Hello folks, I present you the security box, podcast 23. Below, please find notes and things, the show notes, and a direct download link as usual.
Welcome to podcast 23 of the security box. The full show notes follow, noting that the rss has the first portion. I hope that you enjoy the program.
Note, that this is the last live program until the first Wednesday of January 2021. The JRN will continue to give you Security Box episodes covering the year in review, 2020 from both the tech podcast and Security Box platforms.
Here are the show notes.
Welcome to podcast 23 of the security box. Picking up where we leave off, we continue with Shaken/Stir and its discussion from podcast 21.
Besides that, we’ll go ahead and talk about a company which doesn’t really care about the security of its customers. The name has been mentioned in passing, but now its time to talk about some very serious stuff on a podcast.
We’ll have news, notes, and more.
Topic:
Shaken/Stir was discussed on podcast 21 of the podcast, and podcast 23 will finish it off. Here are the links, taken from podcast 21’s notations.
- Combating Spoofed Robocalls with Caller ID Authentication Federal Communications Commition
- STIR/SHAKEN Wikipedia
News Notes
Government:
- Oh boy, the government is really in trouble. Multiple articles within the last 24 hours indicate that the Comerce Department are in some serious trouble and maybe more are on the way. Cyberscoop and Krebs on Security are two sources, and there may be more from these sources. The government has had a lot of trouble with their security, now this? The cyberscoop article in question says in part:
Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government
security officials said on Sunday that they were fighting to contain.There were signs that the impact could stretch far and wide in not only the government, but also the private sector. SolarWinds, an IT provider to many
government agencies and Fortune 500 companies, said it was working with law enforcement, the intelligence community and others to investigate a vulnerability
apparently implanted into its supply chain by a nation state.“We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked
the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this
time.”This blog post from Monday goes in to a little bit more, including showing who this company Solar Wind has as customers. We’re definitely going to learn more about this one.
- The UScert now has something on the solar wind issue which I’m going to put in the show notes. It was released well after I broke the story Monday morning on the blog. Active Exploitation of SolarWinds Software may end up getting updated, and the USCert is an arm of the government.
You get caught, get time, and don’t try to get an appeal: some good news!
- Looks like we have a couple of stories about getting caught and losing their appeal. First though, California man gets 3 years in prison for hacking Nintendo, collecting child pornography talks about someone who is getting some time because he was accused of hacking Nentendo among other activity. He also has 7 years of supervised release, for a total of 10 years. The scheme this 21-year-old is quite interesting, and the story is linked here.
- The other story is in regards to Reality Winner. While the article does state some people who were in prison were released because of concerns they raised doesn’t mean that everyone will get that same treatment. Former NSA contractor Reality Winner loses appeal, will remain imprisoned is the article, and definitely worth the read.
- While we’re on good news, I think this one should go here, even though its a bit different than the title of this section. I still think its good news so I’ll put it here. Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty is the article. This botnet has been around awhile and the code is out there. The story is still turning.
Open forum:
- Why do we have to hand out our social security numbers as identifiers for everything we do? I understand places like Social Security, the Department of Motor Vehicles, and places that require that. Job applications require it, its known as a bad identifier as it can be taken and that is it for you. What do you think about that? Sound off.
Want to download today’s program? Don’t worry! Use this link to download the 193.60mb file and enjoy!
I’ll post another blog post after podcast 25 with the links to the entire archive to date like I did for the first 13 episodes. Thanks so much for listening to the program and feel free to participate any time!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.