Artwork

Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !

Episode 177 - The Are We Doing This Episode

39:57
 
Поширити
 

Manage episode 388312790 series 2706360
Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.

This week in InfoSec (07:51)

With content liberated from the “today in infosec” twitter account and further afield

5th December 2011: Fyodor reported that CNET's http://Download.com had been wrapping its Nmap downloads in a trojan installer...in order to monetize spyware and adware. CNET quickly stopped, then resumed within days, it affected other downloads, and was a debacle.

Download.com Caught Adding Malware to Nmap & Other Software

https://twitter.com/todayininfosec/status/1732073893912047860

4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches. Search your email addresses for free.

https://twitter.com/todayininfosec/status/1731673318560801228

Rant of the Week (13:29)

It's ba-ack... UK watchdog publishes age verification proposals

The UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act.

The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include credit card checks, facial age estimation, and photo ID matching.

The checks are all in the name of protecting children from the grot that festoons large swathes of the world wide web. However, service providers will likely be stuck between a rock and a hard place in implementing the guidance without also falling foul of privacy regulations. For example, Ofcom notes the following age checks as potentially "highly effective":

  • Open banking, where a bank confirms a user is over 18 without sharing any other personal information.
  • Mobile network operator (MNO) age check, where the responsibility is shunted onto an MNO content restriction filter that can only be removed if the device user can prove to the MNO that they are over 18.
  • Photo ID matching, where an image of the user is compared to an uploaded document used as proof of age to verify that they are the same person.
  • Credit card checks, where a credit card account is checked for validity – in the UK, credit card holders must be over 18.
  • Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age.

It doesn't take a genius to imagine how a determined teenager might circumvent many of these restrictions, nor the potential privacy nightmare inherent in many of them if an adult is forced to share this level of info when accessing age-restricted sites.

Billy Big Balls of the Week (23:12)

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.

The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else."

Secret Code builds on another feature called Chat Lock that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics.

By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted.

"You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added.

The development comes weeks after WhatsApp introduced a "Protect IP Address in Calls" feature that masks users' IP addresses to other parties by relaying the calls through its servers.

Industry News

Sellafield Accused of Covering Up Major Cyber Breaches

Porn Age Checks Threaten Security and Privacy, Report Warns

US Federal Agencies Miss Deadline for Incident Response Requirements

Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics

Police Arrest 1000 Suspected Money Mules

Deutsche Wohnen Ruling Set to Drive Up GDPR Fines

Cambridge Hospitals Admit Two Excel-Based Data Breaches

Governments Spying on Apple and Google Users, Says Senator

Liability Fears Damaging CISO Role, Says Former Uber CISO

Tweet of the Week

https://twitter.com/MalwareJake/status/1732463774949310547

Come on! Like and bloody well subscribe!

  continue reading

213 епізодів

Artwork
iconПоширити
 
Manage episode 388312790 series 2706360
Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.

This week in InfoSec (07:51)

With content liberated from the “today in infosec” twitter account and further afield

5th December 2011: Fyodor reported that CNET's http://Download.com had been wrapping its Nmap downloads in a trojan installer...in order to monetize spyware and adware. CNET quickly stopped, then resumed within days, it affected other downloads, and was a debacle.

Download.com Caught Adding Malware to Nmap & Other Software

https://twitter.com/todayininfosec/status/1732073893912047860

4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches. Search your email addresses for free.

https://twitter.com/todayininfosec/status/1731673318560801228

Rant of the Week (13:29)

It's ba-ack... UK watchdog publishes age verification proposals

The UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act.

The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include credit card checks, facial age estimation, and photo ID matching.

The checks are all in the name of protecting children from the grot that festoons large swathes of the world wide web. However, service providers will likely be stuck between a rock and a hard place in implementing the guidance without also falling foul of privacy regulations. For example, Ofcom notes the following age checks as potentially "highly effective":

  • Open banking, where a bank confirms a user is over 18 without sharing any other personal information.
  • Mobile network operator (MNO) age check, where the responsibility is shunted onto an MNO content restriction filter that can only be removed if the device user can prove to the MNO that they are over 18.
  • Photo ID matching, where an image of the user is compared to an uploaded document used as proof of age to verify that they are the same person.
  • Credit card checks, where a credit card account is checked for validity – in the UK, credit card holders must be over 18.
  • Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age.

It doesn't take a genius to imagine how a determined teenager might circumvent many of these restrictions, nor the potential privacy nightmare inherent in many of them if an adult is forced to share this level of info when accessing age-restricted sites.

Billy Big Balls of the Week (23:12)

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.

The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else."

Secret Code builds on another feature called Chat Lock that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics.

By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted.

"You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added.

The development comes weeks after WhatsApp introduced a "Protect IP Address in Calls" feature that masks users' IP addresses to other parties by relaying the calls through its servers.

Industry News

Sellafield Accused of Covering Up Major Cyber Breaches

Porn Age Checks Threaten Security and Privacy, Report Warns

US Federal Agencies Miss Deadline for Incident Response Requirements

Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics

Police Arrest 1000 Suspected Money Mules

Deutsche Wohnen Ruling Set to Drive Up GDPR Fines

Cambridge Hospitals Admit Two Excel-Based Data Breaches

Governments Spying on Apple and Google Users, Says Senator

Liability Fears Damaging CISO Role, Says Former Uber CISO

Tweet of the Week

https://twitter.com/MalwareJake/status/1732463774949310547

Come on! Like and bloody well subscribe!

  continue reading

213 епізодів

Усі епізоди

×
 
Loading …

Ласкаво просимо до Player FM!

Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.

 

Короткий довідник