Security News

S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
2022-10-13 18:37

Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone? The problem with a messaging app is that: [A] it tends to run in the background, so it can receive a message at any time; [B] you don't get to choose who sends you messages, other people do; and [C] it may be that in order to get into the app to delete the rogue message, you have to wait for the app to load, and it decides.

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]
2022-10-06 19:43

Let's stay on the subject of scams, and talk about scammers and rogue callers. DUCK. Well, there are scam calls and there's nuisance calls.

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]
2022-10-01 14:05

You need a password, but finding one email address and password combination valid at any given Exchange server is probably not too difficult, unfortunately. There are a surprising number of people who switched to the cloud, possibly several years ago, who were running both their on-premises and their cloud service at the same time during the changeover, who never got round to turning off the on-premises Exchange server.

S3 Ep102: How to avoid a data breach [Audio + Transcript]
2022-09-29 18:45

All of it I've never spent more than 10 seconds authorising myself to get into something when multifactor has popped up, and I can spare 10 seconds for the safety and security of not just my company's data, but our employees and our customers data. CHET. Well, the precise law in the United States, the Computer Fraud and Abuse Act, is very specific about the fact that you're breaching that Act when you exceed your authority or you have unauthorised access to a system.

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
2022-09-22 18:42

DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.

S3 Ep100.5: Uber breach – an expert speaks [Audio + Text]
2022-09-17 20:57

I'm coming to you from Vancouver, I'm downtown, I'm looking out the window, and there's actually an Uber sitting outside the window. At a very high level, the consensus appears to be that there was some social engineering of an Uber employee that allowed someone to get a foothold inside of Uber's network.

S3 Ep100: Browser-in-the-Browser – how to spot an attack  [Audio + Text]
2022-09-15 18:50

If you open something in the current window, then you're significantly limited as to how exciting and "System-like" you can make it look, aren't you? You can't write anything outside the browser window, so you can't sneakily put a window that looks like wallpaper on the desktop, like it's been there all along.

S3 Ep99: TikTok “attack” – was there a data breach, or not? [Audio + Text]
2022-09-08 18:21

DUCK. I'm doing very, very well, thank you, Douglas! A messy thing that is bugging people is the question of this TikTok thing.

S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]
2022-09-01 18:55

LastPass source code breach - do we still recommend password managers? DOUG. That's important to point out, because a lot of people, I think, who don't understand how password managers work - and I wasn't totally clear on this either as you write in the article, your local machine is doing the heavy lifting, and all the decoding is done *on your local machine*, so LastPass doesn't actually have access to any of the things you're trying to protect anyway.

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
2022-08-25 18:37

He's so famous that even his ties - he always wears a tie, beautiful coloured ties - even his ties have a Twitter feed, Doug. There are lots of things you can do, provided that: you know where you should be; you know where you want to be; and you've got some way of differentiating the good behaviour from the bad behaviour.