This week in InfoSec  (08:40) 

With content liberated from the “today in infosec” twitter account and further afield

14th February 2001: In a presentation at Black Hat Windows Security Conference 2001, Andrey Malyshev of ElcomSoft shared that Microsoft Excel uses a default encryption password of "VelvetSweatshop".

https://twitter.com/todayininfosec/status/1757782275406622835

16th February 2004: The Netsky worm first appeared. It spread via an email attachment which after opened would search the computer for email addresses then email itself to those addresses. Its dozens of variants accounted for almost a quarter of malware detected in 2004.

https://twitter.com/todayininfosec/status/1758497889972576608      

Rant of the Week (5:10)

Air Canada must pay damages after chatbot lies to grieving passenger about discount

Air Canada must pay a passenger hundreds of dollars in damages after its online chatbot gave the guy wrong information before he booked a flight.

Jake Moffatt took the airline to a small-claims tribunal after the biz refused to refund him for flights he booked from Vancouver to Toronto following the death of his grandmother in November last year. Before he bought the tickets, he researched Air Canada's bereavement fares – special low rates for those traveling due to the loss of an immediate family member – by querying its website chatbot.

The virtual assistant told him that if he purchased a normal-price ticket he would have up to 90 days to claim back a bereavement discount. Following that advice, Moffatt booked a one-way CA$794.98 ticket to Toronto, presumably to attend the funeral or attend to family, and later an CA$845.38 flight back to Vancouver.

He also spoke to an Air Canada representative who confirmed he would be able to get a bereavement discount on his flights and that he should expect to pay roughly $380 to get to Toronto and back. Crucially, the rep didn't say anything about being able to claim the discount as money back after purchasing a ticket.

When Moffatt later submitted his claim for a refund, and included a copy of his grandmother's death certificate, all well within that 90-day window, Air Canada turned him down.

Staff at the airline told him bereavement fare rates can't be claimed back after having already purchased flights, a policy at odds with what the support chatbot told Moffatt. It's understood the virtual assistant was automated, and not a person sat at a keyboard miles away.

Billy Big Balls of the Week (22:06)
Australia passes Right To Disconnect law, including (for now) jail time for bosses who email after-hours

Australia last week passed a Right To Disconnect law that forbids employers contacting workers after hours, with penalties including jail time for bosses who do the wrong thing.

The criminal sanction will soon be overturned – it was the result of parliamentary shenanigans rather than the government's intent – and the whole law could go too if opposition parties and business groups have their way.

European companies have already introduced Right To Disconnect laws in response to digital devices blurring the boundaries between working hours and personal time. The laptops or phones employers provide have obvious after-hours uses, but also mean workers can find themselves browsing emailed or texted messages from their boss at all hours – sometimes with an expectation of a response. That expectation, labor rights orgs argue, extends the working day without increasing pay.

Right To Disconnect laws might better be termed "Right to not read or respond to messages from work" laws because that's what they seek to guarantee.

Industry News (31:45)

US, UK and India Among the Countries Most At Risk of Election Cyber Interference

Southern Water Notifies Customers and Employees of Data Breach

Cybersecurity Spending Expected to be Slashed in 41% of SMEs

GoldPickaxe Trojan Blends Biometrics Theft and Deepfakes to Scam Banks

Microsoft, OpenAI Confirm Nation-States are Weaponizing Generative AI in Cyber-Attacks

Prudential Financial Faces Cybersecurity Breach

Google Warns Unfair AI Rules Could Empower Hackers, Harming Defense

Hackers Exploit EU Agenda in Spear Phishing Campaigns

New Ivanti Vulnerability Observed as Widespread Security Concerns Grow

Tweet of the Week (39:24)

https://twitter.com/MalwareJake/status/1758454999380557885

Come on! Like and bloody well subscribe!