EPISODE · Mar 5, 2021 · 1H 6M
Episode 45 - The Antibody Episode
from The Host Unknown Podcast · host Andrew Agnes, Thom Langford, Javvad Malik
This week in InfosecLiberated from the “today in infosec” twitter account:2nd March 2002: Zone-H was launched in Estonia and began saving and publishing copies of defaced websites 7 days later. http://www.zone-h.org/news/id/4742?hz=2https://twitter.com/todayininfosec/status/12344923508330086402nd March 2010: Gregory D. Evans' book "How To Become The World's No. 1 Hacker" was published. The book was heavily plagiarized and not held in high regard. Evans was quite controversial...to say the least. And got a lot of attention for a couple of years. Google him if you wish.https://twitter.com/todayininfosec/status/1234320212117221376https://attrition.org/errata/charlatan/gregory_evans/ https://blog.c22.cc/2010/06/17/threats/comment-page-2/ Rant of the Week (not covered)A warning went up on the perl.org infrastructure weblog late in January notifying users that perl.com now directed to a parking site and advised against visiting "as there are some signals that it may be related to sites that have distributed malware in the past."The site later returned an ERR_CONNECTION_CLOSED error message.The hijack appears to have followed the age-old path of an attacker pouncing on a compromised account and swiping the domain rather than a simple expiration.A good read out of what happened from Perl’s point of view as well as their Incident Response processes (link at the bottom).We had learned very quickly that when you use the registered domain for your email contact, no one can contact you when that domain no longer handles your mail. What we think happenedThis part veers into some speculation, and Perl.com wasn’t the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. There’s no reason for Network Solutions to reveal anything to me (again, I’m not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported.John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars makes the recovery much harder.RANT: Domain was hijacked, old methods, there are no new hacks!https://www.perl.com/article/the-hijacking-of-perl-com/ Billy Big BallsAOL phishing email states your account will be closedhttps://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/https://mashable.com/2014/08/21/aol-disc-marketing-jan-brandt/?europe=true Industry NewsOur source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe! TikTok Set for Massive $92m Payout Over Privacy SuitFacebook Photo-tagging Lawsuit Settled for $650mGo Malware Detections Increase 2000%Quarter of Healthcare Apps Contain High Severity BugsMicrosoft Patches Four Zero-Day Exchange Server BugsPassword Reuse at 60% as 1.5 Billion Combos Discovered OnlineRansomware Attacks Soared 150% in 2020Canadian Cyber-Agency Workers Threaten StrikeMissing Teens Used School Laptops to Chat with Alleged Abductors Javvad’s Weekly StoriesJav has the COVID Jab Tweet of the WeekMalwareAndPickles @malwrandpicklesIt's probably nothing.Marc J @DrGeekthumbThe server room had no lock.Andy Cooke แอนดี้ คุกส์ @cooke_andyOK, 3389 open to the internet.MrR3b00t | it's safe just don't go outside @UK_Daniel_Cardi wiped the right drive right?Christopher J. Marcinko @christoperjI’m compliant so I’m definitely secureDavid Downs @drdownsWe have a strong password policySimon @cigh033"sorry, your password is too long"Josh Centers @jcentersRudy Giuliani, professional cyber security expertwim letzer @wimletzerThat does not happen to me.David Robert Newman @davidnewman“I wrote my own crypto libraries”Jeroen Jetten @TheTallestJJWe’re too small to be attackedJames Kelley @kelleyllcClient required SolarWinds for security reasons.dao ming si @dms1899Our security policy protects against abuse.Moreno Daltin @morenjiWe have always done this wayPaul Stephenson @tupelofortitudeWife found my credit card statementhttps://twitter.com/Sophos/status/1367082335997427720 The Little PeopleThere will no longer be a Little People segment for the foreseeable future. Sticky Pickle of the WeekImagine you are the CEO of an American based, billion dollar global company. You hit a SNAFU and are called to testify before congress about what happened. Obviously the members of congress will want to know in layman's terms how your IT infrastructure was left so unprotected that it was used to deliver malware to several branches of the federal government as well as a series of high-profile private sector targets?What might be your go-to responses?Correct answer: Blame the internAccording to Thompson and current SolarWinds CEO Sudhakar Ramakrishna, an intern who worked at the company posted the “solarwinds123” password on GitHub back in 2017. Security researcher Vinoth Kumar later discovered that the password had been posted publicly since at least June 2018 and informed the company of the leak in 2019, at which point, according to Ramakrishna, it was removed from GitHub.Needless to say, that explanation still leaves a lot of questions unanswered. For instance, was the intern actually responsible for setting the “solarwinds123” password? And, if so, why on earth had the company delegated responsibility for setting such an important password to an intern? Was the password actually changed when the leak was discovered in 2019 or was it just removed from GitHub? And why was there no multifactor authentication protecting that server if it could be used to transfer files onto company servers?It’s a tempting narrative—as the stories about how a massive, complicated breach is the fault of a single actor often are—in which some clueless college student shows up for a summer and sets a dumb password and then carelessly leaves it up in some publicly accessible code on GitHub. Above all, it’s a story that’s easy to understand, especially for members of Congress. For instance, California Rep. Katie Porter pointed out at the hearing, “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad.”https://slate.com/technology/2021/03/solarwinds-hack-cyber-espionage-intern-password.html Come on! Like and bloody well subscribe!
What this episode covers
Javvad is incorrigible and continues to insult Sole Founder Thom's family. Is there no stopping this man? Andy didn't feel inclined to comment or intervene. Your weekly stick of podcast bubblegum for your brain.
NOW PLAYING
Episode 45 - The Antibody Episode
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m