Episode 152 - The Sicknote Episode episode artwork

EPISODE · May 19, 2023 · 52 MIN

Episode 152 - The Sicknote Episode

from The Host Unknown Podcast · host Thom Langford, Javvad Malik, Andrew Agnês

European Security Blogger Awards 2023Vote for us (and Thom and teissTalk) here:https://forms.gle/o6LwY6t5bSY9Fp5CA  This week in InfoSec (11:24)With content liberated from the “today in infosec” twitter account and further afield15th May 2011: Sony Begins Restoration of Its PlayStation Network after Cyber AttackAfter a malicious cyber attack compromises Sony Computer Entertainment's data center in San Diego, California, the PlayStation Network is shut down on April 20. The ensuing investigation revealed a number of security flaws, and in tandem with outside security firms, Sony implemented a number of upgrades to deter and mitigate future attacks to its network and its customers’ personal information. The Americas, Oceania, Europe and the Middle East were the first regions to regain access to the PlayStation Network, and among other measures, customers were required to reset their passwords upon initially signing in. As more and more personal information is posted online, whether for financial, social, or business transactions, the safekeeping and protection of this data has come to the forefront of Internet consumer concerns.  20th May 2003: Rain Forest Puppy reflected on change in the security industry and made a declaration of his personal change. https://web.archive.org/web/20090510083820/www.wiretrip.net/rfp/txt/evolution.txthttps://twitter.com/todayininfosec/status/1395378144861896705  Rant of the Week (18:00)Upstart encryption app walks back privacy claims, pulls from stores after probeA new-ish messaging service that claimed to put privacy first has pulled its end-to-end encryption claims from its website and its app from both the Apple and Google software stores after being called out online.Converso – a comms app launched in September 2022 – billed itself as a "next-generation messaging app that keeps your conversations completely private." This, according to the developer's website, included "proprietary state-of-the-art end-to-end encryption technology," no storage of messages on servers, and "absolutely no use of user data." It claimed it could stand up to the likes of Signal and WhatsApp in the security stakes. A blogger who goes by Crnković and has an interest in encryption protocols heard about Converso from an ad on a podcast and decided to poke around to see if the software lived up to the hype. Crnković found the app talked to a Google Cloud-hosted database that was left completely open to the public by the software's developers. This Firestore database, we're told, included encrypted message content, metadata about people's messages, their private encryption keys, phone numbers, and more. Essentially, it would be possible for anyone to fetch that information and decrypt a stranger's message that went through the app, according to the researcher.Crnković concluded:Not only is metadata public, but so too are the keys used to encrypt messages. Anyone can download a Converso user's private key, which could be used to decrypt their secret conversations.There's no longer any real distinction between cleartext and encrypted messages – nothing is meaningfully encrypted. For your security, you shouldn't use Converso to send any message that you wouldn't also publish as a tweet."Dissecting Converso was in large part a learn-as-you-go exercise for me, as I don't have prior experience reverse engineering mobile apps," Crnković told The Register. "I was shocked at each exponentially worse mistake."Telegram vulnerability: https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/ Billy Big Balls of the Week (27:37)Microsoft decides it will be the one to choose which secure login method you useMicrosoft wants to take the decision of which multi-factor authentication (MFA) method to use out of the users' hands and into its own.The software maker this week is rolling out what it calls system-preferred authentication for MFA, which will present individuals signing in with the most secure method and then alternatives if that method is unavailable.Redmond first unveiled the feature in a disabled state in April and is now making it generally available to all commercial users through the Azure Portal or Graph APIs, with the decision whether to enable it for tenants now resting with administrators.That said, in July Microsoft will make system-preferred authentication a default feature in its Azure Entra portfolio for all user accounts, with more information coming out next month.The goal is to shore up security by not only delivering new features to harden products and services but to, at times, strong-arm people into using them.More security, fewer problems?"This system prompts the user to sign in with the most secure method they've registered and the method that's enabled by admin policy," Alex Weinert, vice president and director of identity security at Microsoft, wrote in a blog post. "This will transition users from choosing a default method to use first to always using the most secure method available. If they can't use the method they were prompted to use, they can choose a different MFA method to sign in." Industry News (36:43)Ex-Ubiquiti Employee Imprisoned For $2m Crypto Extortion SchemeNSO Group Spends Millions Lobbying US GovernmentCyber-Resilience Programs Failing on Poor VisibilityNew Cloud Data Leak Adds to Capita's WoesGovernment Publishes Playbook to Enhance Smart City SecurityChatGPT Leveraged to Enhance Software Supply Chain SecurityMontana Signs Ban on TikTok Usage on Personal DevicesApple's App Store Blocks $2bn in Fraudulent TransactionsCyber Warfare Escalates Amid China-Taiwan Tensions Tweet of the Week (48:17)https://twitter.com/pmbaumgartner/status/1658804805014368256 Come on! Like and bloody well subscribe!

This week in InfoSec reminds us of when the Playstation Network was down for 3 weeks Rant of the Week is a reminder of why you don’t roll your own encryption Billy Big Balls is the story of Microsoft making authentication decisions for you Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week uses lessons from ChatGPT

NOW PLAYING

Episode 152 - The Sicknote Episode

0:00 52:26

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of The Host Unknown Podcast?

This episode is 52 minutes long.

When was this The Host Unknown Podcast episode published?

This episode was published on May 19, 2023.

What is this episode about?

European Security Blogger Awards 2023Vote for us (and Thom and teissTalk) here:https://forms.gle/o6LwY6t5bSY9Fp5CA  This week in InfoSec (11:24)With content liberated from the “today in infosec” twitter account and further afield15th May 2011: Sony...

Can I download this The Host Unknown Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!