🤡 At Microsoft, years of security debt come crashing down
「 For many critics of Microsoft, the events of the past nine months are the logical conclusion of a company that has ridden the wave of market dominance for decades and ignored years of warnings that its product security and practices failed to meet the most basic standards.
“In a healthy marketplace, these would be fireable offenses,” 」
Regarding the data breach involving clubs and venues in Australia:
A company called Outabox got a contract to do venue signin software. They contracted a Philoipines group to do the actual work, ensuring all data was stored outside of Australia. After 4 years they broke off the deal without payment and grabbed the gathered data and ran. The Australian running the scam has been arrested.
SOME of the venues where Outabox systems are installed:
Breakers Country Club
Bulahdelah Bowling Club
Central Coast Leagues Club
ClubMex Club Mayfield
RSLCity of Sydney RSL
DiggersEttalong diggers
East Maitland Bowling Club
East Cessnock Bowling Club
Fairfield RSL Club
Gwandalan Bowling Club
Halekulani Bowling Club
Hornsby RSL Club
Ingleburn RSL Club
Merivale
Club Old Bar
Club Terrigal
The Tradies Dickson
Erindale Vikings
West Tradies
Check out the latest "Smashing Security" podcast from yours truly and Carole Theriault, looking at Indian election deepfakery, the kindness of the Canadian rail system, Leicester's ransomware attack, and 12 Angry Men!
Thanks to our sponsors Kolide by 1Password, Vanta, and Sonrai Security for their fab support!
Eight "unknown number" hang-up calls already today at 2pm; nine of them yesterday; not one repetition, all but one in our area code.
Is this related to the #UHC data breach? My mom has a United Health care plan (but not a Change Healthcare plan). She would be a prime target (pun intended) at 97 years of age.
Found a nice little Website which lets me check my #password strength.
I like it because it also requires me to input the website and login name so it does not use some stupid general rule but adjusts. And that for only $5/month!
On a unrelated note, does anybody know how someone breached my Gmail and bank accounts recently?
(This is a joke. But it also shows how easy it is to mistake something like a security hole as a feature)
I just recieved this scam email purporting to be a TV Licensing renewal reminder. It's reasonably well done except for:
The sender email address
The trademark symbol - AFAIK that's never used by TVL
I believe they're using the data from the People's Energy data breach as the email address they sent this to used the unique plus alias I used on my account with PE.
The "sign in" link goes to an AWS S3 hosted file BTW.
🔐 Microsoft blamed for “a cascade of security failures” in Exchange breach report | Ars Technica
「 Microsoft's "pay-to-play" security model. The report notes that State Department officials detected the Chinese breach in June and notified Microsoft. That only happened because the department paid for a "G5" tier of Microsoft's cloud services that provided "Microsoft Purview Audit (Premium)"」
Just one more reason not to give your cellular provider your real information. I've had good luck with US Mobile over the past ~6 months with alias information. Good prices and network coverage. Works well on GrapheneOS.
[Gifted article, The Washington Post ]: Data from 73 million AT&T accounts leaked to dark web, company says
The data set includes personal information such as Social Security numbers for 7.6 million current customers and 65.4 million former customers, the company said. By Rachel Lerman
AT&T has reset millions of customer account passcodes after a vast amount of the phone giant’s customer records were stolen and dumped online last month. Tech Crunch has the story, which includes how a security researcher who analyzed the leaked data found the encrypted passcodes easy to decipher. https://flip.it/yM0d3O #Tech#Technology#Hacking#TechCrunch#DataBreach