Category Archives: Security

Awkward: Hacker’s ransomware attack code avoided computers set to use Cyrillic languages

Trustwave said the ransomware “avoids systems that have default languages from what was the USSR region. This includes Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian, Russian Moldova, Syriac, and Syriac Arabic.”

Source: Code in huge ransomware attack written to avoid computers that use Russian, says new report

My blogs are under attacks every day, all the time. I have had to set up multiple layers of security to defend against the attacks and to evolve those security levels often.

Criminals encrypted 1 million devices in $70 million ransomware attack

When these attacks become so large, at some point this will be seen a declaration of war, no different than bombing a country’s infrastructure:

The hacker gang behind an international crime spree that played out over the Fourth of July weekend say they’ve locked more than a million individual devices and are demanding $70 million in bitcoin to set them all free in one swoop.

The gang, the Russia-connected REvil, is best known for previously hacking JBS, one of the world’s largest meat suppliers, and briefly halting its operations across much of North America. But this attack’s potential scope is unprecedented, according to some cybersecurity experts.

Source: Hackers behind holiday crime spree demand $70 million, say they locked 1 million devices

1000s of companies, world wide, may have been impacted by this ransom-ware attack

Sweden’s Coop grocery store chain had to shut all 800 retail stores after the attack:

The number of victims affected by the attack is unclear due to a ripple effect of managed service providers, who have their own clients, that may have been affected as well.

Source: Software supplier hit with “sophisticated cyberattack,” potentially affecting thousands of businesses – CBS News

More details on Google’s forced install of Covid-tracking app on phones in Massachusetts

Massachusetts launched a COVID tracking app, and uh, it was automatically installed?!

Source: Even creepier COVID tracking: Google silently pushed app to users’ phones | Ars Technica

Not only was it automatically installed, it does not appear with in the apps listed on your device. You can only see it if you go to the Google Play store, look up the app, and it shows as already installed on your device. You cannot uninstall the tracking app.

Update – yeah, it was stupid, creepy and tone deaf:

Elsewhere in the United States, uptake levels of contact-tracing apps have been “incredibly low,” said Sarah Kreps, director of the Cornell Tech Policy Lab, which studies the politics of emerging technologies. She called the launch of MassNotify at this stage in the pandemic “somewhat baffling.”

“It seems to show a lack of understanding about public behavior with respect to these apps, which is that people are more likely to use them if they think that this pandemic is still going on,” Kreps said.

https://www.bostonglobe.com/2021/06/20/metro/massnotify-too-little-too-late-fight-against-covid/
Continue reading More details on Google’s forced install of Covid-tracking app on phones in Massachusetts

Google accused of forcing installation of Covid-19 tracking apps

Google is force-installing a Massachusetts COVID-19 tracking app on residents’ Android devices without an easy way to uninstall it.

For the past few days, users have reported that Google silently installed the Massachusetts ‘MassNotify’ app on their devices without the ability to open it or find it in the Google Play Store.

Source: Google force installs Massachusetts MassNotify Android COVID app

Apparently IRS tax returns are not secret anymore?

Perhaps we should all just publish our returns on the Internet and be done with the pretense of privacy?

ProPublica said it is not disclosing how it obtained the data, which was given to it in raw form. It is illegal for the IRS to give out the personal returns of any individual. ProPublica says it has the tax returns of thousands of the nation’s wealthiest people, covering more than 15 years.

Source: Billionaires including Jeff Bezos and Elon Musk avoided paying federal income taxes in some years, report says – MarketWatch

Do they have their medical records too?

Considering the Experian leak or numerous retail credit card leaks, it seems that privacy no longer exists. What does this mean, long term, if everything we have ever done, bought, used, paid as taxes, used as health care, or discussed on line, in text messages, is no longer private?

In the case of Experian, the leak itself was the story. Now, the media itself gleefully participates in the leak and ignores their ethical lapse in participation as a party to this leak.

UPDATE: This story isn’t going over well for Propublica. First, some question the media’s use of stolen, private tax records – that is a real story. Second, Propublica uses a tax calculation they invented – as if unrecognized gains should be taxed and compared to income taxes. Third, it is an agenda-driven propaganda piece pushing a “wealth tax”. This is not journalism – this is advocacy.

Propublica cherry picks data, confuses wealth versus income, invents their own tax calculations, and says 25 tax returns are representative of everyone[1] thereby creating an effective propaganda hit piece.

[1] “Is anecdotal evidence reliable? One reporter says ‘Yes'”

More suicide of expertise

Column asks, what if the Wuhan Lab leak hypothesis is true? What would that mean – a lot, probably.

And how did we get here?

Because if the hypothesis is right, it will soon start to dawn on people that our mistake was not insufficient reverence for scientists, or inadequate respect for expertise, or not enough censorship on Facebook. It was a failure to think critically about all of the above, to understand that there is no such thing as absolute expertise. Think of all the disasters of recent years: economic neoliberalism, destructive trade policies, the Iraq War, the housing bubble, banks that are “too big to fail,” mortgage-backed securities, the Hillary Clinton campaign of 2016 — all of these disasters brought to you by the total, self-assured unanimity of the highly educated people who are supposed to know what they’re doing, plus the total complacency of the highly educated people who are supposed to be supervising them.

Source: If the Wuhan lab-leak hypothesis is true, expect a political earthquake | Thomas Frank | The Guardian

Security: “Scheme Flooding Allows User Tracking Across Browsers”

A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor.

A security researcher has discovered a vulnerability that allows websites to track users across a number of different desktop browsers — including Apple Safari, Google Chrome, Microsoft Edge, Mozilla Firefox and Tor — posing a threat to cross-browser anonymity.Called “scheme flooding,” the flaw “allows websites to identify users reliably across different desktop browsers and link their identities together,” Konstantin Darutkin, a researcher and developer at FingerprintJS, said in a blog post published Thursday. FingerprintJS is the publisher of a well-known browser-fingerprinting API.

Source: Scheme Flooding Allows User Tracking Across Browsers | Threatpost

Irrational Covid Fears – The New York Times

It’s a classic example of human irrationality about risk. We often underestimate large, chronic dangers, like car crashes or chemical pollution, and fixate on tiny but salient risks, like plane crashes or shark attacks.

One way for a risk to become salient is for it to be new. That’s a core idea behind Calabresi’s fable. He asks students to consider whether they would accept the cost of vehicle travel if it did not already exist. That they say no underscores the very different ways we treat new risks and enduring ones.

Source: Irrational Covid Fears – The New York Times

Years ago, John Stossel proposed a similar scenario to an audience. He was aware of a new energy system that could heat homes at cheaper cost and reduce green house gases too. But it came with a risk: they estimated about 450 people would die per year due to issues with the technology in the home setting.

Would you approve use of this system?

Almost all of the audience said no – but then when audience member asked, “Is this by chance natural gas?” Which it was. It illustrates how we take some risks for granted – but new risks not so much.