Episode 45 - The Antibody Episode episode artwork

EPISODE · Mar 5, 2021 · 1H 6M

Episode 45 - The Antibody Episode

from The Host Unknown Podcast · host Andrew Agnes, Thom Langford, Javvad Malik

This week in InfosecLiberated from the “today in infosec” twitter account:2nd March 2002: Zone-H was launched in Estonia and began saving and publishing copies of defaced websites 7 days later. http://www.zone-h.org/news/id/4742?hz=2https://twitter.com/todayininfosec/status/12344923508330086402nd March 2010: Gregory  D. Evans' book "How To Become The World's No. 1 Hacker" was published. The book was heavily plagiarized and not held in high regard. Evans was quite controversial...to say the least. And got a lot of attention for a couple of years. Google him if you wish.https://twitter.com/todayininfosec/status/1234320212117221376https://attrition.org/errata/charlatan/gregory_evans/ https://blog.c22.cc/2010/06/17/threats/comment-page-2/ Rant of the Week (not covered)A warning went up on the perl.org infrastructure weblog late in January notifying users that perl.com now directed to a parking site and advised against visiting "as there are some signals that it may be related to sites that have distributed malware in the past."The site later returned an ERR_CONNECTION_CLOSED error message.The hijack appears to have followed the age-old path of an attacker pouncing on a compromised account and swiping the domain rather than a simple expiration.A good read out of what happened from Perl’s point of view as well as their Incident Response processes (link at the bottom).We had learned very quickly that when you use the registered domain for your email contact, no one can contact you when that domain no longer handles your mail. What we think happenedThis part veers into some speculation, and Perl.com wasn’t the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. There’s no reason for Network Solutions to reveal anything to me (again, I’m not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported.John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars makes the recovery much harder.RANT: Domain was hijacked, old methods, there are no new hacks!https://www.perl.com/article/the-hijacking-of-perl-com/ Billy Big BallsAOL phishing email states your account will be closedhttps://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/https://mashable.com/2014/08/21/aol-disc-marketing-jan-brandt/?europe=true Industry NewsOur source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe!  TikTok Set for Massive $92m Payout Over Privacy SuitFacebook Photo-tagging Lawsuit Settled for $650mGo Malware Detections Increase 2000%Quarter of Healthcare Apps Contain High Severity BugsMicrosoft Patches Four Zero-Day Exchange Server BugsPassword Reuse at 60% as 1.5 Billion Combos Discovered OnlineRansomware Attacks Soared 150% in 2020Canadian Cyber-Agency Workers Threaten StrikeMissing Teens Used School Laptops to Chat with Alleged Abductors Javvad’s Weekly StoriesJav has the COVID Jab Tweet of the WeekMalwareAndPickles @malwrandpicklesIt's probably nothing.Marc J @DrGeekthumbThe server room had no lock.Andy Cooke แอนดี้ คุกส์ @cooke_andyOK, 3389 open to the internet.MrR3b00t | it's safe just don't go outside @UK_Daniel_Cardi wiped the right drive right?Christopher J. Marcinko @christoperjI’m compliant so I’m definitely secureDavid Downs @drdownsWe have a strong password policySimon @cigh033"sorry, your password is too long"Josh Centers @jcentersRudy Giuliani, professional cyber security expertwim letzer @wimletzerThat does not happen to me.David Robert Newman @davidnewman“I wrote my own crypto libraries”Jeroen Jetten @TheTallestJJWe’re too small to be attackedJames Kelley @kelleyllcClient required SolarWinds for security reasons.dao ming si @dms1899Our security policy protects against abuse.Moreno Daltin @morenjiWe have always done this wayPaul Stephenson @tupelofortitudeWife found my credit card statementhttps://twitter.com/Sophos/status/1367082335997427720 The Little PeopleThere will no longer be a Little People segment for the foreseeable future. Sticky Pickle of the WeekImagine you are the CEO of an American based, billion dollar global company.  You hit a SNAFU and are called to testify before congress about what happened.  Obviously the members of congress will want to know in layman's terms how your IT infrastructure was left so unprotected that it was used to deliver malware to several branches of the federal government as well as a series of high-profile private sector targets?What might be your go-to responses?Correct answer: Blame the internAccording to Thompson and current SolarWinds CEO Sudhakar Ramakrishna, an intern who worked at the company posted the “solarwinds123” password on GitHub back in 2017. Security researcher Vinoth Kumar later discovered that the password had been posted publicly since at least June 2018 and informed the company of the leak in 2019, at which point, according to Ramakrishna, it was removed from GitHub.Needless to say, that explanation still leaves a lot of questions unanswered. For instance, was the intern actually responsible for setting the “solarwinds123” password? And, if so, why on earth had the company delegated responsibility for setting such an important password to an intern? Was the password actually changed when the leak was discovered in 2019 or was it just removed from GitHub? And why was there no multifactor authentication protecting that server if it could be used to transfer files onto company servers?It’s a tempting narrative—as the stories about how a massive, complicated breach is the fault of a single actor often are—in which some clueless college student shows up for a summer and sets a dumb password and then carelessly leaves it up in some publicly accessible code on GitHub. Above all, it’s a story that’s easy to understand, especially for members of Congress. For instance, California Rep. Katie Porter pointed out at the hearing, “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad.”https://slate.com/technology/2021/03/solarwinds-hack-cyber-espionage-intern-password.html Come on! Like and bloody well subscribe!

Javvad is incorrigible and continues to insult Sole Founder Thom's family. Is there no stopping this man? Andy didn't feel inclined to comment or intervene. Your weekly stick of podcast bubblegum for your brain.

NOW PLAYING

Episode 45 - The Antibody Episode

0:00 1:06:14

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of The Host Unknown Podcast?

This episode is 1 hour and 6 minutes long.

When was this The Host Unknown Podcast episode published?

This episode was published on March 5, 2021.

What is this episode about?

This week in InfosecLiberated from the “today in infosec” twitter account:2nd March 2002: Zone-H was launched in Estonia and began saving and publishing copies of defaced websites 7 days...

Can I download this The Host Unknown Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!