TechLetters #20 - breaches, leaks, privacy attacks, Privacy of Privacy Sandbox, face recognition to detect covid status
Welcome to next TechLetters.
Security
Post-spectre web security. Spectre is a real problem. Addressing it may sound difficult but at some point it will be unavoidable (link).
US Government Accountability Office. “Federal Government Needs to Urgently Pursue Critical Actions to Address Major Cybersecurity Challenges” (link)
UK breaches survey. “"Cyber security was a lower priority at the beginning because ... from the other directors’ perspective, it’s their job to keep the business running at whatever cost" (link). The median cost of a breach is £0 (and £500, for breaches that "led" to something undesirable). "Organisations that are breached, but are fortunate not to lose data or assets, therefore run the risk of systematically underappreciating the seriousness of cyber security breaches". Last year I explained why Covid19 is a unique cybersecurity risk.
Vendor breach information. Under new law discussed in the US, software vendors will have to inform certain important clients that a breach happened. What clients? Federal government. This already exists in Europe: NIS and GDPR breach notifications (if anyone pays attention to these).
Resourced Western hacking group. Who is responsible for the 9-month hacking operation that used 11 0-day exploits? Turns out, a Western government hacking group (some anti-terrorist op).
Russian hacking in Germany? A Russian group is said to have hacked the accounts of German parliamentarians. How is the “Ghostwriter” group operating?
specialised in producing fake news. The hackers thus gained access to popular news sites or blogs in order to publish fake articles or photos. In a message posted on a Baltic site on September 25, 2019, it was alleged that German NATO soldiers had desecrated a Jewish cemetery in Lithuania . The fictitious incident was illustrated with a manipulated photo.
A message dated June 7, 2018 incorrectly stated that a Lithuanian child had been run over by a NATO tank.
Privacy
Sandbox Privacy. My next look at Google’s Privacy Sandbox Federated Learning of Cohorts. I discuss a type of a precomputation attack and whether attackers could discover user’s web browsing histories (data leak).
the website of the European Data Protection Supervisor (edps.europa.eu) upon seeing the ID 635922175929346 could well reason that a particular visitor also previously visited another website, www.thecutecats.com. Thus, learning user’s web browsing habits.
Covid face scanning. UK pubs to use face recognition technologies to verify someone’s covid (including vaccination) status?
Technology Policy
Other
Fifth force of nature? Experiment at CERN has new results that might hint at New Physics. Paper here. One of the first descriptions here. If confirmed, that may be significant during our lifetimes.
That’s it this time, thanks!
In case you feel it's worth it to forward this letter further, I leave this thingy below: