tik-tok

Environmental EV backlash, banning Tik-Tok, Swedish children wearing protective armor, and Biden attacks junk fees.

Paediatric dermatologist Dr Deshan Sebaratnam spends his days combating online misinformation about what you should and should not put on your face.

This means he gently steers teenagers away from unnecessary retinol skin potions, suggesting instead that sunscreen is really the only thing most need. His advice for adults? Spend no more than $20 on any skin product.

Laurent Michelon est un entrepreneur basé en Chine qui partage son temps entre Hong Kong et Pékin.

Diplômé de Sciences Po et de l’INALCO, il est établi dans la région depuis plus de 20 ans, où il a travaillé dans la diplomatie culturelle française et pour plusieurs groupes de communication internationaux avant de développer ses activités de conseil pour sociétés européennes en Chine et pour multinationales chinoises en Europe.

Laurent Michelon est l’auteur de “Comprendre la relation Chine Occident : La superpuissance réticente et l’hégémon isolé” aux éditions Perspectives Libres.

Dans cet essai, il propose une analyse dépassionnée et originale des rapports entre la Chine et les États-Unis, basée sur la méthode de l’historionomie, qui étudie les schémas historiques récurrents et les lois qui régissent l’Histoire.

La fin de l’empire américain, la guerre totale entre la Chine et les USA, sont les thèmes que nous  abordons avec Laurent Michelon.

Nous explorerons avec lui les causes et les conséquences du déclin de la puissance américaine, confrontée à la montée en puissance de la Chine, qui aspire à devenir le leader mondial du XXIe siècle.

Nous examinons également les stratégies et les tactiques des deux superpuissances, qui se livrent une guerre économique, technologique, commerciale, diplomatique et idéologique, sans exclure le recours à la force militaire.

Nous nous nous interrogeons enfin sur les impacts de cette rivalité sur le reste du monde, notamment sur l’Europe, qui se trouve prise entre deux feux.

https://geopolitique-profonde.com/

 Kroz novo izdanje podcasta Opet Laka vodiće vas Selma Krifica - Čoloman, poznatija kao Big Mama. Osim što je žena sa najviše imena, prezimena i nadimaka, svestrana je i kada je u pitanju profesija. Svoje dugogodišnje voditeljsko iskustvo, na društvenim mrežama svakodnevno kombinuje sa glumom i imitacijom. Njen specifičan smisao za humor okupio je ogroman broj pratitelja, pa tako danas važi za jednu od najpoznatijih influenserica u BiH. 

Čitajte nas na: https://www.oslobodjenje.ba FB :https://www.facebook.com/oslobodjenjeba IG: https://www.instagram.com/oslobodjenj... Twitter: ...

European Security Blogger Awards 2023

Vote for us (and Thom and teissTalk) here:

https://forms.gle/o6LwY6t5bSY9Fp5CA 

This week in InfoSec (11:24)

With content liberated from the “today in infosec” twitter account and further afield

15th May 2011: Sony Begins Restoration of Its PlayStation Network after Cyber Attack

After a malicious cyber attack compromises Sony Computer Entertainment's data center in San Diego, California, the PlayStation Network is shut down on April 20. 

The ensuing investigation revealed a number of security flaws, and in tandem with outside security firms, Sony implemented a number of upgrades to deter and mitigate future attacks to its network and its customers’ personal information. The Americas, Oceania, Europe and the Middle East were the first regions to regain access to the PlayStation Network, and among other measures, customers were required to reset their passwords upon initially signing in. 

As more and more personal information is posted online, whether for financial, social, or business transactions, the safekeeping and protection of this data has come to the forefront of Internet consumer concerns. 

20th May 2003: Rain Forest Puppy reflected on change in the security industry and made a declaration of his personal change. 

https://web.archive.org/web/20090510083820/www.wiretrip.net/rfp/txt/evolution.txt

https://twitter.com/todayininfosec/status/1395378144861896705

 Rant of the Week (18:00)

Upstart encryption app walks back privacy claims, pulls from stores after probe

A new-ish messaging service that claimed to put privacy first has pulled its end-to-end encryption claims from its website and its app from both the Apple and Google software stores after being called out online.

Converso – a comms app launched in September 2022 – billed itself as a "next-generation messaging app that keeps your conversations completely private." This, according to the developer's website, included "proprietary state-of-the-art end-to-end encryption technology," no storage of messages on servers, and "absolutely no use of user data." It claimed it could stand up to the likes of Signal and WhatsApp in the security stakes. 

A blogger who goes by Crnković and has an interest in encryption protocols heard about Converso from an ad on a podcast and decided to poke around to see if the software lived up to the hype. 

Crnković found the app talked to a Google Cloud-hosted database that was left completely open to the public by the software's developers. This Firestore database, we're told, included encrypted message content, metadata about people's messages, their private encryption keys, phone numbers, and more. Essentially, it would be possible for anyone to fetch that information and decrypt a stranger's message that went through the app, according to the researcher.

Crnković concluded:

Not only is metadata public, but so too are the keys used to encrypt messages. Anyone can download a Converso user's private key, which could be used to decrypt their secret conversations.

There's no longer any real distinction between cleartext and encrypted messages – nothing is meaningfully encrypted. For your security, you shouldn't use Converso to send any message that you wouldn't also publish as a tweet.

"Dissecting Converso was in large part a learn-as-you-go exercise for me, as I don't have prior experience reverse engineering mobile apps," Crnković told The Register. "I was shocked at each exponentially worse mistake."

Telegram vulnerability: https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/

Billy Big Balls of the Week (27:37)

Microsoft decides it will be the one to choose which secure login method you use

Microsoft wants to take the decision of which multi-factor authentication (MFA) method to use out of the users' hands and into its own.

The software maker this week is rolling out what it calls system-preferred authentication for MFA, which will present individuals signing in with the most secure method and then alternatives if that method is unavailable.

Redmond first unveiled the feature in a disabled state in April and is now making it generally available to all commercial users through the Azure Portal or Graph APIs, with the decision whether to enable it for tenants now resting with administrators.

That said, in July Microsoft will make system-preferred authentication a default feature in its Azure Entra portfolio for all user accounts, with more information coming out next month.

The goal is to shore up security by not only delivering new features to harden products and services but to, at times, strong-arm people into using them.

More security, fewer problems?

"This system prompts the user to sign in with the most secure method they've registered and the method that's enabled by admin policy," Alex Weinert, vice president and director of identity security at Microsoft, wrote in a blog post. "This will transition users from choosing a default method to use first to always using the most secure method available. If they can't use the method they were prompted to use, they can choose a different MFA method to sign in."

Industry News (36:43)

Ex-Ubiquiti Employee Imprisoned For $2m Crypto Extortion Scheme

NSO Group Spends Millions Lobbying US Government

Cyber-Resilience Programs Failing on Poor Visibility

New Cloud Data Leak Adds to Capita's Woes

Government Publishes Playbook to Enhance Smart City Security

ChatGPT Leveraged to Enhance Software Supply Chain Security

Montana Signs Ban on TikTok Usage on Personal Devices

Apple's App Store Blocks $2bn in Fraudulent Transactions

Cyber Warfare Escalates Amid China-Taiwan Tensions

Tweet of the Week (48:17)

https://twitter.com/pmbaumgartner/status/1658804805014368256

Come on! Like and bloody well subscribe!

Σε αυτό το επεισόδιο, η Αγάπη μας μιλά για το #bookstagram και το #bookTok, τους δημοφιλείς χώρους για τους βιβλιόφιλους στις πλατφόρμες Instagram και TikTok. Θα ανακαλύψουμε πώς να δημιουργήσουμε περιεχόμενο για τα βιβλία μας στα social media. Θα μάθουμε συμβουλές και ιδέες για την παρουσίαση βιβλίων, είτε για συνεργασίες είτε για προσωπική μας ευχαρίστηση. Θα μοιραστεί εμπνεύσεις από το Pinterest και ποιες εφαρμογές να χρησιμοποιήσουμε για επεξεργασία φωτογραφιών. Ετοιμαστείτε για ένα επικό επεισόδιο γεμάτο booklove!

Ich will in erster Linie für Menschen schreiben. Content der Menschen begeistert, der sich gut anfühlt, bei dem man merkt ich schreibe nicht um Reichweite zu bekommen, sondern in erster Linie, damit Du etwas davon hast.

This week in InfoSec (9:23)

With content liberated from the “today in infosec” twitter account and further afield

29th July 1985: An article in the New York Times cited multiple experts who alleged the vote counting systems of Computer Election Systems are vulnerable to tampering.

Yep. Election systems vulnerabilities aren't a new phenomenon. Not even close. 

COMPUTERIZED SYSTEMS FOR VOTING SEEN AS VULNERABLE TO TAMPERING

https://twitter.com/todayininfosec/status/1156078284603416582

30th July 2013: Chelsea Manning was found guilty of espionage, theft, and computer fraud, as well as military infractions. 

United States v. Manning

https://twitter.com/todayininfosec/status/1288925289465208834

6th August 1997: Microsoft Buys $150M of Apple stock.  In an effort to help save Apple Computer and possibly deflect criticism in its own anti-trust trial, Microsoft Corp. buys $150 million in shares of Apple Computer Inc. Apple, which had been struggling to find direction and profits for years, agreed to the boost in funding with terms that dictated cooperation in the design of computers as well as shared patents. Microsoft agreed to continue supporting MS-Office for the Mac for another five years as well.

Rant of the Week (18:11)

India scraps data protection law in favor of better law coming … sometime

The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will – eventually – unveil a superior bill.

The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows. It also included restrictions on sharing of personal data without explicit consent, proposed establishment of a new Data Protection Authority within the government, and more.

On Wednesday, telecom minister Ashwini Vaishnaw tweeted that the bill was nixed because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill's 99 sections.

"Therefore the bill has been withdrawn and a new bill will be presented for public consultation," said Vaishnaw.

and...

UK Parliament bins its TikTok account over China surveillance fears

Plan to educate the children turned out to be a 'won't someone think of the children?' moment

The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Beijing.

The existence of the account saw half a dozen MPs write to the presiding officers of the Houses of Lords and Commons — Lord McFall of Alcluith and Sir Lindsay Hoyle, respectively — to ask for the account to be discontinued.

"While efforts made to engage young people in the history and functioning of parliament should always be welcomed, we cannot and should not legitimise the use of an app which has been described by tech experts as 'essentially Chinese government spyware'," wrote MPs Nusrat Ghani, Tim Loughton, Sir Iain Duncan Smith, Tom Tugendhat, plus Lord Alton of Liverpool and Baroness Kennedy of the Shaws.

Billy Big Balls of the Week (26:21)

Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones

A now-former T-Mobile US store stole at least 50 employees' work credentials to run a phone unlocking and unblocking service that prosecutors said netted $25 million.

Argishti Khudaverdyan, 44, of Burbank, California, was found guilty of 14 criminal charges [PDF] by a US federal jury on Friday.

According to the Dept of Justice, Khudaverdyan co-owned a T-Mobile US store in Los Angeles, operating as a business called Top Tier Solutions, for about five months in 2017. 

T-Mo ended its contract with Khudaverdyan in June 2017 after being sketched out by his suspicious use of the carrier's computer system. It turned out he had been unlocking phones for customers without T-Mobile US's permission so that the devices could be used on different networks.

Even after the self-styled un-carrier gave him the boot, he continued his illicit scheme, advertising unlocking and unblocking services through brokers, email spam, and websites that Khudaverdyan and Gharehbagloo controlled, such as unlocks247[.]com and swiftunlocked[.]com.

Industry News (33:37)

UK’s Top 10 Universities Failing on DMARC

Thousands of Apps Leaking Twitter API Keys

LockBit Ransomware Exploits Windows Defender to Sideload Cobalt Strike Payload

Tory Leadership Voting Delayed Over Security Concerns

T-Mobile Retailer Guilty of $25m Fraud Scheme

xperts Warn of Fake Football Ticket Scams

Ukraine Shutters Major Russian Bot Farm

Users Still in the Dark Over $5m Theft From Blockchain Firm Solana

CREST and OWASP Partner on Verification Standard Program

Tweet of the Week (40:16)

https://twitter.com/AndrewMohawk/status/1555430194743111683?s=20

Come on! Like and bloody well subscribe!

Michael and Patrick earn their food poisoning, Tik-Tok, and genealogy merit badges this week. 

Darrin Morris was taught to crochet a chain by his mother when he was only 2 years old! Even though he had the basics down at such a young age, he didn’t get started in Fiber arts until he was 35. Darrin worked at the Lion Brand Yarn Studio as a Fiber Arts Instructor for 10 years teaching classes about Knitting, Felting, Spinning, Yarn dyeing, and Embroidery. Now Darrin works at the Lion Brand Corporate office with the product development team.

Follow Darrin;

www.instagram.com/misterwoolybear/

www.facebook.com/darrin.morris.528

Follow #HATNOTHATE;

www.hatnothate.org

https://www.facebook.com/hatnothate

https://www.instagram.com/hat_not_hate/

If you have a story to tell;

Email: bluelemonadepodcast@gmail.com to be a guest on the show

https://www.facebook.com/Blue-Lemonade-Podcast-113752514556183

https://www.instagram.com/bluelemonadepodcast/