Weekly Axis Of Easy #81
This week’s quote: “” …by ????
Last Week’s Quote was “Because things are the way they are, things will not stay the way they are” by Bertolt Brecht, winner: Kevin. (and one win per user per year, “The Gus Rule”. Sorry).
THE RULES: No searching up the answer, must be posted in the comments below:
The Prize: First person to post, gets their next domain or hosting renewal on us.
In this issue:
- China using Twitter history to interrogate dissidents
- DNS Hijacking ring targeting companies at “unprecedented” scale
- When your smart car monitors you and sells the data…
- Owners of Amazon’s Ring cameras may have been watched by strangers
- Amazon patents robot with a cage on top for a worker
- Handbook for recovering from a “maximum personal data disaster”
- UK to require ID to access pornography sites
Twitter is blocked in China and the majority of the population there cannot see it. However, as the New York Times reports, the Chinese government has recently begun a major crackdown on the relatively few users who utilize special software to access the social media platform (my guess is some form of VPNs). According to the NYT story, one man was detained for 15 days, another’s family was threatened by authorities, while another was chained to a chair for 8 hours and interrogated, all because of their tweets. This will reflect badly on their Sesame Credit scores…
Security firm Fireye released a report detailing an “unprecedented” wave of DNS hijacking attacks against various corporations which included manipulating records in order to obtain bogus TLS certs which could then be used to harvest login credentials of downstream users. The report outlined three separate attack vectors, two of which involve compromising the registrar or DNS provider of the target domain, the third involved a DNS proxy attack.
Having DNSSEC enabled would mitigate the third-type of attack, but for the first two, you really need to make sure your provider is secure, including multi-factor authentication and we highly encourage having your account protected by an Access Control List and event notifications enabled (see your account security settings.)
At the CES show this year it was all about the data. Your smart car of the future will monitor all kinds of things, including “undesirable behaviours” like not fastening your seatbelt, distracted driving or (in my case) screaming f-bombs at the radio news. But the end goal is to monetize that data, which we also reported on in November when Ford’s CEO put it in as many words. I’m sure the next logical step after those friendly alerts inside the car to reduce your undesirable behaviour will be to directly transmit it to your insurance company or local police. It doesn’t make any sense not to.
Last week we reported how the ACLU read an Amazon patent for their Ring camera subsidiary and concluded the intent was for use in a surveillance network. The Ring camera subsidiary story gets even better as The Intercept has been documenting in a series of articles.
The latest installment describe multiple lapses in security when Ring needed to provide access to outside engineers, in one case leaving every single video file recorded by all Ring cameras unencrypted and wide open in a world-accessible Amazon S3 bucket. In another case, US-based engineers were given access to a “super-user” mode in which engineers could view all cameras owned by a Ring customer by simply supplying their email address.
Speaking of Amazon patents, here’s another interesting one: the Seattle times noticed that Amazon was awarded a patent in 2016 that “fused man and machine” by putting a human in a cage atop a robot, for use in areas where there are many other robots around. It’s benign enough for the use case, but it reminded me of an old Whitney Streiber book in which he described how supernatural entities would want to intercept human souls after their death, harvesting them to make intelligent machines…
An excellent guide herein by an IT professional Johannes Ernst who found himself wondering after the California wildfires how one would recover their digital life in the event of a physical or digital catastrophe. He covers the failure scenarios ranging from suffering a disaster but being able to remember stuff (say, Facebook/Twitter suspending your account because they think you’re a Russian bot, thus cutting you off from, you get the idea), to suffering a disaster and being amnesiac (the proverbial “hit by a bus”).
Of course, integral to everything is having your data backed up (like via easyBackup, just saying’) and having a coherent scheme, which he lays out in detail, on managing your keys, recovery keys and meta data.
If you read nothing else from this issue, read this: https://upon2020.com/blog/2019/01/paradux-a-scheme-to-recover-from-maximum-personal-data-disaster/
It looks like by Easter of this year, British subjects will be required to provide a scan of their government ID or provide credit card details in order to pass age verification check before they can visit pornographic websites. It’s not entirely clear to me how this gets enforced, or what they plan to do about the soon to-be-burgeoning VPN industry in the UK, or even Opera (that has a built-in VPN) or Tor browsers. Nor is it clear who will decide what is a pornographic website. We all know most of them are obvious, but when the nanny state steps in, hilarity is sure to ensue.