Weekly Axis Of Easy #35
In this issue:
- YAAF0D: Yet Another Adobe Flash 0-Day
- Firefox flaw allows remote code execution
- Privacy app Telegram dropped from iTunes Store after content violation
- Bell Canada Data Breach (again)
- Google abandons “Fact Checking” system
- Cargill invests in facial recognition software – for bovines
- Welcome to Bitcoin’s Trough of Disillusionment
When we originally “workshopped” the title for this newsletter, one of the candidates was “Another Flash 0-day”. The idea was similar to the hacker group “Scripters of Doom” newsletter of yesteryear, who would include one HP-UX root exploit in every issue. Our spin was that we’d lead off every issue with “another Flash 0-day”.
But the focus group thought that was “macabre” and set unrealistic expectations.
At any rate, here’s another one, discovered by KISA (Korea’s CERT) and since spotted in the wild by Talos Security, it uses a malformed flash object to download an additional payload from a compromised website.
If you’re not running Firefox 58.0.1 then you should upgrade now. Not to be confused with our recent reminder to upgrade to version 58 which included some fixes for Meltdown and Spectre, as well as default blocking of canvas fingerprinting. This next version fixes some “hidden” UI code which “easily” allows an attacker to run remote code on the victim’s computer.
The privacy messaging app Telegram had run afoul of the Apples iTunes “content guidelines” when it surfaced that the encrypted messaging app was being used to disseminate “inappropriate” content.
The issue seems to be related to Telegrams “broadcast” capabilities as opposed to its P2P messaging functionality. As we go to press, it seems to be back in the App Store.
Bell Canada is alerting affected customers after another data breach. Recall, last year approximately 1.9 million customer email addresses were obtained from Bell and said addresses soon surfaced on the Internet.
This breach, hackers were able to gain “names, email addresses, account user names and numbers, as well as phone numbers.”, but the scale was much smaller, said to be fewer than 100,000 subscribers.
Google has suspended its “Reviewed Claims” system, which attempts to display additional information about selected news publishers, citing complaints from the Conservative “Daily Caller” among others, alleging either bias or that the system was being gamed (a la Facebook’s “Fake News flag” which was also dropped last month).
I know some readers get their back up if we cite articles from some alternative outlets, but over the last few issues I’ve found it harder to find “neutral” coverage from “non-controversial” sources because the mainstream media is increasingly ignoring some of these important privacy issues, and that’s a problem.
Anybody worried about Net Neutrality should also be worried about exactly how Google, and Facebook, and Twitter plan to shape the content you see.
With all that said, I have to supply the source for this which is an article via Zerohedge, sorry:
Interesting blog about how the multi-national conglomerate Cargill has invested in an Irish AI firm that specializes in facial recognition software, for cows. The cameras can be deployed via CCTV or drones and monitor individual cows for changes in behaviour based on their facial expressions in order to scan for changes in health.
Technology like this will inevitably be used on people, of course, but it won’t be for the good of our health. Most likely it will be to protect us against harmful “wrong think”.
What a difference a month makes, if you’re paying attention to the price of Bitcoin that is. It looks to me like crypto-currencies are following the Gartner Group’s “hype-cycle” model and we just entered the “Trough of Disillusionment”, at least that’s what I posit in my latest instalment of Guerrilla Capitalism: