Security News

ATMs always take your card right in, don't they? So the idea of these ATM skimming crooks is they're not just interested in your card details, like a web phisher would be.

DUCK. So we did get the Mark I, and I guess it was the last mainstream digital computer that had a driveshaft, Doug, operated by an electrical motor. DUCK. I think they intended that as a slightly humorous note, but they did note that previous research, not their own, has discovered that touch-typers tend to be much more regular about the way that they type.

The root of the problem is that shared CPU components, like the internal memory system, combine attacker data and data from any other application, resulting in a combined leakage signal in the power consumption. Whether just suffering a ransomware attack is inevitably enough to be a material data breach.

The problem is there was no data authentication or verification stage. The moral of the story is: Don't rely on data you can't verify.

Listeners will probably know that Virus Total is a very popular service where, if you've got a file that either you know it's malware and you want to know what lots of different products call it, or if you think, "Maybe I want to get the sample securely to as many vendors as possible, as quickly as possible". The file is meant to be made available to dozens of cybersecurity companies almost immediately.

DUCK. Yes, the usual large number of bugs fixed. Although Elevation of Privilege usually gets looked down on as lesser than Remote Code Execution, where crooks use the bug to break in in the first place, the problem with EoP has to do with crooks who are already "Loitering with intent" in your network.

MATT. Yes, the idea of Bring Your Own Device [BYOD] wouldn't fly back in the day, would it? MATT. One of the things that's changed so much since then, Paul, is that, back in the day, you had an infected machine, and everyone was desperate to get the machine disinfected.

DOUG. Emergency Apple patches, justice for the 2020 Twitter hack, and "Turn off your phones, please!". DOUG. As luck would have it, we have a long list of things you can do other than just turning off your phone for five minutes.

DUCK. I don't know whether that's true, but I like to think it is. Before we get to stuff that's in the news, we are pleased, nay thrilled, to announce the first of three episodes of Think You Know Ransomware?

As long as they don't choose password or secret or one of the Top Ten Cats' Names in the world, maybe it's OK if we force them to change it to another not-very-good password before the crooks would be able to crack it? The simple observation is that changing a bad password regularly doesn't make it a better password.