The Stupid fucks of the year

Starting with podcast 100, TSB has been giving out “stupid fuck” awards. You can say that it is similar to the Bonehead award that Rick Dees used to give out when he had his morning show, but for the cybercrime world.

Just like the diatribes, we’ll link to articles we have written which ended up turning in to the Stupid Fuck award. From time to time, we may link to specific articles, especially if something comes up that qualifies that we do not have an article at the time for that we did find.

It’ll be broken up in to months and lists. We’ll also have a description too. Remember, if we don’t have any for any given month, that month will be skipped.

January

• FTC tells Godaddy to get their shit together Godaddy hasn’t been all that great with their security, and I never went with them even in the early days of web hosting. When you read the blog post, which leads to the accompanying article, you’ll wonder why you went with them if you did. Am I going to tell you to switch? No. I’m not. But just be aware of this one.
• AI Accessibility startup to pay $1 million for false advertising dealing with web site accessibility The company that should have never been created. It promised to make a tool to make sites accessible but it seems to have failed miserably. AccessiBe was mentioned to me as a tool I can use to make my sites accessible, and I never really understood it because I would hit screen reader mode and the site either still worked as it always had or just did strange things. Read the blog post that links to Adrian Roselli’s blog as he responds to this mess. Good job!
• Use AI? Don’t turn them in to CSAM material, at least in California. Under New law, first suspect arrested for CSAM AI images is the first in California. Have fun!
• The story of the week: Mastercard and their DNS issue that went unnoticed for years talks about a mistyped domain for DNS settings. You should read this for yourself.
• While we have said that China should not be messed with, this has nothing to do with policies or procedures of the country. This has to do with Security 101. We’ve talked about open databases through the last few years on podcasts, what I thought was a one-off has been quite consistant. DeepSeek exposes database with over 1 million chat records is our article with two open databases now closed and really bad security practices. Read it and comment on it if you wish.

February

• If you missed podcast 226, then you missed one of the stupidest fucks we’ve probably ever covered. At the time of writing, Post Mortem: How important are mailing lists across the JRN? is still the top post, but that will change for sure. This post talks about CPanel, one of the biggest control panel companies out there providing people like me the ability to manage things like email, FTP, mailing lists, installation of databases like WordPress and much more. You’ll definitely want to read this one, its completely moronic.

March

• If you missed Ohio man charged with putting kill switch to sabotage network on our blog, you’ll want to give this a look. The guy in question decided to put a kill switch in place if he were ever to be fired which would wipe out the entire network. The company mentioned had to pay millions, and he could be serving a maximum of 10 years. Really?
• In case you have lived under a rock, there was a massive Capital One hack which exposed a bunch of folk from 2005-2016 or so. Did Page Thompson get too light of a sentence? is an update to a 2019 story where now they’re asking the question whether Page got the sentence she deserved. This was also talked about on this past week’s throwback saturday night. This will be interesting.
• 23andMe seems to now be in the bankruptcy state now according to Cybernews. This is quite interesting since they had a breach they denied ever happening. https://technology.jaredrimer.net/2025/03/24/23andme-filed-for-ch-11-bankrupsy/ is an update.
• We’ll be publishing our thoughts on this one, but this has to end our stupid fucks. Did you guys see for this month the story dealing with Oracle, the health provider? No? Oracle Health breach compromises patient data at US hospitals is the article. This company is like so many who decide they are not going to be Transparent in their reporting of the breach and this is absolutely not surprising in my opinion. They claim that they will pay for notices to be sent, they won’t do it. The hospitals they support then have to call the CISO for updates which makes documenting harder according to the article. Let us know what you think.