Security News

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]
2023-02-09 19:41

Exactly the same when you try and use a password you say, "I want to copy that password and use it." You have to put in a master password to get access to your passwords, but you don't have to put in the master password to get access to the configuration file to get access to the passwords.

Amazon S3 to apply security best practices for all new buckets
2023-02-07 09:45

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]
2023-02-02 19:50

This is not a breach of the GitHub systems or the GitHub infrastructure or how GitHub stores files - it's just that GitHub's code on GitHub some of the stuff that was supposed to be private got downloaded. In the end, GitHub found, I think, that there are only three stolen certificates that were actually still valid, in other words, that crooks could actually use for signing anything.

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
2023-01-26 19:57

DOUG. OK, we've got some tips if you are affected by this, starting with: Don't click "Helpful" links in emails or other messages. Apple patches are out - old iPhones get an old zero-day fix at last!

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]
2023-01-19 19:53

Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well? I guess, in the light of recent disclosures by LastPass where password databases were stolen but the passwords were encrypted.

#S3
S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]
2023-01-12 19:59

We've got one zero-day, but perhaps even bigger than that, we say, "Thanks for the memories, Windows 7 and Windows 8.1, we hardly knew ye." There's one zero-day, which I think is an elevation of privilege, and that applies right from Windows 8.1 all the way to Windows 11 2022H2, the most recent release.

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
2023-01-05 17:52

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all. Actually your passwords were encrypted, but the websites and the web services and an unstated list of other stuff that you stored, well, that *wasn't* encrypted.

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]
2022-12-29 18:20

DUCK. Today's topic is: Incident response - A day in the life of a cyberthreat responder. PETER. Typically, we're brought in either just after an attack or while one is still unfolding.

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]
2022-12-22 19:56

DUCK. OK, so application control is Sophos's name for the ability to detect, and optionally to block, software that is not malware, but that a well-informed administrator might not want to support in their environment? DUCK. Now, my understanding is most so-called "Fileless malware" does involve files, probably quite a lot of files in its operation.

McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info
2022-12-20 03:30

Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students' information as well as the education publishing giant's own source code and digital keys, according to security researchers. The research team at vpnMentor said they discovered the open S3 buckets on June 12, and contacted McGraw Hill a day later.