 |
hpr3858 :: The Oh No! News. |
 |
by Some Guy On The Internet |
 |
Thumbnail |
|
Download |
 |
Web page |
|
|
|
Summary: Sgoti talks about Toyota's data leak and more, |
|
on the Oh No! News. |
|
Series: Privacy and Security |
|
Source: http://hackerpublicradio.org/eps.php?id=3858[1] |
|
Original audio: |
|
https://archive.org/download/hpr3858/hpr3858_source.flac |
|
[2] |
|
|
|
|
|
|
|
The Oh No! news. |
|
|
|
Oh No! News is Good News. |
|
|
|
* Threat analysis; your attack surface. |
|
|
|
* Article: For-Profit Companies Charging Sextortion |
|
Victims for Assistance and Using Deceptive Tactics to |
|
Elicit Payments.[3] |
|
|
|
* Author: FBI Internet Crime Complaint Center. |
|
(2023, Apr 7). |
|
* The companies use deceptive tactics including |
|
threats, manipulation, and providing false |
|
information to coerce sextortion victims into |
|
paying for their services. Some of the services |
|
for which the companies charge fees, such as |
|
sending the perpetrators cease and desist orders, |
|
make victims feel better but are not legally |
|
enforceable. The companies may also attempt to |
|
discourage victims from reporting the sextortion |
|
to law enforcement. Limited reporting indicates |
|
the companies are directly or indirectly involved |
|
in the sextortion activity. |
|
* Article: Former Ubiquiti dev who extorted the firm |
|
gets six years in prison.[4] |
|
|
|
* Author: Bill Toulas[5]. (2023, May 11). |
|
* Nickolas Sharp, a former senior developer of |
|
Ubiquiti, was sentenced to six years in prison |
|
for stealing company data, attempting to extort |
|
his employer, and aiding the publication of |
|
misleading news articles that severely impacted |
|
the firm's market capitalization. |
|
* Article: Toyota: Car location data of 2 million |
|
customers exposed for ten years.[6] |
|
|
|
* Author: Bill Toulas[7]. (2023, May 12). |
|
* Toyota Motor Corporation disclosed a data breach |
|
on its cloud environment that exposed the car- |
|
location information of 2,150,000 customers for |
|
ten years, between November 6, 2013, and April |
|
17, 2023. |
|
* Article: Failure to comply with Bus Open Data |
|
regulations leads to financial penalty for operator. |
|
[8] |
|
|
|
* Author: Traffic Commissioners for Great Britain. |
|
(2023, May 4). |
|
* The Traffic Commissioner for the West Midlands, |
|
Miles Dorrington, imposed a financial penalty |
|
under section 155 of the Transport Act 2000 of |
|
1500, based on a 100 penalty for each of the |
|
vehicles authorised on the operator s licence. |
|
* Article: Criminals Pose as Chinese Authorities to |
|
Target US-based Chinese Community.[9] |
|
|
|
* Author: FBI Internet Crime Complaint Center. |
|
(2023, Apr 10). |
|
* The FBI warns of criminal actors posing as |
|
Chinese law enforcement officials or prosecutors |
|
in financial fraud schemes targeting the US-based |
|
Chinese community. Criminals tell victims they |
|
are suspects in financial crimes and threaten |
|
them with arrest or violence if they do not pay |
|
the criminals. Criminals exploit widely |
|
publicized efforts by the People s Republic of |
|
China government to harass and facilitate |
|
repatriation of individuals living in the United |
|
States to build plausibility for their fraud. |
|
Criminals typically call victims, sometimes using |
|
spoofed numbers to appear as if the call is from |
|
the Chinese Ministry of Public Security, one of |
|
its localized Public Security Bureaus, or a US- |
|
based Chinese Consulate. Criminals may also |
|
communicate through online applications. |
|
|
|
---------------------------------------------------------- |
|
|
|
* User space. |
|
|
|
* Article: Twitter rolls out encrypted DMs, but only |
|
for paying accounts.[10] |
|
|
|
* Author: Bill Toulas[11] (2023, May 11). |
|
* Twitter has launched its 'Encrypted Direct |
|
Messages' feature allowing paid Twitter Blue |
|
subscribers to send end-to-end encrypted messages |
|
to other users on the platform. |
|
* The private decryption key is only stored on the |
|
sender's device and is not shared with anyone |
|
else. However, the public encryption key is |
|
shared with others who want to send you encrypted |
|
data. |
|
* Article: Discord discloses data breach after support |
|
agent got hacked.[12] |
|
|
|
* Author: Sergiu Gatlan[13]. (2023, May 12). |
|
* Discord is notifying users of a data breach that |
|
occurred after the account of a third-party |
|
support agent was compromised. |
|
* The security breach exposed the agent's support |
|
ticket queue, which contained user email |
|
addresses, messages exchanged with Discord |
|
support, and any attachments sent as part of the |
|
tickets. |
|
|
|
---------------------------------------------------------- |
|
|
|
* Additional Information. |
|
* What is a "Data Breach"?[14] A data breach is a |
|
security violation, in which sensitive, protected |
|
or confidential data is copied, transmitted, |
|
viewed, stolen, altered or used by an individual |
|
unauthorized to do so. |
|
* What is "Malware"?[15] Malware (a portmanteau[16] |
|
for malicious software) is any software |
|
intentionally designed to cause disruption to a |
|
computer, server, client, or computer network, |
|
leak private information, gain unauthorized |
|
access to information or systems, deprive access |
|
to information, or which unknowingly interferes |
|
with the user's computer security and privacy. |
|
* What is a "Payload"?[17] In the context of a |
|
computer virus or worm, the payload is the |
|
portion of the malware which performs malicious |
|
action; deleting data, sending spam or encrypting |
|
data. In addition to the payload, such malware |
|
also typically has overhead code aimed at simply |
|
spreading itself, or avoiding detection. |
|
* What is "Phishing"?[18] Phishing is a form of |
|
social engineering[19] where attackers deceive |
|
people into revealing sensitive information or |
|
installing malware such as ransomware[20]. |
|
Phishing attacks have become increasingly |
|
sophisticated and often transparently mirror the |
|
site being targeted, allowing the attacker to |
|
observe everything while the victim is navigating |
|
the site, and transverse any additional security |
|
boundaries with the victim. |
|
* What is "Information Security" (InfoSec)?[21] |
|
Information security, sometimes shortened to |
|
InfoSec, is the practice of protecting |
|
information by mitigating information[22] risks. |
|
It is part of information risk management[23]. |
|
* Information Security Attributes: |
|
Confidentiality[24], Integrity[25] and |
|
Availability[26] (C.I.A.). Information |
|
Systems are composed in three main portions, |
|
hardware, software and communications with |
|
the purpose to help identify and apply |
|
information security industry standards, as |
|
mechanisms of protection and prevention, at |
|
three levels or layers: physical, personal |
|
and organizational. Essentially, procedures |
|
or policies are implemented to tell |
|
administrators, users and operators how to |
|
use products to ensure information security |
|
within the organizations. |
|
* What is "Risk management"?[27] Risk management is |
|
the identification, evaluation, and |
|
prioritization of risks followed by coordinated |
|
and economical application of resources to |
|
minimize, monitor, and control the probability or |
|
impact of unfortunate events or to maximize the |
|
realization of opportunities. |
|
* What is a "Vulnerability" (computing)?[28] |
|
Vulnerabilities are flaws in a computer system |
|
that weaken the overall security of the |
|
device/system. Vulnerabilities can be weaknesses |
|
in either the hardware itself, or the software |
|
that runs on the hardware. |
|
* What is an "Attack Surface"?[29] The attack |
|
surface of a software environment is the sum of |
|
the different points (for "attack vectors") where |
|
an unauthorized user (the "attacker") can try to |
|
enter data to or extract data from an |
|
environment. Keeping the attack surface as small |
|
as possible is a basic security measure. |
|
* What is an "Attack Vector"?[30] In computer |
|
security, an attack vector is a specific path, |
|
method, or scenario that can be exploited to |
|
break into an IT system, thus compromising its |
|
security. The term was derived from the |
|
corresponding notion of vector in biology. An |
|
attack vector may be exploited manually, |
|
automatically, or through a combination of manual |
|
and automatic activity. |
|
* What is "Standardization"?[31] Standardization is |
|
the process of implementing and developing |
|
technical standards based on the consensus of |
|
different parties that include firms, users, |
|
interest groups, standards organizations and |
|
governments. Standardization can help maximize |
|
compatibility, interoperability, safety, |
|
repeatability, or quality. It can also facilitate |
|
a normalization of formerly custom processes. |
|
* List of computer standards.[32] |
|
* List of technical standard organizations.[33] |
|
* What is a "Replay attack"?[34] A replay attack is |
|
a form of network attack in which valid data |
|
transmission is maliciously or fraudulently |
|
repeated or delayed. Another way of describing |
|
such an attack is: "an attack on a security |
|
protocol using a replay of messages from a |
|
different context into the intended (or original |
|
and expected) context, thereby fooling the honest |
|
participant(s) into thinking they have |
|
successfully completed the protocol run." |
|
* What is a "Man-in-the-middle attack"?[35] In |
|
cryptography and computer security, a man-in-the- |
|
middle, ..., attack is a cyberattack where the |
|
attacker secretly relays and possibly alters the |
|
communications between two parties who believe |
|
that they are directly communicating with each |
|
other, as the attacker has inserted themselves |
|
between the two parties. |
|
* What is "Transport Layer Security" (TLS)?[36] |
|
Transport Layer Security (TLS) is a cryptographic |
|
protocol designed to provide communications |
|
security over a computer network. The protocol is |
|
widely used in applications such as email, |
|
instant messaging, and voice over IP, but its use |
|
in securing HTTPS remains the most publicly |
|
visible. |
|
* What is a "Handshake" (computing)?[37]. In |
|
computing, a handshake is a signal between two |
|
devices or programs, used to, e.g., authenticate, |
|
coordinate. An example is the handshaking between |
|
a hypervisor and an application in a guest |
|
virtual machine. |
|
|
|
---------------------------------------------------------- |
|
|
|
* License: Creative Commons Attribution-ShareAlike 4.0 |
|
International[38] |
|
Creative Commons License[39][40] |
|
This work is licensed under a Creative Commons |
|
Attribution-ShareAlike 4.0 International License[41]. |
|
|
|
|
|
References |
|
|
|
1. http://hackerpublicradio.org/eps.php?id=3858 (link) |
|
2. https://archive.org/download/hpr3858/hpr3858_source.flac (link) |
|
3. https://www.ic3.gov/Media/Y2023/PSA230407 (link) |
|
4. https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-who-exto… |
|
5. https://www.bleepingcomputer.com/author/bill-toulas/ (link) |
|
6. https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-… |
|
7. https://www.bleepingcomputer.com/author/bill-toulas/ (link) |
|
8. https://www.gov.uk/government/news/failure-to-comply-with-bus-open-data-reg… |
|
9. https://www.ic3.gov/Media/Y2023/PSA230410 (link) |
|
10. https://www.bleepingcomputer.com/news/security/twitter-rolls-out-encrypted… |
|
11. https://www.bleepingcomputer.com/author/bill-toulas/ (link) |
|
12. https://www.bleepingcomputer.com/news/security/discord-discloses-data-brea… |
|
13. https://www.bleepingcomputer.com/author/sergiu-gatlan/ (link) |
|
14. https://en.wikipedia.org/wiki/Data_breach (link) |
|
15. https://en.wikipedia.org/wiki/Malware (link) |
|
16. https://en.wikipedia.org/wiki/Portmanteau (link) |
|
17. https://en.wikipedia.org/wiki/Payload_(computing) (link) |
|
18. https://en.wikipedia.org/wiki/Phishing (link) |
|
19. https://en.wikipedia.org/wiki/Social_engineering_(security) (link) |
|
20. https://en.wikipedia.org/wiki/Ransomware (link) |
|
21. https://en.wikipedia.org/wiki/Information_security (link) |
|
22. https://en.wikipedia.org/wiki/Information (link) |
|
23. https://en.wikipedia.org/wiki/Risk_management_information_systems (link) |
|
24. https://en.wikipedia.org/wiki/Confidentiality (link) |
|
25. https://en.wikipedia.org/wiki/Data_integrity (link) |
|
26. https://en.wikipedia.org/wiki/Availability (link) |
|
27. https://en.wikipedia.org/wiki/Risk_management (link) |
|
28. https://en.wikipedia.org/wiki/Vulnerability_(computing) (link) |
|
29. https://en.wikipedia.org/wiki/Attack_surface (link) |
|
30. https://en.wikipedia.org/wiki/Attack_vector (link) |
|
31. https://en.wikipedia.org/wiki/Standardization (link) |
|
32. https://en.wikipedia.org/wiki/List_of_computer_standards (link) |
|
33. https://en.wikipedia.org/wiki/List_of_technical_standard_organizations (li… |
|
34. https://en.wikipedia.org/wiki/Replay_attack (link) |
|
35. https://en.wikipedia.org/wiki/Man-in-the-middle_attack (link) |
|
36. https://en.wikipedia.org/wiki/Transport_Layer_Security (link) |
|
37. https://en.wikipedia.org/wiki/Handshake_(computing) (link) |
|
38. https://creativecommons.org/licenses/by-sa/4.0/legalcode (link) |
|
39. //web.archive.org/web/2im_/https://i.creativecommons.org/l/by-sa/4.0/88x31… |
|
40. http://creativecommons.org/licenses/by-sa/4.0/ (link) |
|
41. http://creativecommons.org/licenses/by-sa/4.0/ (link) |
|
|
|
Date Published: 2023-05-14 19:38:30 |
|
Identifier: hpr3858 |
|
Item Size: 564005983 |
|
Language: eng |
|
Media Type: audio |
|
|
|
# Topics |
|
Ubiquiti dev |
|
Toyota |
|
Sextortion |
|
|
|
Discord |
|
|
|
# Collections |
|
hackerpublicradio |
|
podcasts |
|
|
|
# Uploaded by |
|
@hackerpublicradio |
|
|
|
# Similar Items |
|
View similar items |
|
|
|
PHAROS |
|
