Nothing is more frustrating to me than a podcast where I can’t find the RSS Feed link. Well, it occurs to me that I didn’t make mine readily visible . . . until now. If you want the raw RSS feed, go to https://www.littlebrotherpodcast.com/feed/podcast/ and enjoy!
Harvard students develop an automatic doxx machine. Spy infrastructure “borrowed” by foregn actors. DirecTV buys Dish Network for $1.00.
Security Alert: FortiOS appliances
Pwns: Internet Archive, Nevada Joint Union High School District, Casio, Moneygram, Ecovac.
Medical device maker refuses to repair critical device because it is too old. Follow up on the Marion Recorder incident of last year.
Encrypted apps are great, but not a panacea.
Fail: Fisker
Links:
Info on opting out of public databases
Podcast: Play in new window | Download
Seven digit speeding tickets. Car impounded due to ALPR error. Ghost has been infiltrated by law enforcement. UC Berkeley teams up with both the US and Chinese governments. Larry Ellison may control CBS News. He also thinks you should be on your best behavior. Cloudflare offers a free solution to block AI scraping. Passwords are a little less of a pain in the ass, maybe.
Alert: CVE-2024-20017 Zero-click vulnerability for some Mediatek chipsets when running as an AP.
The US Army adopts Software Bills of Materials. Some portable electronic devices in Lebanon exploded. Kaspersky appoints its own replacement without consulting you first. Your car’s tracking of you might get some government attention. Yet another ALPR mistake.
Pwn: Town of Ulster, New York shows us the right way to handle a breech. Fail: HR department sacked after their ALPR rejects the CV of a hiring manager.
Podcast: Play in new window | Download
WCBS 880 AM is no more. Facebook advertisers might actually be listening after all, or maybe not. Security researcher under restraining order for calling out a lie. Ford listens to their customers. Navy OpSec fail.
Fail: Oakland Police. Pwn: Durex
Podcast: Play in new window | Download
I’ve decided that, like last year, I need to take a summer hiatus from producing the podcast. If a significant story needs attention, like last year, I’ll break hiatus to bring it to you.
When I return in September, the production schedule will be on the Sunday after the second and fourth Friday of each month, rather than on Saturdays. As such, I expect episode 150 to drop on September 15th. Talk to you then!
Well, it appears that I was supposed to do a podcast yesterday, and, to be blunt, life just ran my ass over.
That said, for practical reasons, I am going to shift my production schedule a little bit. I will post as soon as I have decided on a new on. It will probably be something being released on Sundays rather than Saturdays.
Talk to you all soon!
Using large language models to speed up exploitations. Will Windows 12 be a subscription? Signal will leave the EU rather than compromise their encryption. EFF slams age verification law in Texas. I just saved a bunch of money on my insurance because my insurer bought my data.
Voices of 2600: Touch screens in cars.
Pwn: Ticketmaster; follow-up on ARRL, sorta.
Fail: Google AI.
Podcast: Play in new window | Download
FCC fines all the major cell carriers for abusing location data, then goes on to clarify net neutrality rules. Simon Properties gives access to data from their Flock cameras directly to law enforcement. Microsoft, however, bars access to law enforcement. Automatic emergency braking on cars now mandatory.
Representative Tom Emmer (D-MN) gets a bill through the House to bar the Federal Reserve from issuing digital currency. A journalist tries to get their Honda to stop tracking them.
Pwn: Kaiser Permanente, Dell, Outabox, Post Millennial, ZScaler, American Radio Relay League, Western Sydney University, Albany County in New York, plus thoughts on the MITRE pwn.
Fail: Rockwell Automation
Podcast: Play in new window | Download
Life is being a bit problematic right now and I have no capacity to use to produce today’s podcast. I’ll be back in two weeks, hopefully.
Grindr accused of revealing HIV status of its users. Missouri AG sues media watchdog. Google deletes data they collected from “incognito” mode users. Target targeted over biometrics. NYC to use body scanners on the Subways. Bill to prohibit law enforcement from using data brokers passes House. Tik-Tok “ban” passes. Windows 11 now advertises in the Start menu.
Using the EICAR string to test for plaintext password storage. More on auto insurers buying data from your car’s manufacturer.
Alert: PuTTY vulnerable to revealing private keys.
Pwns: Lightning round! AT&T; OWASP; Jackson County, Missouri; Cisco; New York State; MITRE. More on the Change Healthcare pwn.
Infrastructure: Muleshoe, TX water supply; 911 in four states.
Opsec: Bribing cellco employees for SIM swaps; High quality phishing attack against LastPass; Facebook was trying to snoop Snapchat traffic and others.
Fail: Bell Canda Fibe TV Cloud DVR.
Podcast: Play in new window | Download
Due to illness, episode 147 is postponed, probably until 2024-04-27. It isn’t lost on me that this happened at the worst possible time, specifically when the whole XZ and SSH matter unfolded, and for that I apologize, but there’s little question about my ability to produce an episode right now . . . that ability is just not there.