Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘cybersecurity

Russian Code

leave a comment »

 

Dobroye Utro. (That’s “good morning” in Russian.)

Russia has passed a new law which will ban the sale of certain devices that are not pre-installed with Russian software. Like smartphones, computers, and smart TVs.

The law is intended to promote Russian technology and to make it easier for people to use the gadgets they buy, but will not exclude Russian users from using non-Russian software.

Apple bean counters are in high heaven. Shipments of their AirPod wireless earphones are expected to double to 60M units by the end of this year, demand driven in part by the new $249 AirPods Pro introduced at Apple’s October launch event. Current wait times for the new version on Apple’s U.S. website: 2-3 weeks.

I remember a similar production issue 2 years ago when I bought my Gen 1 AirPods. The good news? I haven’t lost them, as feared, and they still work great.

Hacker Alert: Google has announced it will pay up to $1.5M for the “most severe hacks of its Pixel line of Android phones.” That’s up 7X over the previous top Android bounty.

This to help refine the Titan M Google-designed chip that carries out core security functions for the Pixel. We’ll see if anyone can hack it.

Happy weekend!

Written by turbotodd

November 22, 2019 at 10:45 am

What’s in a Domain Name Server?

leave a comment »

Happy Monday.

The news you need to know about this fine Monday morning (that doesn’t involve impeachment inquiries): Google and Mozilla are looking to encrypt the Internet domain name system (better known as DNS), which could keep bad actors from snooping on websites and spoofing.

But which could also keep ISPs from gathering user data because the browser session data would become opaque to them.

As a report in The Wall Street Journal observed, Google indicated it is making this move to improve users’ security and privacy and will leave consumers more in charge of who shares their Internet data.

Though ISPs are logically concerned by the move, so are the Three Letter Agencies, for which the move could make it more difficult to monitor Internet traffic.

And with Google operating its own DNS service, the story cites that some “are concerned that the DNS upgrade could ultimately concentrate too much off the Internet’s traffic in the hands of Google.”

Engadget is reporting separately that this move is “raising hackles among American officials” and that the U.S. Department of Justice has received complaints and the House Judiciary Committee is investigating.

Turns out the answer to the question “What’s in a name?” is, quite a bit.

Written by turbotodd

September 30, 2019 at 9:45 am

Out of AC/DC

leave a comment »

Happy Friday. Well, save for the cop in Fremont, CA last Friday night who had to halt a high-speed pursuit ‘cause his Tesla Model S patrol car ran out of battery. Doh!

Some security/privacy exploits on a Friday PM worthy of note.

First, the new Checkm8 jailbreak that apparently impacts all iOS devices running on A5 to A11 chipsets (Spoiler: That’s a lot of chips, ranging from the iPhone models ranging from the 4S to the 8 to the X…so, 100s of millions of devices).

The jailbreak exploits vulnerabilities in Apple’s Bootrom that grants phone owners full control over their device, according to a report from ZDNet. Be careful out there, boys and girls.

They’re also reporting some new malware called “Nodersok” that installs Node.js to turn systems into proxies so they can perform click fraud. That’s one way to drive up CPMs!

And, DoorDash has confirmed a data breach on May 4 that affected 4.9M customers, workers, and merchants…included last four digits of payment cards, driver’s license info, etc etc ad nauseum ad infinitum.

Yes, ladies and germs, you can’t even get a meal delivered anymore without getting hacked. Lost your appetite yet?

Bon Appétit!

Written by turbotodd

September 27, 2019 at 4:59 pm

Yankee Clinch

leave a comment »

Happy Friday.

Apple iOS 13 is now available for download.  I’ve been using an earlier beta for a few weeks, and while some have said it was buggy, I’ve certainly been digging the dark mode.

Apple’s also including some new (but some may say, annoying) privacy friendly features, like periodic pop-ups to remind you how many times an app has tracked your location (that could get interesting). 

You can also now give an app location access just once, and Bluetooth access now requires consent.  This is starting to sound like verbiage from the Fair Credit Reporting Act (but kudos on the privacy-friendly moves).

On a related front, ZDNet is reporting that 47% of organizations now have cyber insurance (up from 34% in 2017). And 57% of large firms with revenues over $1B have it compared with 35% of those with under $100M. The more they stand to lose, the more insurance they have@

Okay, I can’t let Friday PM slide home without a shout-out to the New York Yankees for clinching the AL East for the first time since 2012. Both they and the Houston Astros have 100 win seasons to date (and it’s the second time in a year that that’s happened for the Yankees). 

Remember, every game is game 7!

Written by turbotodd

September 20, 2019 at 12:41 pm

Stuxnet Two?

leave a comment »

The New York Times is reporting that a cyberattack against Iran in June took out a database used by Iran’s paramilitary arm used to plot attacks against oil tankers. The attack also degraded Tehran’s ability to target shipping traffic in the Persian Gulf, and Iran is still trying to recover information destroyed in the June 20 attack and get back online.

This attack came right around the time that Iran shot down a U.S. drone, a retaliatory attack for which the Trump Administration called off at the eleventh hour.

MIT Review reports the attack has had a lingering impact on the Iranian military’s ability to target oil tankers in the Persian Gulf, and noted the database wiped out belong to Iran’s paramilitary forces known as the Islamic Revolutionary Guard.

U.S. officials said there has been no escalation from Iran, but the Times reports there have been doubts about whether the benefits of the operation outweighed the cost — “lost intelligence and lost access to a critical network used by the Guard.”

The entire episode is reminiscent of Stuxnet, a cyber operation thought to be developed by the U.S. and Israel that targeted and destroyed controller systems for centrifuges in Iran’s uranium enrichment program — only this time at a much faster pace. 

Written by turbotodd

August 29, 2019 at 10:29 am

An Ounce of Cyber Prevention

leave a comment »

IBM’s X-Force IRIS incident response team has published new research based on recent cyberattacks they’ve been asked to assist on and are reporting that cyberattacks designed to cause damage have doubled in the past six months and that 50 percent of those organizations affected are in manufacturing.

Physical, meet digital.

Some of the malicious code — including Industroyer, NotPetya, Stuxnet, among others – aren’t just looking or stealing. These are search and destroy missions.

From the report:

In the past, destructive malware was primarily used by sophisticated nation-state actors, but new analysis from X-Force’s incident response data has found that these attacks are now becoming more popular among cybercriminal attackers, with ransomware attacks including wiper elements to increase the pressure on victims to pay the ransom. As a result of this expanding profile, X-Force IRIS noted a whopping 200 percent increase in the amount of destructive attacks that our team has helped companies respond to over the past six months (comparing IBM incident response activities in the first half of 2019 versus the second half of 2018).

Other key findings:

An analysis of real-world incident response data from X-Force IRIS paints a picture of the devastating effects of these attacks on companies. A few of the key findings include:

  • Massive destruction, massive costs: Destructive attacks are costing multinational companies $239 million on average. As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million).
  • The long road to recovery: The debilitating nature of these attacks requires a lot of resources and time to respond and remediate, with companies on average requiring 512 hours from their incident response team. It’s also common for organizations to use multiple companies to handle the response and remediation, which would increase hours even further.
  • RIP laptops: A single destructive attack destroys 12,000 machines per company on average — creating quite a tab for new devices in order to get companies’ workforce back in action.

What You Can Do With An Ounce of Prevention

  • Test your response plan under pressure. Use of a well-tailored tabletop exercise and a cyber range can ensure that your organization is ready at both tactical and strategic levels for a destructive malware attack.
  • Use threat intelligence to understand the threat to your organization. Each threat actor has different motivations, capabilities and intentions, and threat intelligence can use this information to increase the efficacy of an organization’s response to an incident.
  • Engage in effective defense in depth. Incorporate multiple layers of security controls across the entire Cyberattack Preparation and Execution Framework.
  • Implement multifactor authentication (MFA) throughout the environment. The cost-benefit of MFA is tough to overstate, providing significant cybersecurity benefit in reducing the value of stolen or guessed passwords dramatically.
  • Have backups, test backups and offline backups. Organizations should store backups apart from their primary network and only allow read, not write, access to the backups.
  • Consider an action plan for a quick, temporary business functionality. Organizations that have been able to restore even some business operations following a destructive attack have fared better than their counterparts.
  • Create a baseline for internal network activity and monitor for changes that could indicate lateral movement

If you find yourself in a cyberemergency, you can reach IBM Security at 888-241-9812 in the US and Canada, or (001) 312-212-8034 outside the US.

Written by turbotodd

August 6, 2019 at 1:09 pm

What’s In Your Wallet?

leave a comment »

“What’s in your wallet?”

Too soon?

The Capital One hack, a breach of 106M U.S. and Canadian customers, gave me flashbacks of the Equifax hack…you know, the one that led so many of us to freeze our credit reports.

What we know so far: A female software engineer in Seattle hacked into a server holding customer information for Capital One and obtained over 100M credit applications, as well as 1M+ Canadian social insurance numbers.

The New York Times is reporting that the bank expected the breach to cost up to $150M, including credit monitoring costs for affected customers.

The Capital One hacker, one Paige Thompson, was a former employee of Amazon Web Services and dropped signals in online fora and Slack that she might be the person behind the hack.

Back to Equifax: Just last week that company settled claims from the 2017 data breach for roughly $650M.

What’s in Capital One’s wallet? Ask again once the regulators are through with them.

Written by turbotodd

July 30, 2019 at 9:35 am

%d bloggers like this: