The Naked Security podcast, hosted by Doug Aamoth and Paul Ducklin, covers a range of topics related to cybersecurity, including password manager cracks, login bugs, and historical examples of security breaches. In a recent episode, the hosts discussed a ransomware attack against a technology company in Oxfordshire, England, which involved a man-in-the-middle attack by a member of the company’s defensive team. The attacker managed to hijack the ransomware payment negotiation by using a typosquat email account and changing the Bitcoin address in email traces. However, the company decided not to pay, and the attacker’s traces were discovered and seized, leading to his guilty plea after a five-year legal battle.
The hosts also drew a historical analogy to Queen Elizabeth I and Mary Queen of Scots, who were political and religious enemies in the 1580s. Mary was detained under house arrest and communicated with her conspirators using messages stuffed into beer barrels. A compliant beer supplier acted as a man-in-the-middle by removing and copying the messages and inserting replacement messages that persuaded Mary to reveal more than she should have. This eventually led to her execution for plotting against Queen Elizabeth I.
In another story, the hosts discussed a login bug in an app-building toolkit called Expo, which supports the Open Authorization system (OAUTH). OAUTH is used by websites that allow users to login with Google, Facebook, or other mainstream services. The vulnerability was discovered by a web coding security analysis company called SALT, and Expo fixed the bug quickly and transparently. The hosts stressed the importance of verifying authentication tokens issued by OAUTH providers to ensure secure login.
The podcast also covered the history of the Graphics Interchange Format (GIF), which was developed by CompuServe in 1987 to support colour images on early computer networks. GIFs quickly gained popularity due to their ability to display simple animations and widespread support across different computer systems. The hosts joked about the controversy over whether the word is pronounced with a hard G or a soft G.
In conclusion, the Naked Security podcast offers a mix of cybersecurity news, advice, and historical anecdotes. The hosts cover a range of topics related to security breaches, insider threats, and vulnerability fixes. Listeners can learn about the latest trends in cybersecurity and how to protect themselves against attacks.