Security News

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]
2023-02-23 19:58

DOUG. Crypto company code captured, Twitter's pay-for-2FA play, and GoDaddy breached. DOUG. Well, let's bring things into the modern, and talk about GoDaddy.

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]
2023-02-16 19:46

DOUG. Patching bugs, hacking Reddit, and the early days of computing. Like in the LastPass breach and the recent GitHub breach, source code got stolen, along with a bit of other stuff.

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
2023-02-09 19:41

Exactly the same when you try and use a password you say, "I want to copy that password and use it." You have to put in a master password to get access to your passwords, but you don't have to put in the master password to get access to the configuration file to get access to the passwords.

Amazon S3 to apply security best practices for all new buckets
2023-02-07 09:45

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]
2023-02-02 19:50

This is not a breach of the GitHub systems or the GitHub infrastructure or how GitHub stores files - it's just that GitHub's code on GitHub some of the stuff that was supposed to be private got downloaded. In the end, GitHub found, I think, that there are only three stolen certificates that were actually still valid, in other words, that crooks could actually use for signing anything.

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
2023-01-26 19:57

DOUG. OK, we've got some tips if you are affected by this, starting with: Don't click "Helpful" links in emails or other messages. Apple patches are out - old iPhones get an old zero-day fix at last!

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]
2023-01-19 19:53

Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well? I guess, in the light of recent disclosures by LastPass where password databases were stolen but the passwords were encrypted.

#S3
S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]
2023-01-12 19:59

We've got one zero-day, but perhaps even bigger than that, we say, "Thanks for the memories, Windows 7 and Windows 8.1, we hardly knew ye." There's one zero-day, which I think is an elevation of privilege, and that applies right from Windows 8.1 all the way to Windows 11 2022H2, the most recent release.

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
2023-01-05 17:52

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all. Actually your passwords were encrypted, but the websites and the web services and an unstated list of other stuff that you stored, well, that *wasn't* encrypted.

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]
2022-12-29 18:20

DUCK. Today's topic is: Incident response - A day in the life of a cyberthreat responder. PETER. Typically, we're brought in either just after an attack or while one is still unfolding.