TechLetters #104 - French defence strategy skeptical about cyber deterrence. Russian military intel vs NATO country. Memory safety. Web browser security/privacy. Bigger quantum computers soon
Security
New French defence strategy says officially that cyber DETERRENCE DOES NOT WORK Here: “… application of a deterrent approach in cyberspace that would force any attacker to restrain himself against France is illusory”. Many suspect this, but States/people try. There’s also an important aspect of cyber-deterrence sanction move. Cybersecurity is a political aspect now, too. And politicians must be able to say or show that they are doing “something”. Aspects of cyber deterrence is definitely this “something” - they are perhaps not effective, but for sure flashy. This is why cyber deterrence is still useful. I said it here and here first.
Russian military intelligence targeting cyberattacks on Poland and Ukraine? The “ransomware” targets transport/logistics companies. Targets Poland (i.e. NATO) and Ukraine. Involved in cyberwarfare in the war in Ukraine. They use a new tool. The risk for countries supporting Ukraine rising, and this is what it looks like ...? "...risk to organizations supplying/transporting humanitarian or military assistance to Ukraine ... increased risk to organizations in Eastern Europe that may be considered by the Russian state to be providing support relating to the war"
>100 000 people who had their personal data stolen during the Irish HSE cyberattack will be contacted. The breach cost was around €100 million + €657 million for cybersecurity improvements. The human cost was not estimated.
Excellent document by Chrome about security checklists for new features. So: "all new features should be reviewed with particular care when it comes to their security implications". Example: "Prefer simple APIs". Simple, and so important. I have some related observations of lessons learned for privacy engineering based on some past cases (1, 2).
NSA recommends memory safety languages. “Using a memory safe language can help prevent programmers from introducing certain types of memory-related issues. Memory is managed automatically as part of the computer language; it does not rely on the programmer adding code to implement memory protections. The language institutes automatic protections using a combination of compile time and runtime checks. These inherent language features protect the programmer from introducing memory management mistakes unintentionally. Examples of memory safe language include C#, Go, Java®, Ruby™, Rust®, and Swift®.” ref
Privacy
WebKit/Safari to tighten the removal of cookies. Removed after 7 days if set via CNAME cloaking method (I'll write about it in 2nd toot). "the minimum matching subnet mask length to consider as "third party" or not is arbitrarily chosen to be half the IP address length (i.e. 16 for IPv4, and 64 for IPv6)."
Technology Policy
Other
IBM announces a quantum computer with 433 qubits. Impressive progress in the field (please note that it's still far from usable applications: "preparing the era of quantum usefulness"). 1000+ qubits in 2022? They want 4,158-qubits in 2026. Huge, huge progress since 2010.
In case you feel it's worth it to forward this content further:
If you’d like to share: