Episode 155 - The Really Late Show

This week in InfoSec (10:21)With content liberated from the “today in infosec” twitter account and further afield8th June 1989: The beta release of the Bourne Again SHell (Bash) was announced as version 0.99. 2 months later Shellshock was introduced into the Bash source code and persisted in subsequent versions for over 25 years.v0.99 release announcementhttps://twitter.com/todayininf....osec/status/16664875 June 1983: Would You Like to Play a Game?The science fiction film WarGames is released. Notable for bringing the hacking phenomena to the attention of the American public, it ignites a media sensation regarding the hacker sub-culture. The film’s NORAD set is the most expensive ever built at the time at a cost of $1 million dollars. Not widely known is that the movie studio provided the film’s star, Matthew Broderick, with the arcade games Galaga and Galaxian so he could get first-hand experience before shooting the film’s arcade scenes. Rant of the Week (17:16)Barracuda Urges Replacing — Not Patching — Its Email Security GatewaysIt’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.Barracuda tells its ESG owners to 'immediately' junk buggy kit Billy Big Balls of the Week (24:45)US govt now bans TikTok from contractors' work gearBYODALAINGTI (as long as it's not got TikTok installed)The US federal government's ban on TikTok has been extended to include devices used by its many contractors - even those that are privately owned. The bottom line: if some electronics are used for government work, it better not have any ByteDance bits on it. The interim rule was jointly issued by NASA, the Department of Defense and the General Services Administration, which handles contracting for US federal agencies. The change amends the Federal Acquisition Regulation to prohibit TikTok, any successor application, or any software produced by TikTok's Beijing-based parent ByteDance from being present on contractor devices. "This prohibition applies to devices regardless of whether the device is owned by the government, the contractor, or the contractor's employees. A personally-owned cell phone that is not used in the performance of the contract is not subject to the prohibition," the trio said in their update notice published in the Federal Register. The rule would apply to all contracts, even those below the "simplified acquisition threshold" of $250,000, purchases of commercial and off-the-shelf equipment, and commercial services so get ready to wipe those company phones, cloud services providers and MSPs that do business with Uncle Sam. AND