The Security box, podcast 28: 2020 year end reports, teledildonics, news, notes and more

Hello folks, welcome to the Security Box for this week. This week’s show is packed and we’ve got the entire show notes for you. The rss got the show the same day, and it got a bit of the show notes up to the news notes.

News Notes is where I try to be thorough in covering with links to various stories where possible. I could not get this in to the notes for RSS, however, it’ll be available on the blog as we have unlimited space for the blog.

You tell me that you don’t want to mess with RSS? Please don’t worry. I’ve got you covered with the download of the file (172.62mb) for you to download.

Now, without any further ado, let’s give you those show notes so that you can read anything that is of interest. Thanks so much for checking out the blog, podcast series, and my web sites!


Welcome to podcast 28 of the Security Box. On this podcast, a couple of year in review items, news, notes, something called teledildonics or “The Male Chasity Cage” from a recent Security Now podcast, news, notes, questions, comments and more.

Topics:

News, notes and more

  • One of the biggest carding shops to date will be closing its doors come February 15th, 2021. Some of the reasons why it is closing are: poor performance on up-to-date value cards, the government shuttering some of their domains, and apparent covid-19 diagnosis of the owner of the shop. According to the article from Krebs on Security, the shop has been around for 6 full years. Most notably, some of the breaches that were high-profile that this shop sold valuable credit card data include: Saks Fifth Avenue, Lord and Taylor,  Bebe Stores,  Hilton Hotels,  Jason’s Deli,  Whole Foods,  Chipotle, Wawa, Sonic Drive-In, the Hy-Vee supermarket chain, Buca Di Beppo, and Dickey’s BBQ. According to Krebs, those who got in early will be able to cash out, while most will need to cash out before closure on February 15th. Both articles cover this well with links to various other stories, and the tech blog will be having this covered as well. Joker’s Stash Carding Market to Call it Quits Krebs on Security and Joker’s Stash, a forum for stolen data, says it will shut down within 30 days Cyberscoop should be read, and you can decide which article you like.
  • Did you get your windows update on? Microsoft Patch Tuesday, January 2021 Edition and January Patch Tuesday Repairs Critical MS Defender RCE Bug should be read. MS Defender always gets updates, so this should already be patched according to articles. This month, there are 83 updates. 7 of the 83 were reported by Trend Micro’s ZDI project.
  • The Vulnerability summary email I get might have things that pertain to you, one being mentioned by them for Del. The Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM). If you have this, call Dell to get an update link or information on how to obtain it. There are also patches for Android and chrome listed in the high severity list. Here’s CISA’s writeup for people to see.
  • Have you read this week in Security news which ended January 15th, 2021? There’s qquite a bit in there including some in which we’ve also covered. You can consider this as a digest of news each week, and usually I post these to the blog. Since I haden’t been feeling well, some of this stuff is being posted to the blog for the first time. This Week in Security News – Jan. 15, 2021 is the article, did you find something of interest?
  • Mimecast had some certificates stolen, and there may be a link to the Solar Winds breach according to the article. Mimecast breach investigators probe possible SolarWinds connection is the article, and well worth the read. If you’ve been effected, Mimecast has already contacted you hopefully by now, but if not, do contact them for assistance.
  • Krebs on Security says that if Solar Winds got breached as bad as they did, this can happen to anyone. I’d hate to find out if Microsoft got that breached, and all of Windows was compromised. SolarWinds: What Hit Us Could Hit Others is the article from Brian, and its definitely worth the read. Its all about the supply chain.
  • Ring adds encryption to their product for video feeds between your camera and your app. Some may say that this is a little too late, but sometimes you don’t think about such things. Ring has been in the news for varying reasons, hopefully this will help. Ring adds encryption tool as other security questions surface is the article talking about this if you are a customer. If not, you might want to read it anyhow, because if you’re considering being a customer, this will be of importance to you. Ring is an Amazon product.
  • You’ve probably heard about Signal and the pain they had when an influx of customers left facebook and went there. The reason is because Facebook was going to collect Metadata like phone numbers, how long messages were, and contacts just to name a few. This is common practice, even the phone companies do this when you place a call. Since Facebook has my cell phone number for my account already, I honestly don’t see this to be a problem. Signal endures ‘technical difficulties’ amid new popularity is the article, things hopefully will be returning to normal really soon.

Thanks so much for listening, please contact me throughout the program with questions, comments and concerns. We’d love to hear from you!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.