SSCC 109 - Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

Filed Under: Data loss, Featured, Law & order, Microsoft, Podcast, Privacy

Episode #109 of our popular Chet Chat podcast series is out.

Chet and Duck (Chester Wisniewski and Paul Ducklin) are back with their almost entirely reverent opinions on the latest computer security issues.

If this is your first time listening to the Chet Chat: episodes come out every two weeks, and usually last about a quarter of an hour.

That makes the Chet Chat podcast ideal for your daily commute or for a spot of lunchtime listening.

(You can keep up with our podcasts via RSS or iTunes, and catch up on previous Chet Chats and other Sophos podcasts by browsing our podcast archive.)

Listen now:


(20 May 2013, duration 15'23", size 9.3 MBytes)

Download now:

Sophos Security Chet Chat #109 (MP3)

Chet Chat episode 109 shownotes:

Laptop theft

Duck wrote about a video of a chap in London whose laptop was stolen in under a second, live on CCTV.

Was he using full-disk encryption? Both Chet and Duck sincerely hope so.

Duck poses the question, "Does the modern-day fence [handler of stolen goods] treat the data as valuable as well as the laptop?" Chester advises us to assume that the answer is, "Yes!"

Casher crews

Chet and Duck discuss the recent casher crew busts in New York, and talk about how people end up as money mules [processors of cash payments] for cybercrooks.

LulzSec busts

Chester suggests that the prison sentences dished out to Lulzseccers in the UK were probably long enough to satisfy people who thought the UK was a bit soft on cybercrime, but not so long as to be unreasonable.

He also mentions the interview he recorded back in February with Parmy Olson, who wrote a book about what makes these guys tick. It's now available on podcasts.sophos.com.

Patch Tuesday

Chester points out that MS fixed not only its PWN2OWN hole that was discovered a couple of months back, but also the "Dept of Labor" zero-day from just ten days before the update. He thinks that is pretty swift.

Duck agrees, admitting, "These are not words that naturally come billowing out of my mouth, but, 'Well done, Microsoft!'"

Name.com breach (and others)

Chet reels off a list of recent breach-ees, of which name.com is a recent example. At least they only lost password hashes.

Duck remarks on the addition of another newspea kword to go with Advanced Persistent Threat: AoC. "Abundance of caution."

He argues that that's better than complete denial, but worries that it might mean the cure ends up worse than the disease.

Signing off

Chet and Duck sign off by inviting you to enter for a prize in the latest #sophospuzzle, now live on nakedsecurity.sophos.com

, , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog