Hello there, it’s monday which normally mean a new newsletter about some of the stuff i have come across since last time which this time include quantum stuff, semiconductors, NFT, abuse of anti-cheat files by ransomware groups, a interview with a initial access broker, more names of companies to add to the list of companies affected by the twilio breach and more.
Also, some corrections before I go I feel are in order. Last newsletter, which this time was 2 weeks ago due to career related stuff, i mentioned that the newsletter that week was particular short due to feedly, which i use for my feeds, was not functioning correctly and all news was marked as a least 17 days old, so it was hard for me to know what was actually recent and not.
However, while there’s many many problems with feedly(which i may write a article about some day) that problem seems to been on me and not feedly, as it turns out the system i used was 17 days out of date, so everything showed as being sent 17 days ago in places like discords, feedly, etc.
Now, considering that normally most times when you try access the internet the browser throws a tantrum if your system time or date is just slightly off, i have no idea how on earth the date managed to get 17 whole days out of whack without i noticed it before long time later, i guess my time was accurate, just not the date, but i would’ve figured with it being that far off, even that should have thrown some errors, so i am not sure why tbh.
Anyway, with that out of the way, time for me to go, so have a nice week:)
~Kazu
News Of Interests:
CHIPS Act lures Taiwan’s GlobalWafers to Texas
https://asiatimes.com/2022/08/chips-act-lures-taiwans-globalwafers-to-texas
Kazu: Countries that are behind most semiconductors are made in countries like china and taiwan, which as recent events have shown have possibilities to lead to certain challenges which can globally affect the EE industry, in a effort to try reduce possible risks associated with putting all the eggs in one basket, biden decided to sign a new Act called the " CHIPS Act" which subsidies nationally located factories in a attempt to get more of production back to US.
And it seems Taiwan based company "GlobalWafers” wants in on the action and plans setting up a new factory based in the US which when completed will be the largest in the world with plenty of room to expand even further if needed.
Tags: Technology, Semiconductors, CHIPS Act, Taiwan, Electronics, EE, Texas, news
China's Hainan to completely ban sales of ICE vehicles by 2030
https://cnevpost.com/2022/08/22/hainan-to-completely-ban-sales-of-ice-vehicles-by-2030/
Kazu: As one of the most populated countries in the world, China in general have for a long time suffered from the effects of regular combustion engines which have created a air quality which can only be classified as "Very Alarming" which have made the government very early on push the sales of NEVs, now Hainan, which is a island part of China, have said they will completely ban any sales of ICE vehicles by 2030.
And while the island may not have as bad of a problem with air quality as beijing, etc, the quality is still considered "moderate",. and this ban will likely help reduce it even further.
Tags: China, NEV, Ban, Cars, News, Technology
Animoca Brands’ Japan unit raises $45M at $500M valuation for NFT push
https://techcrunch.com/2022/08/25/animoca-brands-japan-funding/
Kazu: oh boy, seems there's still companies that try push NFT and Web3 crap, and it seems it start getting some inroad in JP despite the pushback from regulators which have decided to tax even unrealised gains to high heaven on crypto related finance, but with JP having such a huge entertainment culture, there's still very much incentives to try get NFT schemes going there and seems even Line, the messaging app commonly used in JP is getting in on it with their own NFT stuff.
The benefits NFT or Web3 are supposed to bring are things that are perfectly possible to do without that crap and I can't wait until they realise that NFT, Web3 and blockchain in general have no benefits, only cons. as you can not change or delete thing from it(a least not easily), so moderation or any kind of copyright problems for instance is impossible to deal with without breaking things,
Tags: NFT, Crypto, Japan, Technology, News
Sen. Ron Wyden Renews Calls to Encrypt Twitter DMs
Kazu: After the allegations by mudge in regards to the current conditions and situation within twitter which have seen such a rapid and wide usage that it have basically become part of people's life like your phone and email, this also means that many use the service to exchange sensitive information through the service Direct Messages function.
But it's not encrypted in any way and apparently, up to this point everyone at twitter have been able to access and read any user's DM's without any issues and controls in place preventing such a thing to happen. which is a very bad thing for sure.
And now people like "Sen. Ron Wyden, D-Ore" want to renew the calls to force twitter to encrypt it's DM's. although, knowing twitter, unless forced to do so and gun-point(which you can argue they are atm), likely not going to happen. but we will see what happens.
Tags: Twitter, InfoSec, US, Encryption
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
Kazu: You may not play any games, let alone heard of the game in question, but that doesn't stop it coming for you it seems. or at least, the Anti-Cheat portion of the game, which hooks into the kernel to monitor activity to try to prevent cheating in the game.
however, seems it have found its way into ransomware actors who abuse the Anti-Cheat Driver to kill AV's on the host, so unless you actually have the game(which you shouldn't if a company system) you properly want to add a alert if this file is found on the system...although, you should properly already have a alert when AV stops working, if you don't, then i don't know what to say, good luck i guess.
Tags: Infosec, Ransomware, Abuse, Anti-Cheat, DFIR, Malware
The number of companies caught up in recent hacks keeps growing
Kazu: as we all know(or don't) Twilio was breached a while back, which at first seems bad, but ok, should be manageable. turns out however, that many companies use twilio's service for phone verifications, which means, when twilio got breached, many other companies got affected as well( at least 136) and it soundly have gone from "Bad" to "Very Bad".
There's already been other companies announcing that they also have suffered from attacks related to the twilio incident already such as Okta and Signal. but now it seems 3 new companies join the list which are Authy, LastPass and DoorDash.
With so many companies affected, we will likely see more as time goes on unless all companies affected take actions to mitigate it.
Tags: InfoSec, Breach, twilio, Authy, DoorDash, Lastpass, News
Engineering, interviews, hashing, etc:
An interview with initial access broker Wazawaka
Kazu: Dmitry from Recorded Future has managed to snag an Interview with the "initial access broker" known as "Wazawaka" which seems to be very interesting and enlightening on how things work and thoughts on the other side of the legal wall.
i say "seems' ', as i got a stack of stuff to get through today, so i haven't been able to fully read through it properly yet, which I hope to get around to soon.
Tags: InfoSec, CTI, Interview, Ransomware, Access Broker, Wazawaka
China's Baidu reveals its first quantum computer called Qianshi
Kazu: China seems to be on the high speed highway towards Engineering evolution as China's biggest search engine, Baidu, have revealed that they have manage to create the first Quantum Computer which they call "Qianshi", however, currently it's still very basic and only accessible to a very small group of early clients, so it will likely be a while before we see something like it tackling big things with high availability.
The US and EU have also invested billions together to also try to create a Quantum Computer, but for now, it seems China is ahead.
Tags: Technology, China, Quantum, Computer, Baidu, news
Forget 5G wireless, SpaceX and T-Mobile want to offer Zero-G coverage
Kazu: Musk wants to bring satellite coverage around the world directly to ordinary cellular phones and has got together with T-mobile to try make this possible and recently had a live stream from starbase stage where the two of them talked about it in more details. SpaceX have launched satellite coverage for normal phones before for other mobile providers but these have been purely contract based while this will be an active co-operation between SpaceX and T-Mobile.
Personally I believe that while I have no doubt it is technically possible, I still have very much doubt about the near feasibility of some parts of the plan, unless they can get the transmission delay down to the same amount that you currently get with ground based methods, I struggle to see how normal people accept it.
There's also the case of saturation issues, it is well known that when too many people are gathered in one place the connectivity goes to shit. To combat this, new towers need to be installed to spread the load, which is easy to do at the ground but more challenging to do for space.
it's possible that this will not be intended for primary usage but more a last resort connection where the phone only tries to connect to space when everything else fails, in this case, the first problem may not be that much of an issue and the second problem is unlikely to often happen.
But there's also the fact that these satellites, for above mentioned reasons and others need to be huge with musk stating:
"the body of these satellites would be about 7 metres long, and the antenna would fold out to be about 5 metres on a side, or "roughly 25 square metres.", which is
which is bloody huge and with enough of them easily have the possibility to cover a large part of the sky, aka, blocking the sun, etc and would be really bad, so not sure they thought about the side-effects of those satellites much.
Tags: Space, Technology, T-Mobile, SpaceX, Elon Musk, satellites
The hmac-bcrypt password hashing function
https://github.com/epixoip/hmac-bcrypt
Kazu: when doing password hashing, there's many different ways to do it and some are better than others, one of the better ways is to use "hmac-bcrypt" which people like @jmgosney are heavily recommending. turns out however that many people do not know what that is, so to fix that problem, he(and his company) decided to document and standardise it as well as port it to 8 different languages which should help make use of it in your program a lot less painful and easier.
Tags: GitHub, InfoSec, hashing, password, programming