Information Security & Occasional Forays Into Adjacent Realms
via Ophir Harpaz, writing at the Guardicore Blog comes highly concerning news of a nascent SSH botnet discovery by the security professionals at Guardicore, dubbed FritzFrog. Today's Must Read!
In what is certainly the single most fascinating and well-crafted piece on the taxonomy of organized crime in months; and it's present and future significance for information and cyber security professionals (and non-professionals as well) has risen to the top of Today's Must Read. Enjoy.
via Jon Brodkin, plying the writing trade at our beloved Ars Technica, comes this tale of the Federal Communications Commission's latest fail of note. This time, with the Communist Chinese. Read the Senate report, via the United States Senate's Permanent Subcommittee On Investigations. Today's Must Read.
'The Federal Communications Commission and other US agencies have failed to properly oversee Chinese telecom companies that operate in the United States, according to a bipartisan Senate report released today.' via Jon Brodkin, whilst scribing happily ensconced at Ars Technica
via Marc Weber Tobias, writing at Forbes, comes this superlative piece detailing consent inconsistency and other fundamental legal problems with Apple Inc.'s (NASDAQ: AAPL) Siri personal assistant. Todays Must Read.
via Ax Sharma - writing at Bleeping Computer, comes the tale of the unc0ver jailbreak flaw on all versions of Apple Inc.'s (NASDAQ: AAPL) iOS mobile operating systems - now at version 13.5.1. Today's Must Read.
via Quanta Magazine's Erica Klarreich, comes the story of Lisa Piccirillo's solution to Conway's Knot Problem. Behold, Ms. Piccirillo's proof. Today's MustRead.
'In the summer of 2018, at a conference on low-dimensional topology and geometry, Lisa Piccirillo heard about a nice little math problem. It seemed like a good testing ground for some techniques she had been developing as a graduate student at the University of Texas, Austin.' - via Erica Klarreich - writing at Quanta Magazine comes a story of brilliant grad student mathematician: Lisa Piccirillo
via the erudite Catalin Cimpanu (formerly reporting at BleepingComputer, now writing at ZDNet's ZDNet's ZeroDay blog) comes well-crafted and detailed reporting, targeting the recent identification of APT group called-out in the 2017 Shadow Brokers data dump (well known as the Lost in Translation dump)... Today's Must Read.
"Juan Andres Guerrero-Saade, a former security researcher at Kaspersky and Google, says that after identifying files linked to this signature, he believes signature #37 is actually for tracking a new hacking group altogether, which he believes might be based in Iran." - via Catalin Cimpanu writing at ZDNet's ZeroDay blog
Begs the question as how effective the company's 'Business Partners' security programs were, as well. Today's Must Read via The New York Times journalists Natasha Singer and Nicole Perlroth.
The next Fujiwhara Effect is 'slated' for April 14 2020 (tomorrow). In this scenario, the Effect is not related to cyclonic vortices adjacent to each other, but rather, the close proximaty in time, of multiple vendor announcements with multiple (per vendor) vulnerabilities to computational, internetworking and other activities. Mind you - be certain to don those nor'easter rain bonnets before crying for relief from the non-stop onslaught of vulnerability fixes on the 'nigh! Todays' Must Read.
via Raphael Satter, Jack Stubbs and Christopher Bing, writing at Reuters comes this well-crafted reportage, detailing a new malicous attack on the World Health Organization and mounted by currently-surveilled foul-villains-of-the-cyber-kind. Most Assuredly Today's Must Read.
'The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity. Urbelis said he picked up on the activity around March 13, when a group of hackers he’d been following activated a malicious site mimicking the WHO’s internal email system.' - via Raphael Satter, Jack Stubbs and Christopher Bing, in a report for *Reuters
A new (published February 24th, 2020) study - targeting web browser chattiness and privacy (whatever may be left, i.e.). Comprised of highly detailed data, and authored by Professor Douglas J. Leith PhD, School of Computer Science & Statistics, Trinity College Dublin, Ireland (Eire) is our Highly Recommended Monday Must Read.
Easily one of the to-the-point, no nonsense, network reconnaissance detection methods I have read appeared yesterday via the CYMRU Blog; obviously written with both great care and expertise, David Monnier's piece on Detecting Cyber Recon Using Network Signals is today's Must Read. Enjoy.
via Adrian Colyer (a Venture Partner at London, UK ensconced Accel, and writing at The Morning Paper comes a sperlative analysis of this outstanding scholarly paper entitled POTS: Protective Optimization Technologies - authored by Bogdan Kulynych, Rebekah Overdorf, Carmela Troncoso and, Seda Gürses - focusing on the examination of 'Algorithmic Fairness'. Todays Must Read. Citation, POTS: Protective optimization technologies, Kulynych, Overdorf et al., arXiv 2019 https://arxiv.org/abs/1806.02711
Citation, POTS: Protective optimization technologies, Kulynych, Overdorf et al., arXiv 2019 https://arxiv.org/abs/1806.02711
Well, there-they-go-again: The Spoilsports of mandated internet speeds - poo-pooing speed increases under discussion to-and-for the contemplated FCC-led Rural Digital Opportunity Fund - all in the name profits. Read it and Weep, me hearties. Today's Must Read and a finalist in this week's Big Cry.
via Joseph Trevithick, writing at The Drive, comes this fascinating report detailing newly discovered GPS Spoofing attacks as evidenced in and around Shanghai (evidence of the same attack end state in and around Sochi, Russia and Syria is also presented in this report) from C4ADS. All are today's Must Reads.
'"To be able to spoof multiple ships simultaneously into a circle is extraordinary technology. It looks like magic," Humphreys, the expert from the University of Texas at Austin, told MIT Technology Review. "People were slack-jawed when I showed them this pattern of spoofing [at the ION GNSS+ conference]. They started to call it crop circles."' - via Joseph Trevithick, writing at The Drive
Well then, quite likely, a singular fascinating read for information Information Security professionals (and those that aspire to such tomfoolery) (and, brought to my attention by the inimitable Dr. Drang). Without a doubt, today's Must Read.
via Shaun Nichols - writing at El Reg - comes this highly entertaining piece, detailing the 'steps' NordVPN is planning on taking to beef-up the company's deeply flawed security stance... Today's Must Read.
'"We are planning to use not only our own knowledge, but to also take advice from the best cybersecurity experts and implement the best cybersecurity practices there are," NordVPN head flack Laura Tyrell said of the campaign. "And this is the first of many steps we are going to take in order to bring the security of our service to a whole new level."' - via Shaun Nichols - writing at El Reg
via original research and class notes from Adam Hastings and Simha Sethumadhavan
via Adam Hastings (Adam is a PhD student at Columbia University) and Simha Sethumadhavan - Associate Professor at Columbia University, writing at the Association for Computing Machinery's (ACM) Computer Architecture Special Interest Group (SIGARCH) comes this well crafted piece asking 'Are Computer Architects to Blame for the State of Security Today?' Today's Must Read.
Note: Portions of the referenced matter includes original research and have been adapted from class notes on a grad class on Computer Architecture (Source) at Columbia University.
via John Preskill, writing at Quanta Magazine, comes this outstanding piece providing an explanatory flourish to his coinging of the term 'Quantum Supermecy' in 2012. Today's MustRead!
'The words “quantum supremacy” — if not the concept — proved to be controversial for two reasons. One is that supremacy, through its association with white supremacy, evokes a repugnant political stance. The other reason is that the word exacerbates the already overhyped reporting on the status of quantum technology.' - via John Preskill, whilst writing at Quanta Magazine, comes this tremendous explantory post
via Emily Baumgaertner, reporting for The Los Angeles Times, tells a tale of deep incompetence at the Department of Homeland Security (additional evidence of stupidity {with requisite bonus points} with revelations that data egress command source and destination are unknown, as is (of course) attribution, thereof. Most certainly Todays Must Read.
'The information — housed on a dot-org website run by a private contractor — has been moved behind a secure federal government firewall, and the website was shut down in May. But Homeland Security officials acknowledge they do not know whether hackers ever gained access to the data.' - via Emily Baumgaertner, reporting for The Los Angeles Times
