Eric Chadbourne @sillystring@infosec.exchange

On the latest "Smashing Security" podcast: The Darkside ransomware gang donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot?

Find it in your favourite podcast app or at https://www.smashingsecurity.com/listen

This story is filled with incredible details, gathered from an internal FBI document, court documents, and several interviews with people who were part of this international crime ring.

This is also an important chapter in the modern war on encryption.

https://www.vice.com/en/article/v7m4pj/the-network-vincent-ramos-phantom-secure

Donald Trump’s Twitter password is “maga2020!”, and there’s no 2FA, claims hacker.

You don't need an IQ of 197 to know that's pretty dumb...

https://grahamcluley.com/donald-trumps-twitter-password-is-maga2020-and-theres-no-2fa-claims-hacker/

U.S. government concludes Iran was behind threatening emails sent to Democrats https://www.washingtonpost.com/technology/2020/10/20/proud-boys-emails-florida/

The October maintenance releases of BIND are available and can be downloaded from the ISC software download page,

https://www.isc.org/download

A summary of changes in the new releases can be found in their release notes:

current supported stable branches:

9.11.24 - https://downloads.isc.org/isc/bind9/9.11.24/RELEASE-NOTES-bind-9.11.24.html

9.16.8 - https://downloads.isc.org/isc/bind9/9.16.8/RELEASE-NOTES-bind-9.16.8.html

It's finally official! Debian is donating $10,000 to the Peertube crowdfunding campaign to add livestreaming functionality. https://bits.debian.org/2020/10/debian-donation-peertube.html

Click "agree" without reading the terms and conditions

QAnon/8Chan Sites Briefly Knocked Offline

https://krebsonsecurity.com/2020/10/qanon-8chan-sites-briefly-knocked-offline/

Google reveals the most powerful DDoS attack in history… albeit three years late.

https://grahamcluley.com/google-reveals-the-most-powerful-ddos-attack-in-history-albeit-three-years-late/

Apple’s T2 security chip has an unfixable flaw

The jailbreak could [be] weaponized by malicious hackers [to] disable macOS security … and install malware.

There are a few important limitations of the jailbreak… an attacker would need physical access to target devices…

"There really isn't much that Apple can do to fix it. It's not the end of the world, but this chip, which was supposed to provide all this extra security, is now pretty much moot."

https://arstechnica.com/information-technology/2020/10/apples-t2-security-chip-has-an-unfixable-flaw/

#infosec #Apple

Google warns of severe 'BleedingTooth' #Bluetooth flaw in #Linux kernel https://www.zdnet.com/article/google-warns-of-severe-bleedingtooth-bluetooth-flaw-in-linux-kernel/ #infosec

New! From "Smashing Security" it's our 200th podcast! Check it out if you think you're hard enough:

https://www.smashingsecurity.com/listen

(The real version isn't quite as potty-mouthed as this teaser)

#cybersecurity #podcast