Categories
Let's try that again.

Little Brother Episode 147 2024-04-27

Grindr accused of revealing HIV status of its users. Missouri AG sues media watchdog. Google deletes data they collected from “incognito” mode users. Target targeted over biometrics. NYC to use body scanners on the Subways. Bill to prohibit law enforcement from using data brokers passes House. Tik-Tok “ban” passes. Windows 11 now advertises in the Start menu.

Using the EICAR string to test for plaintext password storage. More on auto insurers buying data from your car’s manufacturer.

Alert: PuTTY vulnerable to revealing private keys.

Pwns: Lightning round! AT&T; OWASP; Jackson County, Missouri; Cisco; New York State; MITRE. More on the Change Healthcare pwn.

Infrastructure: Muleshoe, TX water supply; 911 in four states.

Opsec: Bribing cellco employees for SIM swaps; High quality phishing attack against LastPass; Facebook was trying to snoop Snapchat traffic and others.

Fail: Bell Canda Fibe TV Cloud DVR.

Categories
Programming note

Episode 147 is postponed.

Due to illness, episode 147 is postponed, probably until 2024-04-27. It isn’t lost on me that this happened at the worst possible time, specifically when the whole XZ and SSH matter unfolded, and for that I apologize, but there’s little question about my ability to produce an episode right now . . . that ability is just not there.

Categories
They're spying on us.

Little Brother Episode 146 2024-03-23

Automakers want us to fear right-to-repair. Florida man sues GM for invading his privacy. NYPD doesn’t wish to explain themselves to a judge. Lawsuit against Apple over Airtag stalking is given the green light.

Alerts: Fortinet, Apple M-series processors

Focus: Cyberwarfare against critical infrastructure

Opsec: Cars and Internet connections

Pwn: Roku

Fail: McDonald’s

Categories
Rare Form

Little Brother Episode 145 2024-03-09

Meta collecting anonymized data from Quest headset users. Biden signs an executive order to prevent foreign powers from buying your data. NSO group ordered to turn over source code to Meta. Signal Private Messenger beta-testing hiding your phone number. Bill that might ban TikTok and others comes out of committee.

Pwns: Change Healthcare, City of Oakley, CISA(!!)

Fails: Mars, Flock Security

Categories
Shituation

Little Brother Episode 144 2024-02-24

European court finds in favor of end-to-end encryption. India finds against Protonmail. Reddit to go public. Charles Berthoud has been cancelled and can’t find out why.

Follow ups: Police Raid on Marion County Recorder (ep. 133a), AMBER Alert (ep. 136).

AI Roundup: AI Researcher fined incorrectly by an AI for a traffic infraction. Amazon finds emergent behaviors from AI. Air Canada held to promises made by its AI chatbot. English teacher finds a way to stop LLM-based plagiarism.

Opsec: Mixup of user data at Wyze. Near Intelligence is tracking patients at family planning clinics. Shipping company busted for putting GPS trackers on police cars.

Pwn: IMS. Fails: inet.af, AT&T Wireless.

Categories
Missing or Wanted

Little Brother Episode 143 2024-02-10

Knightscope robot retires from patrolling the subway. NSA admits buying data from brokers. A new search engine appears.

We don’t need to network our toothbrushes. Funimation to shut down, separating people from the media they “bought.”

Laws that will totally work: FCC outlaws AI voices, Canadian Parliament proposes to outlaw Flipper Zero and similar devices.

Voices of 2600: Phil interviews me for a change, thoughts on cell phone privacy.

Pwn: Mercedez-Benz.

Fail: WJLX

Categories
Sense of irony

Little Brother Episode 142 2024-01-27

Tesla features unlocked! Amazon to require warrants for Ring doorbell footage. The FBI is using Rekognition face-recognition technology. New botnet attacks Linux servers. The Mother of All Data Breaches. FTC bans sale of medical location data. Facebook users tracked by thousands of orgs . . . each! Google goes to battle against geofence warrants.

Pwns: Orange España; cybersec law firm Oreck, Herrington and Sutcliffe, and a follow up on one of the many T-Mobile breaches.

Fail: Microsoft Teams

Resources

Tweak your Facebook permissions here.

You can check to see if your personal data have been leaked at the Cybernews Data Leak Checker or at Have I Been Pwned.

Categories
Programming note

Episode 142 is being postponed.

Due to a family emergency, Episode 142 will be postponed until the next regularly scheduled slot, 2024-01-27.

My apologies, but this was entirely unavoidable.

Categories
Wham!

Little Brother Episode 141 2023-12-23

Google faces antitrust concerns. Epic wins against Google for Play Store fees. Push notifications sorta-protected by new corporate policies. Police using drones to patrol malls. Rite Aid can’t use facial recognition for five years. Tesla tracks you . . . duh! Chevy Tahoe for one dollar.

Vendor lock-in on the railroads. Yes, they are listening to you. Wikipedia article about the Ship of Theseus is a perfect example of a Ship of Theseus.

Voices of 2600: Encrypted police radios.

Opsec: Signal is struggling, but at least you don’t have to tell the police your password.

Pwns: Xfinity, First American. Fail: Michael Cohen’s lawyer.

Categories
Failing a genetic test

Little Brother Episode 140 2023-12-09

Another way your phone is a snitch. Meta sues for the right to monetize your kids.

Alerts: Vulnerabilities and attacks on Bluetooth, UEFI and ESXi.

Pwns: Municipal Water Authority of Aliquippa, Idaho National Laboratory, 23andMe.

Voices of 2600: Genetic testing

Perplexed with Plex default behavior. Sony Playstation owners discover that “bought” doesn’t mean what they think it means.

Fail: Don’t moon your Android device until you’re 18.