Golden Tickets, 911 Callers, and Hacking Therapy – Paul’s Security Weekly #565
June 26, 2018
In the Security News this week, shutting down the Internet to prevent cheating, Yubico claims a bug bounty and upsets researchers, patching MRI scanners, getting your money back after being scammed, and a couple is caught selling golden tickets to heaven.
Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke - Enter WebUSB, which allows websites to access USB devices. Vervier and Orru found they could craft webpages that masquerade as real sites, such as facebook.com, and could still read from YubiKey tokens. Such a malicious phishing site could therefore trick victims into handing over their Facebook username, password, and two-factor code, and log in as them to cause havoc.
Um, excuse me. Do you have clearance to patch that MRI scanner? - They are really not investing too much effort into upgrading the previously sold medical devices because of security reasons. They might fix something because of health issues very quickly but they're not really looking into improvements that need to be made to [existing] equipment because of cybersecurity. Hospitals, on the other hand, have their arms tied because they cannot change the settings on medical equipment What if I told you that a security issue IS a potential health issue?
How a Nigerian Prince scam victim got his money back after 10 years - Interesting: Following a January 2017 settlement with the US Department of Justice (DOJ) and Federal Trade Commission (FTC), Western Union agreed to pay $586 million into a fund earmarked to repaying victims in the US and Canada, admitting that it turned a blind eye as some of its employees conspired with scammers and used its service for money laundering and fraud.
Meet 'Bro': The Best-Kept Secret of Network Security - In a nutshell, Bro transforms network traffic — in all its volume, variety, and downright weirdness — into exceptionally useful real-time data for security operations. Looks like the newer 16.04 Security Onion release includes an ELK stack, solidifying SO as the platform of choice for Bro and network analysis in the open-source space.
The couple, who sold the tickets on the street for $99.99 per ticket, told buyers the tickets were made from solid gold and each ticket reserved the buyer a spot in heaven — simply present the ticket at the pearly gates and you’re in.
The tickets were just wood spray painted gold with ‘Ticket To Heaven – Admit One’ written in marker.
I don’t care what the police say. The tickets are solid gold… it ain’t cut up two by fours I spray painted gold. And it was Jesus who give them to me behind the KFC and said to sell them so I could get me some money to go to outer space. I met an alien named Stevie who said if I got the cash together he’d take me and my wife on his flying saucer to his planet that’s made entirely of crack cocaine. You can smoke all the crack cocaine there you want… totally free. So, try to send an innocent man to jail and see what happens. You should arrest Jesus because he’s the one that gave me the golden tickets and said to sell them. I’m willing to wear a wire and set Jesus up…
We just wanted to leave earth and go to space and smoke rock cocaine. I didn’t do nothing. Tito sold the golden tickets to heaven. I just watched.
We Asked People About the Time They Got so High They Called 911 - I think he just had the munchies: I’ve been a police dispatcher for over 20 years. We don’t get to many calls [about weed], but the most recent one was this elderly guy. He’d eaten a bunch of edibles, and it just went right to his head. He must have been in his 70s or 80s, and the whole family was just totally mortified and embarrassed. He was all of a sudden just dancing and yelling and screaming—his family couldn’t even contain him in his own yard. He wandered off down the street—they were trying to coax him back into the house. He went into a bank, into a McDonald’s, he just wandered everywhere, and put on a sort of show for everyone he saw.
The CIO of Artesia General Hospital in rural Southeast New Mexico shares the ongoing staffing and resource challenges he faces on a daily basis, and how his IT team tackles risk and workforce training.
The Federal Energy Regulatory Commission is asking input on information collection regulations for how energy companies secure bulk electric systems while its CIO speculated earlier this month that regulated energy utilities will likely need to follow recent government actions around implementing zero trust architectures.