Weekend Edition 52: AI Hype, Arm IPO, Security, Etc
Airbus Hacked
Mullvad Warns About MacOS Sonoma
NSO Group Spyware Appears on Russian Journalist’s iPhone
China Denies Banning iPhones
ARM IPO
Google Play Scans in Realtime Now
Win11 to Protect Enterprise Passwords Better
Starlink: Going Broke?
AI Luminaries Testify Before Congress Again
WE 1 – Airbus Got Hacked… Oops
Hudson Rock, one of the big names in the cyber security space announced that hacker “USDoD” managed to exfiltrate (steal) data from the major French aerospace company, Airbus. Hudson Rock did not learn of this through some form of forensic investigation, but through crawling through hacker forums online, where the hacker had made the claim that they had made this attack. They managed to steal employee and vendor contact information through a compromised account connected with a Turkish airline employee. This is a common threat vector, to infect an employee’s account with information-stealing malware, then sell that gathered info to someone else on the black market, who then carries out a more direct attack on the target. In this case, it looks like the employee likely downloaded a compromised pirated version of .Net and was infected by the RedLine malware, which then grabbed about 3200 contacts related to Airbus, then the hacker connected to the initial attack sold it to someone else, who directly hit Airbus.
This hacker, “USDoD” claims to have carried out a similar attack on the FBI’s Infraguard database system, which hosts information about roughly 80,000 people, ranging from business leaders, IT Pros, LEOs, military members, and government officials. Ain’t that just grand? They (we do not know if this hacker is male or female at this time) appear to have joined an emerging ransomware group. We will see what happens and develops from that partnership. We need to stay on top of these sorts of attack vectors, as according to this article, it they are an increasingly popular option for hackers. How can we do that? Try to make sure that our end users don’t expose themselves to unnecessary risk by installing pieces of software and whatnot which are unvetted, such as that instance of .Net which led to the attack on Airbus. How can we guard against this? As an IT guy, my gut says that centralization is a valid answer, but it is difficult to completely lock that down for end users, and also generates more work on the front end, as well as ongoing for IT professionals. I know, it sounds like I’m being lazy, and perhaps I am, but why would I willingly volunteer for potentially exponentially greater levels of that sort of work, moving forward? I’m not that much of a masochist. Do I see any other real alternatives, though? Not sure.
https://www.securityweek.com/airbus-launches-investigation-after-hacker-leaks-data/
WE 2 – Mullvad Privacy Company Warns of Problems with MacOS Sonoma
Mullvad discovered that the latest versions of MacOS have a critical flaw in their firewall implementation which breaks the popular privacy app. This also breaks many other VPN services, such as PIA and NordVPN, but ProtonVPN appears to be unaffected. The flaw appears to be related to packet filtering, so if your VPN or other network security tools do not require it in order to work properly, then you are probably fine. My personal take is that this was a shot across the bow for any Apple user who wants a modicum of privacy or security. This may be a mountain-molehill situation for me because I more or less hate Apple. I admit my bias, here, and if you have read or heard my commentary in the past, you know that. On the other hand, I was talking to Connor about this story and he has a significantly less cynical take on it. He sees this as more of a “happy accident” kind of thing, vs a calculated attempt to limit user privacy on Apple’s part. I don’t know. Not close enough to the developer space to have an educated opinion on the situation. Connor found a reddit thread about the situation where some users were saying that it had already been worked out. Maybe this is a fireless smoke situation, but time will tell, and I will follow up on this after the new version of MacOS actually hits the streets.
If you didn’t know, Mullvad is a privacy wonk’s wet dream. Connor will likely extol its benefits during the show, but know that it is not a paid spot or anything, just a couple of privacy-aware nerds geeking out over this really cool, open source focused privacy provider. They do not offer a subscription option, though you can pay ahead for as long as you want, at about $5.50/ month in cash, via credit card, or even BTC. The reason they do not do subscriptions anymore is that they do not want to keep any personally identifiable information from their users on hand. They are also 100% logless (which is crucial for any truly private VPN, because if they keep your logs on hand, they know exactly where, what, and when you have been online, and they could sell that info or even be hacked, then how private is that data, really?). Their servers are also 100% based on RAM, not permanent storage, which means that if the power is cut or the hardware is restarted, there is no data anymore. I used them for a month, and Connor, I think, has them in his personal privacy arsenal still, and enjoys/ appreciates them. As I said above, he’ll probably gush over them in the show, and I can’t entirely guess how that will go.
https://www.pcmag.com/news/mullvad-vpn-warns-of-critical-firewall-flaw-in-apples-macos-sonoma
WE 3 – Pegasus Spyware Used Against Exiled Russian Journalist
Here are the basic details:
Galina Timchenko, the exiled head of an indie journalism outfit which has been critical of Putin and his administration had her iPhone hacked back in February according to Citizen Labs.
Apple notified her of the attack back in June.
It was a tapless infection which apparently occurred during a private meeting in Berlin, with other exiled Russian independent media types.
It used an exploit called “PwnYourHome”, which was patched earlier in the year.
This is the first reported Pegasus attack against a Russian journalist.
No one seems willing to point a solid finger at which State in the area might be responsible, though it seems likely that it was Russia, who banned her media company back in January.
Ok, so let me weave this story just a bit:
First, in January of this year, the Kremlin officially banned Ms. Timchenko’s organization, Meduza in Russia, citing national security concerns. In February, there was a private meeting in Berlin between exiled Russian independent media company heads. Ms. Timchenko was present at that meeting, and at some point during those proceedings, her iPhone was infected with Pegasus spyware (whose parent company, NSO Group, based in Israel, has ties with US Ret. Maj. Gen. Michael Flynn), through a click-less exploit, called “PwnYourHome”. There are several former Soviet Bloc countries in the area, including her host state of Latvia, who have licenses to use Pegasus and have no ethical qualms with using it, but none of them have been conclusively linked to this first-reported attack. Apple did notify her of the hack back in June, at which time she got in touch with Citizen Lab, an EU watchdog group. They did forensics on it, and uncovered the use of the Pegasus malware. Apple has since patched that vulnerability. The article ends with a suggestion to anyone who fears that their phone may have been compromised (any more than it already as as an Apple human tracking device) to place it in “lockdown mode”, as that has been shown to limit malware’s access to the hardware and its data.
Lockdown mode greatly reduces the convenience factor of your iPhone, iPad, or MacOS computer by making it so most Messages attachments cannot be downloaded, links cannot be clicked or previewed, Safari will largely break, Incoming FaceTime calls will be blocked, No more shared Albums in Photos, No more cross-device connections with other Apple products without explicit permission, so syncing photos and whatnot is right out when any of your devices is in lockdown mode. This all makes lots of sense, because most malware wants to spread itself to other devices and individuals, and once it does that, to gather private data from them and from your devices as well, of course. You don’t just randomly get targeted with Pegasus spyware, it basically has to be a State-level actor in order to afford it, so unless you are a vocal partisan, hacker, or some other sort of high profile source of pain for a governmental actor, you will probably be safe from this kind of interference. Perhaps Connor has some other thoughts about that, in fact, I imagine that he is probably saying, “Hold on a minute, Matt…” or something that right about now.
https://www.pcmag.com/news/nso-group-spyware-found-on-russian-journalists-iphone-who-put-it-there
https://www.pcmag.com/how-to/how-to-secure-your-iphone-ipad-or-mac-with-lockdown-mode
WE 4 – China Officially Denies Banning iPhone Use
The CCP’s Foreign Ministry has publicly denied that their government has “officially” banned iPhone and other foreign-branded devices from use at work by CCP officials. They stated that there has been no rule, law, or regulation passed in China which explicitly bans the use of those devices by government officials. They went on to indirectly mock the US’s stance on Huawei and other Chinese companies by stating that they, “… protect foreign companies’ rights and interests in accordance with the law and strive to foster a first-class market-oriented, law-based and internationalized business environment.” Shots fired, much? They sound like a jilted lover, pining over the relationship that once was, but is no longer. The article goes on to speculate, much like some sort of gossip rag or tabloid would, about the possible existence of an “unwritten rule” in this regard. This is possible, maybe even likely, but when the whole thing that we talked about last week was allegedly based on a pair of “unnamed sources”, I have to question the reality of the whole scenario. Big side eye. X to doubt. I don’t know about you guys, but I’ve had enough of “news” being spun off from “unnamed/ anonymous sources, close to the situation”. So much nonsense has been created from spurious comments made by those sorts of people. Sure, there are moments when a whistle blower has be anonymous for personal safety, but I, for one, struggle with the printed libel and spoken slander that has been created to support false narratives about various public figures in this country. Time will tell if this is actually real or not.
https://www.pcmag.com/news/china-no-were-not-banning-iphones-for-government-workers
WE 5 – Well, Well, Well… Arm Filed for an IPO
Let me start at square one here: do you guys know what ARM is? It is the company behind the architecture of the SOC (system-on-a-chip) processors which power most of the mobile world. It originally stood for Acorn RISC Machine (yes, named for the creator of the BBC Micro and Master retro computer systems from the 70s and 80s), but has shifted over the years to meaning Advanced RISC Machines. They went public with about 10% of their shares on Thursday, raising nearly $5 billion and netting a valuation of $54.5 billion. That is huge. SoftBank (Japanese investors) still hold 90% of the company’s stock. They are concerned, and even talked, about RISC-V as a potential threat to their hegemony in the chip IP world, should the open source architecture continue to gain traction and be capitalized at the rate it is. They should be worried. I love the idea of RISC-V and think that open source technology is the future in general. Notice that RISC is a feature in both of these architectures. What is RISC? It is one of two ways to handle logic and command structures in processors of various kinds, the other is called CISC, and is represented by the x86-64 lineages of processors, such as are featured in most desktop, laptop, and server computers today. CISC stands for Complex Instruction Set Computers. RISC stands for Reduced Instruction Set Computers. The philosophy behind the various RISC architectures is that simplicity is better and to be preferred over complexity. These (RISC) chips tend to be far more power efficient than their CISC brethren, but in the past were not as fast or as powerful as CISC chips, which is why so much of the computing world is predicated on the Intels and AMDs of the world, rather than on Arm or RISC-V. That, and the marketing for x86 processors has been much more forceful than Arm or its relatives over the years.
WE 6 – Play Protect Now Scans in Real Time
So, you know how the Play Store has a malware scanning facility for apps that have been uploaded to its servers, yeah? Well, it is about to gain the ability to scan your sideloaded apps for problems as well. This seems like a good thing on the surface, but when you look closer at this development, it feels like more overreach from the tech giant. Then, I am considered a power user, if not a technician of sorts, and certainly an enthusiast. I know that that provides a different perspective than it does or would for most average users. Forgive my cynicism, here, but when Google’s whole MO is to gather data on its users to sell to advertisers (at the least) and to serve as a database for the 3-letter alphabet agencies (at the worst), I struggle to see anything they do as a net-positive. I mean, perhaps for security this is a good thing, but privacy, i just don’t see it. Then again, I am a big degoogling guy, so maybe that colors my stance there. I’m not unreasonable on that front, but personally, I want to be as private as I can be and still hold onto some form of modern convenience. I’d rather not have a big tech outfit watching my every action like hawk to monetize it in some way. I think wisdom is to help users to develop discernment about the apps they choose to use, but that is probably too much to ask, so just like with the Airbus story earlier, a centralized solution is probably for the best for now, as much as that concentrates power in the hands of too few, just so that average people can thoughtlessly use their devices. The bottom line is that I do not trust any of the centralized options out there right now. I just don’t have a better alternative right now. That irks me greatly. We need something to replace this until people as a whole decide to learn a bit so that they can do better in defending themselves from threats.
WE 7 – Windows Security *stifles laughter*
Microsoft is claiming that their enterprise clients can expect better password safety moving forward now. This update allows administrators to choose to block NTLM (New Technology LAN Manager) from connecting to systems via SMB (the Server Messaging Block, which allows file & print sharing on Windows networks) to prevent password cracking attacks. To be clear, this update does not completely block it, but rather prevents outbound connections to remote servers to stymie attackers attempts to steal the hashed user passwords on that system. This is a decently big deal in terms of Windows security, but when the OS is a rootkit in itself, I fail to see the purpose here. Perhaps I am too harsh on Microsoft, here, but I have my doubts. This is a decent step, but why is it being limited to only enterprise license holders? Oh yeah, they are the big money makers for Microsoft, so of course they would get the good stuff before the rest of us simple end users would. There are so many tweaks and whatnot that are locked to enterprise level licenses that the OSes almost may as well not be the same. I’m not saying that you should sink money into Microsoft’s ecosystem at all, though, those licenses are not cheap and are designed for Network and system administration professionals to set up and deploy across vast corporate landscapes, not Joe Blow PC user on Elm St. Personally, I think that all users should have at least a basic understanding of how their systems work, so that when something breaks, they have at least a basic toolkit to reach for to diagnose and repair it themselves. We lost that probably when the world decided that Windows was the future rather than something like BeOS or OS2. The process went from, “Oh, computers are just for nerds or gamers who know basic programming or hacking, to computers can be for everyone, and oh now we need a new class of technicians to fix these flawed, buggy, and oft-broken systems so that end users don’t need to know any of this stuff in order to use the computers we make”… Or something like that. That needs to be reversed. I know this is counter cultural, but let’s learn how to take responsibility for our things rather than simply simply using them until they break. That is one of my passions and informs all I do with Tech Freedom.
WE 8 – Is Starlink Actually Solvent?
Short answer: yes it is. It is well short of its original projected numbers from when SpaceX first spun the project off, however, it is solvent. They projected 20 million users for the service, with a revenue of ~$12 billion and an operating profit of ~$7 billion by the end of last year. Those were typical, pie-in-the-sky Musk numbers, the reality is that they had about 1 million users, a revenue of $1.4 billion, and operating profit of something less than that, if not a loss. I don’t like Elon, and think that he has a slightly above room temperature IQ, but has suddenly become some sort of marketing genius. I doubt very much that he ever wrote a single line of good code for X (later PayPal), and has never done any real work in terms of design for Tesla or SpaceX. I think that perhaps he came up with the names for the vehicles, but other than adding mystique to the companies he owns by being an alleged autistic wunderkind and fabulously wealthy through US gov’t subsidies and other corporate welfare measures, I doubt that he has added much tangible value to the companies he supposedly owns. Change my mind without resorting to propaganda.
https://www.pcmag.com/news/starlink-is-popular-but-is-it-making-enough-money-to-stay-afloat
WE 9 – AI “Luminaries” Testify Before Congress Again
In a closed session, former and current CEOs of Microsoft, Bill Gates and Satya Nadella, alleged tech wunderkind Elon Musk, Meta CEO Mark Zuckerberg, OpenAI CEO Sam Altman, Alphabet/ Google CEO Sundar Pichai, former Google CEO Eric Schmidt, Nvidia Chief Jensen Huang, and others spoke to a group of roughly 60 senators, headed up by Chuck the Schmuck (Chuck Schumer, the Senate Majority leader) on Wednesday. Elon spun it as potentially, “going down in history as very important for the future of civilization.” in a comment to a CNBC reporter just after the end of the meeting. The bottom line is that the legislators are trying to listen to big tech about this blundering monster that it has created by unleashing generative AI on the public before it was finished baking. Here’s looking at you, Microsoft, you greedy, data-grubbing monstrosity, you. You just couldn’t wait to mine all the more data with your freshly bought OpenAI tools, could you? Microsoft has created this insane rush to develop these AI’s by forcing Altman and company to release chatGPT to the public, arguably before it was ready. I don’t know, y’all. It seems to me that it would be simpler to have just practiced a modicum of patience around this issue, but they couldn’t help themselves, like a kid on Christmas morning, or a fat kid in a candy store (I was a fat kid, I can talk). Just pitiful, and now we are in a mess, where the government has to scramble to regulate this allegedly dangerous technology. I am still unconvinced that current generation generative AI platforms and their incredibly large datasets and algorithms are something we should be afraid of for the reasons that they say. I strongly caution against their use for privacy reasons, not because I am anywhere near convinced that we should fear them evolving into something that could take over the world. I never plan to use them at any point, if I can help it because of the inherent privacy issues presented by the technology, not to mention its penchant for “hallucinating” bad answers, or just completely missing the ball, so to speak.