Security News

DOUG. Break out the old tag in HTML, make it blink a little bit? [LAUGHS]. DUCK. Doug, for a moment, I was worried you were going to use the word [LAUGHS] .

Once you'd authorised it, it was able to read your files, and because it could read your files, it could get the list of all the people you normally corresponded with from your so called nicknames or NAMES file, and blasted itself out to all of them. DUCK. People you'd never heard from for a couple of years suddenly they would be all over your mailbox!

As soon as I give you a piece of information where just acting on that information makes you more secure, then I think we *all win collectively*, because now there's one less avenue for a cybercriminal to attack you and that makes us all collectively more secure. If you're the victim of a ransomware attack where pretty much all the useful data files, on all your computers including your servers, on your entire network, have been encrypted.

Click-and-drag on the soundwaves below to skip to any point. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

Radio waves so mysterious they're known only as X-Rays. Were there six 0-days or only four? The cops who found $3 billion in a popcorn tin.

Now, the critical update actually, it turned out that while investigating the first update, they found a second related update, so there are actually two of them those only apply to OpenSSL 3.0, not to 1.1.1. DUCK. Well, the critical deal here is when we wrote about the update that included iOS 16.1 and iPadOS 16, which actually turned out to be iPadOS 16.1 after all.

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. In addition to application data, source code or configuration files in the S3 buckets can also contain 'secrets,' which are authentication keys, access tokens, and API keys.

The French regulator's objection, which was echoed last year by at least the UK and the Australian regulator as well, is: "We consider this unlawful in our country. You can't go scraping people's images for this commercial purpose without their consent. And you're also not complying with GDPR rules, data destruction rules, making it easy for them to contact you and say, 'I want to opt out'." In the same way that Bletchley Park in the UK secretly employed more than 10,000 people I didn't realise this, but it turned out that there were well over 10,000 women recruited into cryptology, into cryptographic cracking, in the US to try and deal with Japanese ciphers during the war.

DOUG. "Your password has a low security level and maybe at risk. Please change your login password." DUCK. Yes, "Your password has a low security level".

Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone? The problem with a messaging app is that: [A] it tends to run in the background, so it can receive a message at any time; [B] you don't get to choose who sends you messages, other people do; and [C] it may be that in order to get into the app to delete the rogue message, you have to wait for the app to load, and it decides.