On the latest "Smashing Security" podcast: The Darkside ransomware gang donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot?

Find it in your favourite podcast app or at smashingsecurity.com/listen

This story is filled with incredible details, gathered from an internal FBI document, court documents, and several interviews with people who were part of this international crime ring.

This is also an important chapter in the modern war on encryption.

vice.com/en/article/v7m4pj/the

Donald Trump’s Twitter password is “maga2020!”, and there’s no 2FA, claims hacker.

You don't need an IQ of 197 to know that's pretty dumb...

grahamcluley.com/donald-trumps

More than 2,000 law enforcement agencies across every state now have access to technology that allows them to extract data from confiscated phones.

A new report by @TeamUpturn details the dangerous growth of these tools: upturn.org/reports/2020/mass-e

The October maintenance releases of BIND are available and can be downloaded from the ISC software download page,

isc.org/download

A summary of changes in the new releases can be found in their release notes:

current supported stable branches:

9.11.24 - downloads.isc.org/isc/bind9/9.

9.16.8 - downloads.isc.org/isc/bind9/9.

It's finally official! Debian is donating $10,000 to the Peertube crowdfunding campaign to add livestreaming functionality. bits.debian.org/2020/10/debian

The thing that Meat Loaf would not do for love 

Click "agree" without reading the terms and conditions

Testing one of my servers performance.

Not hard to make a default instance of with be unavailable with . Make it parallel and really crush things.

Not a new article but very clear and easy to implement. Useful for you web admins who like to keep it simple and beat on a site before going live.

simonholywell.com/post/2015/06

Apple’s T2 security chip has an unfixable flaw

The jailbreak could [be] weaponized by malicious hackers [to] disable macOS security … and install malware.

There are a few important limitations of the jailbreak… an attacker would need physical access to target devices…

"There really isn't much that Apple can do to fix it. It's not the end of the world, but this chip, which was supposed to provide all this extra security, is now pretty much moot."

arstechnica.com/information-te

#infosec #Apple

New! From "Smashing Security" it's our 200th podcast! Check it out if you think you're hard enough:

smashingsecurity.com/listen

(The real version isn't quite as potty-mouthed as this teaser)

My 14 year old son just told me how he hacked his online Spanish assessment to get it to translate all the questions into English. He opens Firefox dev tools and disables some client-side javascript that tries to prevent him. Finally a child I can be proud of.

Then we have to have the conversation about how—while it's cool—make sure you actually learn the material. Don't cheat yourself out of an education...

US joins six countries in new call for backdoor encryption access.

And they will get it over my cold, dead, body. What did that senator say.... "Send bachelors and come heavily armed"?

If yall want my crypto, send bachelors and come heavily armed.

theverge.com/2020/10/12/215132

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.