Episode 154 - The Broom-cupboard Episode episode artwork

EPISODE · Jun 2, 2023 · 46 MIN

Episode 154 - The Broom-cupboard Episode

from The Host Unknown Podcast · host Javvad Malik, Thom Langford, Andrew Agnês

Voting has closed for this years European Cybersecurity Blogger Awards has closed. Did you vote with your conscience, or did you vote for us? This week in InfoSec (08:33)With content liberated from the “today in infosec” twitter account and further afield30th May 1972: John Postel published RFC 349, Proposed Standard Socket Numbers.RFC 349https://twitter.com/todayininfosec/status/1266805406707232768 1st June 1999: Shawn Fanning and Sean Parker release the filesharing service Napster. The service provides a simple way for users to copy and distribute MP3 music files. It became an instant hit, especially among college students. Just over 6 months later, on December 7, 1999, the Recording Industry Association of America (RIAA) filed a lawsuit against the service, alleging mass copyright infringement. Eventually this lawsuit forced the shutdown of the company on September 3, 2002, but not before the popularity of downloading digital music was firmly entrenched in a generation of Internet users. Rant of the Week (16:32)Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagineAmerica's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy – and made the cost of those actions, as alleged, a mere $30.8 million.The regulator on Wednesday charged, via the US Dept of Justice, two Amazon outfits with various privacy snafus.The e-tail giant’s Ring home security cam subsidiary was accused of “compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.”“Not only could every Ring employee and Ukraine-based third-party contractor access every customer’s videos (all of which were stored unencrypted on Ring’s network), but they could also readily download any customer’s videos and then view, share, or disclose those videos at will,” reads the FTC's complaint [PDF].The document goes on to describe how “a customer service agent might need access to the video data of a particular customer to troubleshoot a problem, that same customer service agent had unfettered access to videos belonging to thousands of customers who never contacted customer service.”Another nightmare: “Although an engineer working on Ring’s floodlight camera might need access to some video data from outdoor devices, that engineer had unrestricted access to footage of the inside of customers’ bedrooms.”Ring staff weren’t trained on how to handle private data. And some abused it, horribly, according to the consumer watchdog.The complaint details one employee who, the FTC said, “viewed thousands of video recordings belonging to at least 81 unique female users,” and “focused his prurient searches on cameras with names indicating that they surveilled an intimate space, such as ‘Master Bedroom,’ ‘Master Bathroom,’ or ‘Spy Cam’.”The employee spent more than an hour a day on this revolting stuff, undetected by Ring, for months, it was claimed.When a female coworker reported this activity, her supervisor “discounted the report, telling the female employee that it is ‘normal’ for an engineer to view so many accounts," the FTC noted. Billy Big Balls of the Week (29:42)Pegasus-pusher NSO gets new owner keen on the commercial spyware bizSpyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company's Pegasus malware is targeting yet more human rights advocates and journalists.Once installed on a victim's device, Pegasus can, among other things, secretly snoop on that person's calls, messages, and other activities, and access their phone's camera without permission. This has led to government sanctions against NSO and a massive lawsuit from Meta.The Israeli company's creditors, Credit Suisse and Senate Investment Group, foreclosed on NSO earlier this year, according to the Wall Street Journal, which broke that story the other day.Essentially, we're told, NSO's lenders forced the biz into a restructure and change of ownership after it ran into various government ban lists and ensuing financial difficulties.The new owner is a Luxembourg-based holding firm called Dufresne Holdings controlled by NSO co-founder Omri Lavie, according to the newspaper report. Corporate filings now list Dufresne Holdings as the sole shareholder of NSO parent company NorthPole.Dufresne Holdings has removed "a number of directors and officers" across NSO and is involved in the company's day-to-day management, the Wall Street Journal added.An NSO spokesperson meanwhile said "the company is managed directly by our CEO, Yaron Shohat. The lenders are currently in a process of restructuring the shareholders." The company has not only faced criticism over its Pegasus spyware implant, US and European officials over the past couple of years have cracked down on NSO in particular, and commercial spyware in general.Reports keep emerging about Pegasus and other surveillance technologies being used in ways that decidedly violate NSO's claims that it only sells the malware to legitimate government agencies "for the purpose of preventing and investigating terrorism and other serious crimes."It is that time of the show where we head to our news sources over at the Infosec PA newswire who have been very busy bringing us the latest and greatest security news from around the globe! Industry News (37:34)Romania’s Safetech Leans into UK Cybersecurity MarketNine Million MCNA Dental Customers Hit by BreachRansomware Gangs Adopting Business-like Practices to Boost ProfitsHuman Error Fuels Industrial APT Attacks, Kaspersky ReportsNigerian Cybercrime Ring's Phishing Tactics ExposedPentagon Cyber Policy Cites Learnings from Ukraine WarAmazon to Pay $31m After FTC's Security and Privacy AllegationsHMRC in New Tax Credits Scam WarningHorabot Campaign Targets Spanish-Speaking Users in the Americas Tweet of the Week (44:04)https://twitter.com/securityweekly/status/1664335258655784960 Come on! Like and bloody well subscribe!

This week in InfoSec takes us back to the day the music industry changed forever Rant of the Week plays privacy-failing bingo with Amazon Billy Big Balls is NSO group asking us to meet the new boss, same as the old boss Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is a glimpse of our AI future

NOW PLAYING

Episode 154 - The Broom-cupboard Episode

0:00 46:48

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of The Host Unknown Podcast?

This episode is 46 minutes long.

When was this The Host Unknown Podcast episode published?

This episode was published on June 2, 2023.

What is this episode about?

Voting has closed for this years European Cybersecurity Blogger Awards has closed. Did you vote with your conscience, or did you vote for us? This week in InfoSec (08:33)With content liberated from the “today in infosec” twitter account and further...

Can I download this The Host Unknown Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!