Episode 201 - The Difficult 201st Podcast
Description
This week in InfoSec (13:08 )
With content liberated from the “today in infosec” twitter account and further afield
3rd September 2014: Twitter launched its bug bounty program via the HackerOne platform, stating it would award at least $140 for vulnerabilities found in http://x.com/ or its Android or iOS apps.
$140? 140 was the max tweet length. $1.6 million has been paid out since inception.
https://twitter.com/XSecurity/status/507220774336225280
https://x.com/todayininfosec/status/1831408686604140602
30th August 2014: A user of the message board 4chan posted leaked nude photos of Jennifer Lawrence, Kate Upton, Kirsten Dunst, and other celebrities. Several years later 4 people were sentenced for crimes related to the hacking of Apple iCloud accounts of dozens of targeted individuals.
Apple knew of iCloud API weakness months before celeb photo leak broke
https://x.com/todayininfosec/status/1830016468328575386
Rant of the Week (19:09 )
'Error' causes Alexa to endorse Kamala Harris, refuse to discuss Trump
It would be perfectly reasonable to expect Amazon's digital assistant Alexa to decline to state opinions about the 2024 presidential race, but up until recently, that assumption would have been incorrect.
When asked to give reasons to vote for former President Donald Trump, Alexa demurred, according to a video from Fox Business.
"I cannot provide responses that endorse any political party or its leader," Alexa responded. When asked the same about Vice President Kamala Harris, the Amazon AI was more than willing to endorse the Democratic candidate.
"There are many reasons to vote for Kamala Harris," Alexa said. Among the reasons given was that Harris has a "comprehensive plan to address racial injustice," that she promises a "tough on crime approach," and that her record on criminal justice and immigration reform make her a "compelling candidate."
Billy Big Balls of the Week (26:45 )
Examples of Google Employees Trying to Avoid Creating Evidence in Antitrust Case
In its antitrust case against Google, the Federal Government filed a list of chats it had obtained that show Google employees explicitly asking each other to turn off a chat history feature to discuss sensitive subjects, showing repeatedly that Google workers understood they should try to avoid creating a paper trail of some of their activities.
The filing came following a hearing in which judge Leonie Brinkema ripped Google for “destroyed” evidence while considering a filing from the Department of Justice asking the court to find “adverse interference” against Google, which would allow the court to assume it purposefully destroyed evidence.
Previous filings, including in the Epic Games v Google lawsuit and this current antitrust case, have also shown Google employees purposefully turning history off.
The chats show 22 instances in which one Google employee told another Google employee to turn chat history off. In total, the court has dozens of specific employees who have told others to turn history off in DMs or broader group chats and channels. The document includes exchanges like this (each exchange includes different employees)
AND
Musician charged with $10M streaming royalties fraud using AI and bots
North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme.
According to court documents, Smith fraudulently inflated music streams on digital platforms between 2017 and 2024 with the assistance of an unnamed music promoter and the Chief Executive Officer of an AI music company.
He acquired hundreds of thousands of songs generated through artificial intelligence (AI) from a coconspirator and uploaded them to these streaming platforms. He then used automated bots to stream the AI-generated tracks billions of times.
Industry News (36:21 )
South Korea Police Investigates Telegram Over Deepfake Porn
Irish Wildlife Park Warns Customers to Cancel Credit Cards Following Breach
TfL Claims Cyber-Incident is Not Impacting Services
Three Plead Guilty to Running MFA Bypass Site
Civil Rights Groups Call For Spyware Controls
Clearview AI Fined €30.5m by Dutch Watchdog Over Illegal Data Collection
Russian Blamed For Mass Disinformation Campaign Ahead of US Election
OnlyFans Hackers Targeted With Infostealer Malware
UK Signs Council of Europe AI Convention
Tweet of the Week (42:50 )
https://twitter.com/0xdade/status/1831387831677415923
Come on! Like and bloody well subscribe!