EPISODE · Nov 26, 2021 · 49 MIN
Episode 83 - The Super Spreader Amateur Hour
from The Host Unknown Podcast · host Mikko Hypponen, Javvad Malik, Thom Langford, Andrew Agnēs
This Week in InfoSec (11:00)With content liberated from the “today in infosec” Twitter account23rd November 2011: It was reported that Apple took over 3 years to fix the iTunes installer vulnerability which the FinFisher remote spying Trojan exploited.Apple Took 3+ Years to Fix FinFisher Trojan Holehttps://twitter.com/todayininfosec/status/133102846161239244820th November 2000: eBay cancelled a listing for Kevin Mitnick's Bureau of Prisons inmate ID card due to uncertainty about his right to sell it. This was after an initial claim it was a prohibition from committing a "violent felony" and profiting from it.eBay pulls Kevin Mitnick trinkets: Taking a firm stand against "violent felons"https://twitter.com/todayininfosec/status/1329940298399703042 Rant of the Week (18:50)SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password'GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys.In a filing on Monday to the SEC, the internet giant said that on November 17 it discovered an "unauthorized third-party" had been roaming around part of its Managed WordPress service, which essentially stores and hosts people's websites.GoDaddy’s chief information security officer Demetrius Comes said his company "immediately began an investigation with the help of an IT forensics firm and contacted law enforcement."Those infosec sleuths, we're told, found evidence that an intruder had been inside part of GoDaddy's website provisioning system, described by Comes as a "legacy code base," since September 6, gaining access using a "compromised password."GoDaddy’s latest rebranding is a break from its sexist past Billy Big Balls of the Week (28:36)Huge fines and a ban on default passwords in new UK lawThe government has introduced new legislation to protect smart devices in people's homes from being hacked.Recent research from consumer watchdog Which? suggested homes filled with smart devices could be exposed to more than 12,000 attacks in a single week.Default passwords for internet-connected devices will be banned, and firms which do not comply will face huge fines. Industry News (34:36)Sky Slow to Fix Bug in RoutersGoDaddy Announces Data BreachTeen Accused of Stealing Bitcoin Worth $36.5MMultiple Bugs Enable Eavesdropping on 37% of Android PhonesApple Sues “State-Sponsored” Spyware Firm NSO GroupMalicious JavaScript Loader is a Multi-RAT DispenserYouTube Live Crypto Scams Made Nearly $9m in OctoberUK Introduces New Cybersecurity Legislation for IoT DevicesUkrainian Cops Bust Mobile Device Hacking Group Tweet of the Week (43:09)https://twitter.com/sociosploit/status/1462440968658079763https://twitter.com/Raspberry_Pi/status/1463803587180511233?s=20 Come on! Like and bloody well subscribe!
What this episode covers
This week in Infosec takes us back to a time a vendor took 3 years to fix a reported vulnerability (is this an old or new story?) Rant of the week is dedicated to password security 101, and how telling Daddy to fix it doesn’t always work Billy Big Balls is a shift in mindset for the industry, backed up with teeth and endorsed by at least two industry heavy hitters Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week reminisces of the times when we would happily raw dog the Internet, and then make useless things do useful tasks
NOW PLAYING
Episode 83 - The Super Spreader Amateur Hour
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m