AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/28/2020

Bot orders $18,752 of McSundaes every 30 min. to find if machines are working

Burgers, fries, and McNuggets are the staples of McDonald’s fare. But the chain also offers soft-serve ice cream in most of its 38,000+ locations. Or at least, theoretically it does. In reality, the ice cream machines are infamously prone to breaking down, routinely disappointing anyone trying to satisfy their midnight McFlurry craving. One enterprising software engineer, Rashiq Zahid, decided it’s better to know if the ice cream machine is broken before you go. The solution? A bot to check ahead. Thus was born McBroken, which maps out all the McDonald’s near you with a simple color-coded dot system: green if the ice cream machine is working and red if it’s broken. The bot basically works through McDonald’s mobile app, which you can use to place an order at any McDonald’s location. If you can add an ice cream order to your cart, the theory goes, the machine at that location is working. If you can’t, it’s not. So Zahid took that idea and scaled up.


Your Amazon Echo knows who’s talking to it, and answers just for them.

You’ve got an Amazon Echo, but if you haven’t set up voice profiles for everyone in your house, you’re missing out on personalized Alexa responses. When correctly set up, Alexa can distinguish between voices and can make calls from your contact list, play your favorite music and read your emails — and only yours. Alexa will soon also be able to detect when a child is speaking and switch to what Amazon calls Kids Mode. You’ll have to set up your child’s voice profile, and once it’s available, Alexa will provide kid-friendly responses, music, games and Alexa skills. Amazon says this feature will be available in the coming months.


Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption

Zoom says a key deal earlier this year helped it globally implement an important security feature at a time when the videoconferencing app became a household word. The company said Monday that it was officially rolling out end-to-end encryption (E2EE) for all free and paid users, and it credited the acquisition of messaging and file-sharing service Keybase as a crucial decision toward that milestone. “This has been a highly requested feature from our customers, and we’re excited to make this a reality,” Jason Lee, Zoom’s chief information security officer, said in a statement. “Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months.”


‘Among Us’ Mobile Game Under Siege by Attackers

The meteoric rise of the game Among Us appears to be outpacing its developer’s ability to keep up with malicious actors. On Sunday night, a specific ongoing attack forced InnerSloth, the company behind the game, to hastily roll out an update designed to kick bad actors off the game’s servers — likely along with some innocent players as well. Among Us takes place in a space setting, where some platers are “crewmates,” and others are “imposters” that live among us. As crewmates prepare their ship for departure, they must locate and eliminate the imposters before they’re taken out themselves. It so far has 5.3 million downloads on Google Play alone. InnerSloth is asking for patience while the company addresses this and other ongoing security concerns. InnerSloth is run by a three-person team consisting of one developer, one animator and game designer, and one artist. The game was released almost two years ago, but thanks to a long summer spent largely under quarantine its audience has exploded over the past few months.


Aftermath: software delivery now laser-focused on supporting ‘contactless enterprises’

The Covid-19 crisis caused many issues and wreaked havoc across enterprises, but for software development teams, it led to a dramatic laser-sharp focus on what the business needs and delivering as fast as possible. For many software teams in recent months, the emphasis of their work has shifted to support for the “contactless” enterprise, with an emphasis on digital transformation, DevOps, and automation. That’s the word from a survey of 347 software professionals and managers, published by Accelerated Strategies Group for CloudBees, conducted in August-September. The majority of respondents, 63%, note that digital transformation objectives have significantly or somewhat increased in priority. Other priorities, including business automation (62%) and the need for investment in creating contactless services (60%) have significantly or somewhat increased. 


Hackers briefly swap out a page on the Trump campaign site

With less than a week to go before the US presidential election, election security is a hot-button topic, and hackers have already struck. TechCrunch and the New York Times report that the About page on DonaldJTrump.com was briefly replaced by an unknown party. Gabriel Lorenzo Greschler grabbed a screenshot and video of the hacked page. In a message, it threatened to “discredit” Trump as president and said the attackers would choose to share or keep secret their incriminating data based on which option received more votes in the form of cryptocurrency sent to their accounts, as well as a supposed encryption key to verify their identity. It’s unclear how they pulled off the attack, or the seriousness of the threat, but the page was apparently up for about thirty minutes.

Related Posts