TechLetters #184 Book. CrowdStrike IT-catastrophe analysis. Germany vs China. Third-party cookies really need to be phased out. Homomorphic encryption in Apple ecosystem.
My 2nd book (PROPAGANDA) went to press/print! Out in October, pre-orders in September.
Security
Microsoft’s analysis of the CrowdStrike-caused global IT catastrophe. “a read-out-of-bounds memory safety error in the CrowdStrike developed CSagent.sys driver”. Now the question is: what would have to happen to detect such an issue prior to deployment… “any reliability problem like this invalid memory access issue can lead to widespread availability issues when not combined with safe deployment practices”. 360 analysis: “Through the analysis of the 360 team, the direct cause of the blue screen is actually the OOB Read during opcode verification. Although it seems that the memory cannot be directly controlled here, the virtual machine engine of `CSAgent.sys` is actually Turing-complete, just like the Dequ virus using the font virtual machine in atmfd.dll, it can achieve complete control of the external (i.e., operating system kernel) memory with specific utilization techniques, and then obtain code execution permissions. Therefore, after in-depth analysis, we found that the conditions for LPE or RCE vulnerabilities are actually met here”.
Germany vs China. Germany's Foreign Ministry summoned Chinese ambassador to Berlin due to a a 2021 cyberespionage campaign on the German government agency. First time China's ambassador to Berlin has been summoned since 1989. China says it’s not them, accusing German government of "anti-China political manipulation".
Privacy
Third-party cookies need to go away. The W3C Technical Architecture Group is calling to remove third-party cookies as harmful for privacy.
Apple introduces homomorphic encryption via Swift. A cryptographic technique that enables computations to be done on encrypted data without revealing the underlying unencrypted data in th process. For example during cloud computations. In short, the building blocks of privacy-preserving technologies, techniques or protocols. But there's more! Private Information Retrieval protocols! This allows building a database and retrieving information in ways that is private: only the client knows what information has been requested.
Using data scrapped from internet to train LLMs. Getting data to train large language models. This is an excellent description from HuggingFace about obtaining and formatting good quality data to train large language models. However, the approach to filter personally-identifiable information is extremely rudimentary. Assume that the data sets so constructed do contain private information.
Technology Policy
Turkey has blocked access to Instagram. After Turkish policymakers and internet regulator accused it of censoring posts on the death of Hamas political leader Ismail Haniyeh. .
Other
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: