Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique

Share this post

Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique
Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique
TechLetters #106 Risks of hacking electric vehicle charging stations at a scale. Tracking abuses of Cobalt Strike at a scale. Regulation of vulnerability research depends on... elections outcome?
Copy link
Facebook
Email
Notes
More

TechLetters #106 Risks of hacking electric vehicle charging stations at a scale. Tracking abuses of Cobalt Strike at a scale. Regulation of vulnerability research depends on... elections outcome?

Lukasz Olejnik
Nov 28, 2022

Share this post

Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique
Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique
TechLetters #106 Risks of hacking electric vehicle charging stations at a scale. Tracking abuses of Cobalt Strike at a scale. Regulation of vulnerability research depends on... elections outcome?
Copy link
Facebook
Email
Notes
More
Share

TechLetters Insight: why hacking electric vehicle charging stations? My analysis. First Insight release. I’ll consider this an infrequent but periodic format. That said, I am not sure whether to have it unlocked from the start. I really need to consider some supportive format for this thing.

Share Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique

Security

Identifying cracked Cobalt Strike in use. Cobalt Strike is a cyberattack/cyberoperation combine harvester. Over the years, it got cracked and misused. "Threat actors rely on cracked versions of Cobalt Strike to advance cyberattacks". Maybe it’s worth to track its (ab)uses?

Privacy

Privacy/data protection and competition convergence? The French data protection authority will investigate the role/position of privacy in anti-competition proceedings/investigation/enforcement, and the role of competition in privacy. In UK this is also an ongoing process. And EU EDPS started the conversation in 2014.

Technology Policy

The final version of the preliminary draft report concerning spyware/Pegasus/etc. Completely cut out of details (previous details about curbs on vulnerability research/trade are purged). It now says that "the discovery, sharing and exploitation of vulnerabilities have to be regulated". Unclear how and would it work at all. However, it is even less clear whether the drafters realise the implications. Including for cybersecurity, but also for non-cyber security. At this moment there’s no proposal for a regulation. The soonest anything happens would be 2024/2025, if at all, because it would largely depend on the results of 2024 elections to the European Parliament. You read it right. Regulation of vulnerabilities could just become a political problem. Again? Might be different this time. On the other hand, perhaps nothing will happen out of it. We’ll know more in 2023.

Other

In case you feel it's worth it to forward this content further:

If you’d like to share:

Share

Share this post

Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique
Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique
TechLetters #106 Risks of hacking electric vehicle charging stations at a scale. Tracking abuses of Cobalt Strike at a scale. Regulation of vulnerability research depends on... elections outcome?
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Lukasz Olejnik
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More