![2024-10-21 - Logging Con - Talkin' Bout [Infosec] News cover](/_next/image?url=https%3A%2F%2Fpod.wave.co%2Flogo.png&w=1200&q=75)
Podcast Summary: Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode: 2024-10-21 - Logging Con
Release Date: October 25, 2024
1. Introduction and Recent Events
The latest episode of "Talkin' About [Infosec] News" dives deep into a myriad of cybersecurity topics, blending serious discussions with lighthearted banter among the hosts—Wade, John, Graham, Charles, Mike, and occasional contributors. The episode kicks off with the hosts sharing personal anecdotes and recent experiences, setting a casual yet informative tone for the discussions ahead.
2. Major Breaches and Security Incidents
a. Internet Archive Breach
A significant portion of the episode is dedicated to the recent breaches faced by the Internet Archive. The hosts discuss how the organization, known for the Wayback Machine, suffered two breaches within a single week, culminating in a DDoS attack attributed to a pro-Palestinian group named SN_Black_Meta.
-
John explains:
"00:14:38 They got DDoSed while we're at Way West Hacking Fest... another breach resulted in 34 million accounts being compromised." -
Wade adds context about the attacker's motives, suggesting it was politically motivated against a platform perceived as supporting particular agendas.
b. Game Freak and Pokémon Breach
Another highlight is the discussion around Game Freak's recent breach, impacting Pokémon data. The hosts speculate on connections to ongoing legal battles, such as the Pal World lawsuit, and ponder the implications of such breaches on longstanding franchises.
- Charles muses:
"11:34 My take is, is this related to the Palworld lawsuit? Pokémon is known for being extremely litigious..."
c. Microsoft’s Missing Logs
Microsoft notified customers about losing over two weeks of security logs for certain cloud products. The hosts debate the normalcy of such incidents and their potential impact on security monitoring.
-
John states:
"32:18 As someone who reads logs all the time, yeah, that's pretty normal almost." -
Wade counters:
"33:27 Logs just disappear all the time. I don't like it."
3. Quantum Computing and Encryption
The conversation transitions to advancements in quantum computing, particularly focusing on its ability to factorize encryption keys like RSA. The hosts express concerns over China’s advancements in quantum technology and the potential threats this poses to global cybersecurity.
-
John highlights:
"30:17 Quantum computers have finally broken something, and China is far ahead..." -
E elaborates on the complexities of quantum encryption:
"39:41 Is it brute force if it's a quantum computer?... Convolution of encryption algorithms makes it more complex."
4. WeChat Privacy and Security Concerns
Drawing from Citizen Lab's research, the hosts examine the privacy issues associated with WeChat, a prevalent chat application in China. They discuss the app’s proprietary encryption protocols and the risks of governmental surveillance.
-
Charles explains:
"35:22 Basically, it does depend on your settings and permissions, which applies to any app that isn't end-to-end encrypted." -
John adds a broader perspective:
"37:51 It could apply to any malicious app, not just WeChat."
5. Ransomware Trends and Cybersecurity Insurance
The hosts delve into the evolving landscape of ransomware, critiquing how cybersecurity insurance inadvertently fuels ransomware operations by making ransom payments more viable for businesses.
-
Charles discusses an opinion piece:
"50:37 The U.S. government is trying to eliminate threat actors, but businesses' reliance on ransom payments complicates the effort." -
Mike agrees:
"51:26 If we stop paying ransoms, ransomware actors would lose their funding and cease operations."
6. Ublock Origin and Browser Privacy
A technical discussion ensues around Google's decision to phase out Ublock Origin in favor of Manifest Version 3 for Chrome extensions. The hosts debate the implications for ad blocking and overall internet privacy.
-
H clarifies:
"55:08 It's due to Ublock Origin being a Manifest Version 2 extension, with alternatives like Ublock Origin Lite emerging." -
Charles reflects on the broader impact:
"56:35 Ad blockers like Ublock Origin are essential not just for privacy but also for security against malvertising."
7. Robot Vacuums Compromised
An alarming yet humorous segment covers the hacking of robot vacuums, where compromised devices emit offensive language and behave erratically. The hosts discuss the security flaws that make such IoT devices vulnerable.
-
Charles reads an article:
"46:44 A Minnesota lawyer reported a robot vacuum hacking incident where the device emitted racist obscenities." -
E adds a light-hearted comment:
"48:30 Open them into the wild because they’ve got to die on their own."
8. Conference Recaps: Wild West Hacking Fest
The episode also provides a recap of the recent Wild West Hacking Fest. Hosts share their experiences, including incident response demonstrations, karaoke nights, and the camaraderie among attendees.
-
E shares his favorite moments:
"65:43 Seeing the team handle a breach incident and enjoying the karaoke sessions." -
Charles praises the keynote:
"70:44 Wade's keynote summed up the team's feelings and aspirations in specific, wholesome terms."
9. Personal Stories and Humor
Interwoven throughout the episode are personal stories and humorous exchanges, such as John's accidental head injury from a falling pinecone and nostalgic discussions about retro gaming. These anecdotes humanize the hosts and provide a relaxed atmosphere amidst technical discussions.
-
John’s Pinecone Incident:
"05:07 I was walking with my son when a pinecone fell from a 60-foot pine tree and hit me in the head, causing a significant gash." -
Retro Gaming Banter:
"08:35 We're fishing, Wade... playing Super Mario Brothers 3 while podcasting."
10. Closing Remarks and Future Plans
As the episode winds down, the hosts reflect on their experiences at the Wild West Hacking Fest, discussing plans for upcoming events and the possibility of expanding their presence in future conferences. They also touch upon the importance of community and continuous learning in the infosec space.
-
Charles concludes with optimism:
"69:04 We're going to keep Deadwood small and intimate, and make it as cool as we can handle." -
E emphasizes teamwork and pro bono work:
"19:35 We should call out infosec companies to volunteer for pro bono security testing for nonprofits."
Notable Quotes
-
John on Log Loss:
"32:18 As someone who reads logs all the time, yeah, that's pretty normal almost." -
Wade on Motivation Behind Attacks:
"16:49 It's all about you." -
Charles on Ad Blockers:
"56:35 Ad blockers like Ublock Origin are essential not just for privacy but also for security against malvertising." -
E on Ransomware Payments:
"51:26 If we stop paying ransoms, ransomware actors would lose their funding and cease operations."
This episode offers a comprehensive overview of current infosec challenges, blending technical insights with engaging personal stories. Whether you're an infosec professional or an enthusiast, the hosts provide valuable perspectives on breaches, emerging threats, and the evolving landscape of cybersecurity.