TechLetters #156 Happy NY; Triangulation advanced cyber espionage tool; Watermarking generative AI creatives; Be careful about quantum computing; Loss of availability due to security systems
Happy New Year!
Security
The Triangulation cyber espionage tool/malware. Turns out to be extremely advanced/fascinating. Certainly the ~most impressive piece in 2023, perhaps among the most impressive (known) cyber espionage tools in history? Collects all the data iPhone can provide (data, information about devices nearby, access to camera, instant messenger messages, photos…), and according to the CCC talk, there are signs that some of its components exist for more than 10 years. “exploits the remote code execution vulnerability CVE-2023-41990 in the undocumented, Apple-only ADJUST TrueType font instruction. This instruction had existed since the early nineties”. “unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it.”
Cyber Mechanism for Ukraine. "The Tallinn Mechanism aims to coordinate and facilitate civilian cyber capacity building to help Ukraine uphold its fundamental right to self-defence in cyber space".
Update on post-quantum cryptography Kyber515 strength. Not exactly exciting. "Kyber512 is claimed to be at least as hard to break as AES-128".
Stable signature-watermarks for generative AI creations. To track misuses, abuses, violations, or fakes. In ways algorithmically embedded in the model itself, not a graphical addition to the image “all the images it produces conceal a given watermark”.
Security is fragile, Keybase loss of availability. Keybase, an encrypted directory mapping with end-to-end encrypted chat stopped working, its certificate expired. This happened on New Years Even. What expired is deployed in software installs. It is insufficient to wait for a certificate update. Software must be rebuilt. Manual reinstallation is necessary. It was fixed around NY eve… The new certificate will expire in the year 6023. Let’s hope nobody forgets to update it again.
Privacy
Rumor mill. There are rumours of a movement for an update of the GDPR in the next years (next EP/EU Commission term starting in the end of 2024).
Other
Caution about quantum computing. Quantum computing is overhyped. It is not around the corner. Currently it is completely useless (no applications), and this won’t change soon. In other words: be cautious when reading/listening about quantum computers. Turn on the scam alert when reading or listening to any content related to quantum computers.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: