TechLetters #80 - US offensive cyber operations in Ukraine war. MFA enforced for popular NPM packages. Vodafone tracking tech. Russia being hacked by whole world. Hostile extraterrestrial civilisation
Security
Multi-factor authentication now enforced for the most popular NPM software packages. Well, for the top500. This move will decrease the security risk of phishing or supply-chain compromise due to hijacking of accounts. Owing to the popularity and importance of those packages, this will improve internet security (e.g. from supply-chain risk… some packages were already hacked) as a whole.
US conducting offensive cyber operations in aid of Ukraine. This was stated by gen. Nakasone, the chief of US cyber army unit. To avoid being dropped under a bus, the US immediately afterwards stresses that offensive cyber operations do not mean that the US is taking part in direct activity vs Russia. Looks like someone could have been a little surprised.
Privacy
German Vodafone telecom operator deploys carrier-level tracking of their clients. TrustPid. To target ads. ‘Privacy notice' is not impressive, and it is not certain how privacy was really considered in the design. It seems the solution may be subject to popularisation… Will other telecoms follow and deploy this?
UK data protection authority chief thinks it's "regrettable". What? that after UK leaving the European Union, they no longer have a seat at the European Data Protection Board. “we no longer have a seat at the EDPB. I think that is regrettable, and I urge the Commission and the EDPB to recognise the importance of allowing independent regulators to work collectively regardless of the state of relations between our political masters”
Russia will make executives personally liable for cyber/information security. "it has been pentesting (finding vulnerabilities for a reward by “white hackers”) by the whole world for 3 months now". The government is aware of the recent "free audits" ... Specifically, the major hacking spree vs Russia.
Norway's statistics office to receive millions of receipts from food stores daily. State data collection. Purchase history is obviously a critical privacy-sensitive data with unique profiling and deanonymisation potential
Technology Policy
Other
An estimation of the prevalence of hostile extraterrestrial civilizations. Thought experiment. Probability of invasion is low, the author is calling for a world debate about communicating hypothetical extraterrestrial civilisations, since according to his calculations the risk is low. I wonder though if those hypothetical extraterrestrial civilisations are aware of his calculations.
Startup claiming to be close to a working quantum computer too optimistic? Beware of quantum snake-oil. It is highly unlikely that a useful quantum computer will be available anytime soon. Here's the scathing report. The quantum computer is apparently having difficulties with addition (1+1, 2+3). The company response is here (accusations of disinformation and meddling with financial aspects, like… short selling, and so on). To be clear, I don't have anything against legitimate R&D, it takes time which is obvious. I even appreciate and admire quantum tech research (I had a research paper in the domain).
Demonstrated Quantum Supremacy. Quantum computer performed a task outside reach for non-quantum computers, running a “BosonSampling” problem. Performed computation took 36 microseconds. It would take the best supercomputer at least 9000 years to achieve this task. This is an impressive result but keep in mind tha this problem is artificial. It is solely devised to test performance of quantum computation. It does not herald useful quantum computers anytime soon.
In case you feel it's worth it to forward this content further:
If you’d like to share: