KazukiLabs NewsLetter Vol. 3 Num. 25
Twitter: To be or not to be, that is the question. not even elon knows.
It's been a couple weeks now since Elon's takeover of twitter and by this time you would've figured that things related to twitter had started to slow down somewhat, Right? Right?
Well, you would've been wrong, as things are literally still changing by the hours and many things I planned to include in the newsletter and annotated on were not as relevant a day later or in some cases mere hours. so i have decided to just stop trying to include too much twitter related news unless it was in long form or likely would still be relevant later. So if you think i talk little about twitter, this is likely why
Also, i am not sure if i have mentioned this before, but if you are looking for a infosec/IT related community which are not discord, mastodon, twitter or stuff like that and you miss stuff like forums where you could take your time reading through things and responding at your own time, have a civilised discussion about things both big and small, or just being able to ask about something and have a chance of getting a answer to it without it scrolling away into the void for it to be lost for entirety, then checking out updatedsecurity.com may be what you are looking for which was just created recently and is growing by the day.
Also, short of a newsletter this time as well as i am busy with everything else as well, too much i start to slowly realise. Anyway, this time FCC want ISP to provide nutrition labels, Z-Library may be finish for good with arrest of the operators behind it, sweden have confirmed nord stream was sabotaged, DoJ have charged 10 people with health sector related crimes with some possible serious sentences, microsoft inventing ways to store stuff on quartz, someone found out how to steal mastodon credentials and more.
~Kazu
News Of Interests:
FCC orders ISPs to display labels clearly showing speeds and itemized fees
https://www.engadget.com/fcc-orders-isp-display-broadband-label-054900626.html
Kazu: Costs for Internet have been a confusing and often expensive mess to navigate trough which cause many to experience unneeded problems as the ISP's tries to milk as much money from you as possible while giving you as little as possible back.
Now FCC have introduced new rules that force all ISPs in the US to show an itemized and informative label on what exactly you are paying for and what the exact cost will be for everything both at sign up and in the future.
This should hopefully help make it easier to make an informative decision when signing up for a contract and should help save money for many people as they can see exactly the cost of everything and decide if it may be cheaper to switch or not.
Tags: FCC, Rule, ISP, Information, Legal, Technology, Network, News
10 Charged in Business Email Compromise and Money Laundering Schemes Targeting Medicare, Medicaid, and Other Victims
Kazu: DoJ have announced they have charged 10 people in US for Business Email Compromise and Money Laundering which targeted the health sector, and from the looks of it, most of them are getting the book thrown at them with most likely facing up to 20 and some even 30 years of sentence if convicted.
Tags: DoJ, Business email compromise, Money Laundering, Health Sector, Legal, charges.InfoSec, News
Nord Stream leaks confirmed as sabotage, Sweden says
Kazu: Sweden has conducted an investigation of the Nord Stream pipeline failure and have concluded that it was sabotaged by someone(take a guess) using explosives.
Tags: News, Sweden, Nord Stream, sabotage, Investigation
Stealing passwords from infosec Mastodon - without bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
Kazu: many people from infosec twitter have moved onto mastodon instances such as infosec.exchange and others due to this whole twitter mess going on at the moment.
but it's not just roses on places like that either, other legal and infrastructural problems aside, there's also security problems with the mastodon service itself which have yet not been discovered due to the lack of attention so far on it.
But now that more and more people are starting to use it, people are starting to find problems such as the ability to steal passwords from others without bypassing CSP.
Tags: InfoSec, News, Mastodon, Injection vulnerability, vulnerability
Z-Library operators arrested, charged with criminal copyright infringement
https://www.theregister.com/2022/11/18/zlibrary_operators_arrested/
Kazu: Not long ago part of Z-Library's infrastructure got seized by the Law Enforcements where the operators seemed to have managed to recover some of it back with the TOR sites and content servers seemingly still being unaffected.
However, it seems the latest news is that LE have managed to get ahold of the operators themselves which will likely put a final nail into ZL's operations for good and bad.
Tags: Z-LIbrary, Arrests, News, Law Enforcement, Law
New test shows loose RTX 4090 power connectors cause overheating and melting
Kazu: The new RTX 4090 are super fast and super awesome, it also melts everything not hot enough to take the heat, such as the power connectors if not properly seated, so if you got one, make sure that everything is firmly seated and not straining the connectors too much, or else you may end up with something melting.
Tags: News, Technology, Nvidia, RTX 4090, Melting
Other Things of interests:
I Was the Head of Trust and Safety at Twitter. This Is What Could Become of It.
https://www.nytimes.com/2022/11/18/opinion/twitter-yoel-roth-elon-musk.html
https://archive.ph/pYSke [Archive.ph link]
Kazu: After elon have taken over twitter there's just been way too much change on a hourly basis to know where to start when talking about it, but there's some interesting articles out there talking about what is happening and what could become of twitter in the future such as this new york times articles by the former Head of Trust and Safety at Twitter. which is an interesting read.
I have linked the New York Times article itself, but since it's behind a paywall I have also included an archived version of it from archive.ph.
Tags: Twitter, Elon Musk, trust and safety, Security, Disclosure
Project Silica: storing large amount of data in quartz
https://www.microsoft.com/en-us/research/project/project-silica/
Kazu: The amount of data we generate on a yearly basis let alone a monthly basis is staggering and much of this data we also want to be able to keep around for a long time, but the technology we currently have available makes things such as long time storage of data challenging, expensive and bulky.
enter "project silica", which is a project by microsoft to be able to store large amount of data on tiny quartz with possibility to store more then 7TB worth of data on the size of a dvd, and i am sure with the compression technology we have available, we can easily double that.
Tags: Technology, Hardware, storage, EE, Microsoft, information
Practical Guidance For IT Admins To Respond After Ransomware Attacks
Kazu: Found this write up which i figured would be nice to mention which aims to help provide IT Admins a practical guide on how to respond to Ransomware incidents, it's quite a long read and i haven't gotten around to read the whole myself, but seems to contain a lot of helpful information so i feel it should be worth the read.
Tags: InfoSec, Ransomware, How-To, Guide, Writeup, IT. Admins
Inside the Hunt for Russia’s Most Notorious Hacker
https://www.wired.com/2017/03/russian-hacker-spy-botnet/
Kazu: haven't had a chance to read this properly yet as it's quite a bit of a read, but it's interesting to read about the investigation into one of "russia's most notorious Hacker" and worth a read for sure.
Tags: CTI, Russia, Criminals, InfoSec, Investigation, long-form