TechLetters #13 - tracking people, shutting down internet
Welcome to the 13th letter.
NIST doc. Enhanced Security Requirements for Protecting Controlled Unclassified Information (link).
Exploitation too easy? “Incomplete patches are making it easier for attackers to exploit users with zero-days” (link).
SolarWinds access used by China? We still don’t know who’s being the SolarWinds supply-chain campaign. But it appears at least one group has been found to use the capability… “software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers … Although the two espionage efforts overlap and both targeted the U.S. government, they were separate and distinctly different operations”.
Tracking rioters. It was possible to identify the people who entered U.S. Capitol. Based on digital location markers. So precise tracking. Oh, it’s equally precise in the case of most other smartphone users, too. “most consumers don’t know it is being collected”
Internet shutdown. Internet shutdown is ongoing in Myanmar. The reason is to to "help in the control" of ongoing protests.
Smartphones and medical devices. iPhone 12 powerful magnet may unfortunately deactivate implantable defibrillators or pacemakers. Keep the device away from implants. This sounds serious.
That’s it this time, thanks!
In case you feel it's worth it to forward this letter further, I leave this thingy below: