TechLetters #181 Chrome & DMA. Russian propaganda system disclosed. Poland-Ukraine defense treaty promotes blockchain. Server-side tracking. Quantum sensors.
My case study analysis looking at Chrome preloaded extension and the potential implications due to Digital Markets Act.
Security
Critical vulnerability in RADIUS protocol. Allows forging authentication messages and unauthorized network access. This flaw is due from a protocol vulnerability exploited through an obsolete MD5 hash function, and a novel chosen-prefix collision attack.
Security services of Western States vs propaganda system. Disrupted Russian-run social media botnet farm utilising AI to generate content "in support of Russian government objectives". Profiles and domain names seized. Ran by ... Russia Today! AI-assisted tool used to disseminate disinformation to and about a number of countries, including the United States, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel.
Poland-Ukraine defense agreement about blockchain. Poland gives security guarantees to Ukraine in the event of future Russian aggression. It also contains content about blockchain, highly non-standard in such documents: "The Participants recognise blockchain technology as increasing citizens trust in public administration services and limiting the scope for abuse in the digital world."
Australia accuses China's Ministry of State Security of conducting advanced cyber operations aimed at foreign States. "global trend of using compromised devices, including small-office/home-office devices, as operational infrastructure and last-hop redirectors" Technical details.
Another remote code execution in OpenSSH. This time limited to RHEL (and unmaintained Fedora).
Sibanye-Stillwater mining company hit with a disruptive cyberattack. IT Operations and payrolls, but it's said that a smelter was brought to an automatic halt. Automation systems allegedly somehow impacted. Core mining operations work.
Privacy
Server-side tracking. Cookies are on the way out so companies consider other methods like server-side tracking. Very nice research about the technique. Hard to detect, inspect, block. Transparency issues.
Auditing messenger compliance with GDPR. I don’t agree with it all but this is a good approach.
All call and text records of telecommunication provider AT&T stolen. Due to a cyberattack. Really sensitive data. People shouldn't ignore this. When storing such data is mandatory including in EU due to national security reasons, it better be secured.
Technology Policy
EU Commission closes Apple antitrust case. Apple agrees to offer NFC access (contactless payments) to competitors. Good for competition.
Other
Quantum sensors moving from laboratory to commercial availability. The technology is near to being usable, unlike the much hyped quantum computers. Armies deploy quantum technologies, like quantum gravimeters. These devices measure falling, laser-cooled atoms to detect minute variations in gravitational pull. This technology may be used in geodesy, but also to detect the mass of adversary submarines. Gravimeters were being field-tested since 2019. Now is the time for commercialization. A game-changer in electronic warfare. Quantum-based navigation system may counter GPS spoofing and jamming.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: