Episode 166 - The Potato Quality Episode

The Host Unknown Podcast

Contenuto fornito da Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

8M ago 48:13

MP3•Pagina principale dell'episodio

This week in InfoSec (11:51)

With content liberated from the “today in infosec” twitter account and further afield

6th September 1987: Thomas Haynie was accused of intentionally jamming Playboy's satellite network with a text-only message. Haynie was an uplink engineer at the Christian Broadcasting Network and was on duty at the time of the jamming. He received 3 years of probation.

CBN engineer denies pre-empting soft-porn movies

https://twitter.com/todayininfosec/status/1302620593322438656

Rant of the Week (20:12)

If you like to play along with the illusion of privacy, smart devices are a dumb idea

Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected "smart" devices could be a dumb idea if you'd rather try to preserve your privacy.

The consumer rights organization's analysis of a number of IoT products – from speakers and security cameras to TVs and washing machines – found that they all demand customer data above and beyond what is needed for the product to perform its function, and then distribute that information to a horde of faceless corporations.

Consumer campaign group Which? pointed out that this means consumers are not only in many cases paying thousands for the product itself, with all its "smart" connected bells and whistles, but continue to pay in the form of their personal data.

The outfit broke down what information is required to set up an account with the product manufacturers, what permissions the associated apps request, and what customer activity companies are tapping into.

Spoiler alert: it's all for ads and marketing.

Disturbingly, every single brand examined required both exact and approximate location data – as though your fancy washing machine needed to "know" where it is to clean your clothes.

Billy Big Balls of the Week (28:52)

Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections

A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.

Charles James Randol, 33, who is now due to be sentenced, faces a maximum of five years in federal prison and three years supervised release, plus a fine of up to $250,000 or twice the total illicit proceeds from the scams, whichever amount is greater.

Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday. The Santa Monica man would handle crypto-cash transactions exceeding $10,000 without knowing who his customers were – folks known only as "Puppet Shariff," "White Jetta," "Aaavvv," "Aaaa," and "Yogurt Monster," for example – which is hardly in line with regulatory requirements.

To stay on the right side of American law, Randol should have verified and recorded their identities.

In his plea agreement, the cryptocurrency dealer admitted to three in-person transactions between October 2020 to January 2021 in which he gave an undercover FBI agent a total of $273,940 in cash for Bitcoin, and kept a four percent commission fee.

Randol "did not request a name, proof of identity, social security number, or any other information about [the undercover agent] or the source of the funds being exchanged," the plea agreement says.

[Good comment]: Working for an American financial institution, we must go through mandatory AML (anti money laundering) training each year, and the consequences for the firm if an audit finds a violation tend to be in the high 6-digit payouts.

With that in mind, a kid operating a blatantly open money laundering gig takes a proportionally much smaller punishment (assuming white-glove inmates usually manage to leave the can way before their time is served)]

Industry News (36:14)

UK Electoral Commission Fails Cybersecurity Test Amid Data Breach

Crypto Casino Stake.com Back Online After $40m Heist

UK Government Backs Down on Anti-Encryption Stance

Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign

Think Tank Urges Labour to Promote “Securonomics” Agenda

Chinese Hacker Steals Microsoft Signing Key, Spies on US Government

IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary

UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware

Zero-Day Flaw Exposes Atlas VPN User IPs

Tweet of the Week (44:39)

https://twitter.com/KimZetter/status/1699546860187472034

Come on! Like and bloody well subscribe!

194 episodi

#Tech #Entrepreneur #Business #Comedy #Improv #Host Unknown #Andrew Agnes #Javvad Malik #This Week In Infosec #Cyber Security #Risk Management #Hackers #Cybersecurity #Rant Of The Week #Tweet Of The Week #Billy Big Balls Of The Week #InfoSec