Episode 210 - The Is Andy Paying Attention? Episode

Update: 2024-12-03

Description

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

24th November 2014: The Washington Post published an article which included a photo of TSA master keys. A short time later functional keys were 3-d printed using the key patterns in the photo. Oops.

https://twitter.com/todayininfosec/status/1860803840620044356

22nd November 2010: Matt Blaze published the PowerPoint slides he was contractually required to submit for his 2011 RSA Security Conference presentation. Matt hates PowerPoint. Take a moment to admire the slides he submitted.

https://twitter.com/todayininfosec/status/1860027850369519669

Rant of the Week (12:47 )

https://www.theregister.com/2024/11/26/third_major_cyber_incident_declared/

A UK hospital is declaring a "major incident," cancelling all outpatient appointments due to "cybersecurity reasons."

The Wirral University Teaching Hospital NHS Trust, located in North West England, said the so-called "incident" affects the whole Trust, which oversees Wirral Women and Children's Hospital, Clatterbridge Hospital, and Arrowe Park Hospital.

Although the tech problems began on Monday, officials confirmed to The Register it is still dealing with the fallout as of Tuesday morning.

All outpatient appointments were canceled on Monday and the same decision was made today, according to Arrowe Park and Clatterbridge's social media posting. All patients whose appointments were canceled will be contacted to rearrange them.

Billy Big Balls of the Week (20:48 )

Put your usernames and passwords in your will, advises Japan's government

Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it.

The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:

Ensuring family members can unlock your smartphone or computer in case of emergency;

Maintain a list of your subscriptions, user IDs and passwords;

Consider putting those details in a document intended to be made available when your life ends;

Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.

The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs – and powerless to stop their credit cards being charged for services the departed cannot consume.

Some entrepreneurs have already identified end of life services as an opportunity. "Dead Man's Switch" apps can be set to contact whomever you choose if you do not sign in to certain accounts after a period you select as a likely indicator of your departure from this world.

Meta also offers the chance to nominate a "legacy contact" who can manage your account.

Such services aren't just opportunistic: grieving people have a lot on their plate, and executing wills is not always straightforward.

Industry News (31:08 )

ICO Urges More Data Sharing to Tackle Fraud Epidemic

Over a Third of Firms Struggling With Shadow AI

Darknet Services Fuel Holiday Scams and E-Commerce Exploits

NHS Trust Declares Major Incident for “Cybersecurity Reasons”

Nuclear Decommissioning Authority Opens Sellafield Cyber Center

New EU Commission to Unveil Healthcare Cybersecurity Plan in First 100 Days

T-Mobile Claims Salt Typhoon Did Not Access Customer Data

Albanian Drug Smugglers Busted After Cops Decrypt Comms

UK Justice System Failing Cybercrime Victims, Cyber Helpline Finds