Artwork

Inhoud geleverd door Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
Player FM - Podcast-app
Ga offline met de app Player FM !

Episode 172 - The One Job Episode

46:01
 
Delen
 

Manage episode 381140579 series 2706360
Inhoud geleverd door Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.

This week in InfoSec (07:11)

With content liberated from the “today in infosec” twitter account and further afield

26th October 2006: Christopher Soghoian created a website allowing visitors to generate fake airlines boarding passes. A congressman called for his arrest, his ISP shut down his site, the FBI raided his home, and then the same congressman said DHS should hire him. His career since? Notable.

https://twitter.com/todayininfosec/status/1717530966229475523

24th October 2010: Eric Butler announced Firefox extension Firesheep's release at Toorcon, making HTTP session hijacking on open Wi-Fi trivial. Today >95% of websites have enabled HTTPS and efforts like browser HTTPS-Only mode have largely eliminated the risk. A security industry success!

https://twitter.com/todayininfosec/status/1716990537171918976

Rant of the Week (16:00)

First Brexit, now X-it: Musk 'considering' pulling platform from EU over probe

Elon Musk is said to be toying with the idea of withdrawing access to X in the European Union rather than go to the effort of complying with the bloc's Digital Services Act.

As The Register reported last week, His Muskiness had a rather public spat on the website with Thierry Breton, EU Commissioner for Internal Market, who was simply reminding social media platforms of their content moderation obligations under the law.

This was particularly in light of renewed hostilities between Israel and Hamas, and the potential disinformation campaigns that had begun swirling online. Meta, TikTok, and YouTube were also sent letters.

"Free speech absolutist" Musk's response was sarcastic and juvenile, the kind of smack talk that would get a teen grounded. It would take a couple of days for the adult in the room, CEO Linda Yaccarino, to get a formal response written.

However, by then the EU had indicated that X was now under investigation on account of its designation as Very Large Online Platform under the Digital Services Act, which means it has to follow rules regarding how it handles illegal content among many other things.

Since Musk increasingly appears to see obeying the law as optional for him, it would be very unlike the X owner to actually do anything, and whispers out of the company seem to support this.

That most watertight of sources, "a person familiar with the matter," told Insider that Musk "has discussed simply removing the app's availability in the region, or blocking users in the European Union from accessing it," much like how Meta's Threads declined to launch in the EU because it was unwilling and/or unable to meet the union's onerous data protection and privacy requirements.

Twitter, which was once intensely moderated, has become a wild west of violence, misinformation, disinformation, racism, and hardcore pornography. Many of the website's rules judging what users can and can't post have been screwed up and tossed in the trash.

Billy Big Balls of the Week (26:45)

‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authorities

US and South Korean authorities have updated their guidance on how to avoid hiring North Korean agents seeking work as freelance IT practitioners

Thousands of North Korean techies are thought to prowl the world’s freelance platforms seeking work outside the Republic. Kim Jong Un’s regime uses the workers to earn hard currency, and infiltrate organizations they work for to steal secrets and plant malware. The FBI has previously warned employers to watch for suspicious behavior such as logging in from multiple IP addresses, working odd hours, and inconsistencies in name spellings across different online platforms.

The updated advice adds other indicators that freelancer you are thinking about hiring could be a North Korean plant, including:

  • Repeated requests for prepayment followed by “anger or aggression when the request is denied”;
  • Threats to release proprietary source codes if additional payments are not made;
  • Using a freight forwarder’s address as the destination for a company laptop rather than a home address, and changing that address frequently;
  • Evading in-person meetings or requests for drug tests;
  • Changing payment methods or accounts on freelance-finder platforms;
  • Having multiple online profiles for the same identity with different pictures, or online profiles with no picture.

The updated guidance suggests requiring recruitment companies to document their background checking processes, to be sure that they can screen out North Korean stooges.

Conducting your own due diligence on workers suggested by recruiters is also recommended.

Industry News (33:45)

Okta Breached Via Stolen Credential

Generative AI Can Save Phishers Two Days of Work

AI to Create Demand for Digital Trust Professionals, ISACA Survey Finds

AWS: Security Not a Priority For a Third of SMBs

Humans Need to Rethink Trust in the Wake of Generative AI

UK Parliament Opens Inquiry into Cyber-Resilience

CISA Releases Cybersecurity Toolkit For Healthcare

Europol: Police Must Start Planning For Post-Quantum Future

UK IT Pros Express Concerns About C-Suite’s Generative AI Ambitions

NADINE DORRIES: I Googled my name, and learnt all about Big Tech!

https://www.dailymail.co.uk/debate/article-12663701/NADINE-DORRIES-Googled-learnt-Big-Tech.html

https://twitter.com/AdamBienkov/status/1716735397802233947

“Nadine Dorries, who until last year was in charge of digital regulation in the UK, says tech executives have “big dials” which they deliberately use to “nudge opinion ever leftwards” and suggests this was somehow hidden from her when she met them”

Tweet of the Week (41:05)

https://twitter.com/gcluley/status/1717433320823218640

Come on! Like and bloody well subscribe!

  continue reading

213 afleveringen

Artwork
iconDelen
 
Manage episode 381140579 series 2706360
Inhoud geleverd door Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.

This week in InfoSec (07:11)

With content liberated from the “today in infosec” twitter account and further afield

26th October 2006: Christopher Soghoian created a website allowing visitors to generate fake airlines boarding passes. A congressman called for his arrest, his ISP shut down his site, the FBI raided his home, and then the same congressman said DHS should hire him. His career since? Notable.

https://twitter.com/todayininfosec/status/1717530966229475523

24th October 2010: Eric Butler announced Firefox extension Firesheep's release at Toorcon, making HTTP session hijacking on open Wi-Fi trivial. Today >95% of websites have enabled HTTPS and efforts like browser HTTPS-Only mode have largely eliminated the risk. A security industry success!

https://twitter.com/todayininfosec/status/1716990537171918976

Rant of the Week (16:00)

First Brexit, now X-it: Musk 'considering' pulling platform from EU over probe

Elon Musk is said to be toying with the idea of withdrawing access to X in the European Union rather than go to the effort of complying with the bloc's Digital Services Act.

As The Register reported last week, His Muskiness had a rather public spat on the website with Thierry Breton, EU Commissioner for Internal Market, who was simply reminding social media platforms of their content moderation obligations under the law.

This was particularly in light of renewed hostilities between Israel and Hamas, and the potential disinformation campaigns that had begun swirling online. Meta, TikTok, and YouTube were also sent letters.

"Free speech absolutist" Musk's response was sarcastic and juvenile, the kind of smack talk that would get a teen grounded. It would take a couple of days for the adult in the room, CEO Linda Yaccarino, to get a formal response written.

However, by then the EU had indicated that X was now under investigation on account of its designation as Very Large Online Platform under the Digital Services Act, which means it has to follow rules regarding how it handles illegal content among many other things.

Since Musk increasingly appears to see obeying the law as optional for him, it would be very unlike the X owner to actually do anything, and whispers out of the company seem to support this.

That most watertight of sources, "a person familiar with the matter," told Insider that Musk "has discussed simply removing the app's availability in the region, or blocking users in the European Union from accessing it," much like how Meta's Threads declined to launch in the EU because it was unwilling and/or unable to meet the union's onerous data protection and privacy requirements.

Twitter, which was once intensely moderated, has become a wild west of violence, misinformation, disinformation, racism, and hardcore pornography. Many of the website's rules judging what users can and can't post have been screwed up and tossed in the trash.

Billy Big Balls of the Week (26:45)

‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authorities

US and South Korean authorities have updated their guidance on how to avoid hiring North Korean agents seeking work as freelance IT practitioners

Thousands of North Korean techies are thought to prowl the world’s freelance platforms seeking work outside the Republic. Kim Jong Un’s regime uses the workers to earn hard currency, and infiltrate organizations they work for to steal secrets and plant malware. The FBI has previously warned employers to watch for suspicious behavior such as logging in from multiple IP addresses, working odd hours, and inconsistencies in name spellings across different online platforms.

The updated advice adds other indicators that freelancer you are thinking about hiring could be a North Korean plant, including:

  • Repeated requests for prepayment followed by “anger or aggression when the request is denied”;
  • Threats to release proprietary source codes if additional payments are not made;
  • Using a freight forwarder’s address as the destination for a company laptop rather than a home address, and changing that address frequently;
  • Evading in-person meetings or requests for drug tests;
  • Changing payment methods or accounts on freelance-finder platforms;
  • Having multiple online profiles for the same identity with different pictures, or online profiles with no picture.

The updated guidance suggests requiring recruitment companies to document their background checking processes, to be sure that they can screen out North Korean stooges.

Conducting your own due diligence on workers suggested by recruiters is also recommended.

Industry News (33:45)

Okta Breached Via Stolen Credential

Generative AI Can Save Phishers Two Days of Work

AI to Create Demand for Digital Trust Professionals, ISACA Survey Finds

AWS: Security Not a Priority For a Third of SMBs

Humans Need to Rethink Trust in the Wake of Generative AI

UK Parliament Opens Inquiry into Cyber-Resilience

CISA Releases Cybersecurity Toolkit For Healthcare

Europol: Police Must Start Planning For Post-Quantum Future

UK IT Pros Express Concerns About C-Suite’s Generative AI Ambitions

NADINE DORRIES: I Googled my name, and learnt all about Big Tech!

https://www.dailymail.co.uk/debate/article-12663701/NADINE-DORRIES-Googled-learnt-Big-Tech.html

https://twitter.com/AdamBienkov/status/1716735397802233947

“Nadine Dorries, who until last year was in charge of digital regulation in the UK, says tech executives have “big dials” which they deliberately use to “nudge opinion ever leftwards” and suggests this was somehow hidden from her when she met them”

Tweet of the Week (41:05)

https://twitter.com/gcluley/status/1717433320823218640

Come on! Like and bloody well subscribe!

  continue reading

213 afleveringen

Alle afleveringen

×
 
Loading …

Welkom op Player FM!

Player FM scant het web op podcasts van hoge kwaliteit waarvan u nu kunt genieten. Het is de beste podcast-app en werkt op Android, iPhone en internet. Aanmelden om abonnementen op verschillende apparaten te synchroniseren.

 

Korte handleiding

Luister naar deze show terwijl je op verkenning gaat
Spelen