Hi there, time for a new newsletter.
Last week, the FIRST Organisation held a 2 day DFIR/Security related Conference with a CTI related workshop the day before in Oslo(Norway) which was a great experience where I got to meet many interesting people and watch many great talks.
This was also my first actual physical industry related conference, so i am happy it turned out as great as it did and very much looking forward to next year, although I must admit I felt slightly out of place being the only one not part of any organisations, hopefully i can fix that by next year(haha).
I originally was planning to only have a 2 weeks break, but due to how it turned out, i didn’t really manage to get around to writing a newsletter last week, so ended up with a 3 weeks break instead, oh well.
Anyhow, way too much have happened the last couple weeks to include them all, so here is some of them which include elon officially taking over twitter and already making problems, Australia health insurance company having their stuff stolen and ransomed, Reuters leaving open way too much data on elasticsearch databases, New optical chip make stuff go between places faster than ever (1.84 Pbit/s to be exact), Apple to switch to USB-C, VX-Underground manage to snag a interview with LockBit Admin and more.
~Kazu
News Of Interests:
Health insurer Medibank's data breach diagnosis keeps getting worse
https://www.theregister.com/2022/10/26/medibank_breach_update/
Kazu: Medibank, a private health insurance company in Australia initially reported that they suffered from an attack on their system but that none of their 3.7 mill customer's data was accessed.
However, after further investigations, it turns out that this was not true, which they found out when the attackers demanded payment for not releasing their information further.
And today came further news that "personal data and significant amounts of health claims data was accessed across all three brands", so all in all, things just seem to keep getting worse for them, and that is before any kind of fines and other regulatory trouble they will likely face on top of it.
Tags: InfoSec, Breach, Medibank, insurar, News
Thomson Reuters collected and leaked at least 3TB of sensitive data
https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/
Kazu: Seems Thomson reuters managed to leave a open database with sensitive information open for anyone to grab, originally, the researchers reported 3 open ones, but reuters said that 2 of them is supposed to be public while the third one 'only' contained "non-production server meant for application logs from the pre-production/implementation environment".
However, looking through the database, it appears to have a lot of sensitive data such as plaintext credentials to third party servers, logs from user-client interactions including mail, SQL queries, etc and by the looks of it, the latest data was still pretty recent.
Due to the size of the database, it's hard to tell exactly all it contained, but nonetheless something that shouldn't be exposed, that is for sure,
Tags: InfoSec, Data Leak, ElasticSearch, Thomson Reuters, News
Record-breaking chip can transmit entire internet's traffic per second
Kazu: Technology has come a long way from just 10-20 years ago, when I was young, internet was barely a thing with mb of storages and internet speed was both in the sub mb/s and expensive.
nowadays, you can get TB of storage on a tiny micro SD card and the internet is both extremely fast and cheap. and by the looks of it, things are not slowing down anytime soon, and as everything increases, so will also the need to be able to transfer huge amounts of data between places as fast as possible.
At a speed of 1.84 Pbit/s, which is a lot faster then the current global estimated bandwidth which is almost 1P bit/s, and with the engineers saying that they can make it go up to 100 Pbit/s, the speed of getting stuff around the globe quickly seems to been taken care of for the foreseeable future.....when it will actually come into use may be entirely different matter, which may be a long time.
Tags: Technology, EE, Record, Engineering, News
Elon Musk now in charge of Twitter, CEO and CFO have left, sources say
Kazu: Well, it's official, elon are now in charge of twitter, he says he want to make it into a "digital town square where a wide range of beliefs can be debated in a healthy manner"
AKA, less moderation and more objectively bad people being able to harass and inflict harm towards minorities for just existing.
He has already started to unban bad people apparently, so they again are free to make the place into a worse hellscape than it already is.
Tags: elon musk, Twitter, News, Tech, Acquisition
Greg Joswiak: Apple Will Have to Comply With the EU and Switch iPhone to USB-C
https://www.macrumors.com/2022/10/25/greg-joswiak-usb-c-iphone/
Kazu: Apple have for a long time tried avoiding the same legal requirement to use the same charging port for their phones as everyone else, which they have managed to do by shipping an adapter with their products. but now the EU have finally had enough it seems and now forces Apple to comply with using USB-C like everyone else instead of their own one which will hopefully make it easier for non-apple users to share power with apple users in the future which is a positive thing as far as i am concerned.
Tags: Technology, Apple, EU, USB-C, iPhone, News
Other Things of interests:
VX-Underground Interviews LockBit Admin
https://papers.vx-underground.org/papers/Other/Interviews/LB0-10-30.html
Kazu: VX-Underground seems to manage to snag themselves the admin of LockBit Ransomware for a bit of an interview, which is quite an interesting read.
How smelly managed to get him to agree to such is something that many people are wondering about, although I personally have couples ideas.
Tags: InfoSec, CTI, VX-Underground, Interview, LockBit
Why Signal won’t compromise on encryption, with president Meredith Whittaker [PODCAST]
Kazu: The president of signal, Meredith Whittaker, decided to sit down with "The Verge" to record a hour podcast talking about all things related to signal which is quite interesting listen, if you are not a fan of listening, then you can also just read the whole transcript instead, both which can be found in the link.
Tags: Signal, Privacy, Meredith Whittaker, TheVerge, interview, Technology, Podcast
Scanning phones to detect child abuse evidence is harmful, 'magical' thinking
https://www.theregister.com/2022/10/13/clientside_scanning_csam_anderson/
Kazu: i will not write alot about this since you can read the article, but as stated in it, while keeping everyone of all ages safe is important, scanning everyone's phones/pc's or breaking secure encryptions to do such, is not the solution and will lead to more harm than good.
Many people for it keep yelling about the kids as the reason for it, but as stated in the article, most people that have been prosecuted for offences are ones that did not start online but offline and more a failure of schools, parents and the system in general to detect such a thing in the first place and not the technology.
Tags: LAW, CSAM, Technology, Scanning, Encryption, Safety
3D Printed heat exchanger uses gyroid infill for cooling.
https://hackaday.com/2022/10/31/3d-printed-heat-exchanger-uses-gyroid-infill-for-cooling/
Kazu: Was browsing hackaday and came across this article and thought it was interesting enough to make a note of.
While I personally have no interest in stuff like heat exchangers and I am not much into 3D printing stuff, it is still interesting to see what is possible to do with the technology such as printing parts out of metal using geometrics that was simply not possible before which outperforms other conventional methods.
While the technology is still too expensive to make widely use of and which limits the amount of iterative prints possible, it does show what is currently possible and that with time as everything get’s cheaper and easier, we may start to see new and interesting designs which were not earlier easily, or at all possible but outperforms current methods.
Tags: Technology, Heat Exchanger, Metal 3d printing, Powder bed printer