that it will improve police conduct and citizen behavior.

Ethical Concerns and Implications: Raises questions about the ethical implications of widespread AI surveillance and the potential erosion of privacy in pursuit of public safety.

Source 4: Global: malware via fake recruiting tests (SC Magazine)

Introduction: Describes a new malware campaign attributed to the North Korean Lazarus Group targeting developers through fake coding tests during recruitment processes.

Modus Operandi: Details the attackers' tactics, including the use of legitimate-looking Python libraries, hosting malware on trusted platforms, and creating a sense of urgency to bypass security checks.

Scope and Impact: Explores the potential impact of the malware, highlighting the risks associated with Python's deep system interaction and the need for enhanced security measures in the tech industry.

Source 5: AU: Facebook Admits To Scraping Every Australian Adult User's Public Photos and Posts To Train AI, With No Opt-out Option (ABC News Australia)

Facebook's Data Scraping Admission: Reveals Facebook's admission during an inquiry that it scrapes public data of Australian users to train AI models, without providing an opt-out option.

Comparison to EU Regulations: Contrasts the lack of opt-out for Australians with Facebook's compliance with EU regulations allowing users to refuse consent for data scraping.

Potential Consequences: Speculates on potential actions by Australian authorities, particularly in light of the involvement of children's data and the potential for privacy violations.

Source 6: Global: 23andMe To Pay $30 Million In Genetics Data Breach Settlement (Bleeping Computer)

Data Breach Settlement: Reports on the $30 million settlement reached by 23andMe to resolve a class action lawsuit stemming from a data breach affecting millions of customers.

Settlement Details: Outlines the key elements of the settlement, including customer payouts, cybersecurity enhancements, and employee training programs.

Denial of Wrongdoing: Notes that 23andMe denies any wrongdoing despite agreeing to the settlement, highlighting the company's stance on its data security practices.

Source 7: Global: Your TV may come with its own back door (Dr. Web)

Malware Infection in Streaming Devices: Describes a widespread malware infection affecting millions of Android-based streaming devices globally, raising concerns about device security.

Technical Analysis: Explores the nature of the malware and its ability to receive remote updates through a backdoor, emphasizing the potential for malicious activities.

Possible Infection Vectors: Investigates potential causes of the infection, including the use of outdated software, vulnerabilities in open-source Android systems, and supply chain risks.

Consumer Protection: Concludes by urging consumers to be aware of potential security risks associated with streaming devices, particularly those from lesser-known manufacturers.

EP208

Last month NIST finalized their selection of three algos for post-quant Cryptography and already we have two major players announcing they will be updating their encryption algos.
Larry Ellison infamous as the Oracle CEO, now CTO, tells us why he thinks we should be on our best behavior for AI.
Oh, and that Citigroup dev job you were applying for.... you didn't get the job, but you did pick up something else.
Facebook comes clean on the fact that it has scraped every Ozzie's face.
23andMe won't admit they did anything wrong, but if you were a customer involved in this particular lawsuit you are going to get a cash payment within 10 days of court approval.
And we finish with why you have to start thinking of your TV as a door.
We may be pre-quant now, but this weeks' IT Privacy and Security Weekly update is first to the post-!

Find the full transcript to this weeks' podcast here.

This week start the kameshika signal with a mushroom walking into the room.
We get a new use case from the "Po-lice" for that Tesla parked over "thar".
Then it seems NSA have enjoyed this update and podcast so much it inspired them to create their own (Thanks team!).
There's a new version of a particular spyware program that we're calling out.
A spec. sheet from Bluetooth version six that would probably even excite your dentist.
A set of critical numbers from Microsoft in this week's patch Tuesday update and an urgent update request for Windows 10 users.
And on its 10 anniversary an app that give you something no other app can match.
Everything will become clear once we hear the signal. 

Click here for a full transcript of this podcast.

EP206 This week's update takes off from Las Vegas and lands somewhere in Low Earth Orbit.

We have databases of faces and how both a police union and the Dutch Data Protection watchdog think they are a bad idea.
If they have your face, how do you prove you are you?  That's the next challenge and a proposal from OpenAI and Harvard thinks it'll have you covered.  We might have a different opinion.
With elections coming up in the US would you be upset to discover that the code in your voting machine was written and updated by a Russian?  You could not make this stuff up.
The Washington Post tells us why it thinks that Pavel Durov should stay in jail  and some security researchers share how you might bypass TSA security the next time you are at an airport.
Finally we will soon have fifteen thousand reasons for considering not subscribing to one provider's broadband.
The dream police, they live inside of our heads.  Let's check out this week's arresting update. 

Find the transcript to the this pod. here.

Cash Cows and the IT Privacy and Security Weekly Update for the week ending August 27th 2024

8/27/2024

0 Comments

Episode 205The cash cow is in your house and you sit staring at it.
How did it get in? We’ll give you the latest on cloned RFID cards that will let you into almost any door using them.
Google gets shady with its collection practices and ends up back in court.
The FBI receives an order to clean house from the Dept. of Justice Inspector General.
Uber gets spanked in the Netherlands for sending private data across the world
And finally the Russian Army looks dazed and confused as their main form of communication gets locked away.

We may be in the dog days of Summer, but all we’re seeing are cows!

Find the full transcript for this podcast here.

Episode 204

Join us as we Zoom in to the biggest crowd we have ever seen.
Fancy a cycle around the neighborhood with the kids on your hot new bicycle? Read our update first!
There’s a new copilot that could make a huge difference to your open source project and a huge new fine for one European mobile phone company (in the US).
Then, a story about a firm that could’ve had the best security in the world, but it wouldn’t have mattered because they published their own passwords on-line.
We get a solemn reminder that no matter how rich and how smart, there is always an element of risk in anything you do.
From Taiwan, a new Domain Name System (DNS) backdoor that is exponentially more clever.
And we finish by crashing a plane tracker that was leaking user data ….for three years.
We zoom 'round and 'round this big world of ours delivering the best in IT Privacy and Security.
So settle in and let’s go!

Find the full transcript to this podcast here.