Weekly Axis Of Easy #141
Last Week’s Quote was “The final outcome of credit expansion is general impoverishment”, by Ludwig Von Mises, winner was Fabian Luttman. We’re also awarding a renewal to M. Lea, who was wrong in his guess but gets special recognition for knowing who Vincent R. Locascio was. If you don’t know who that was (few do), you should read his 2001 “Special Privilege: How the Monetary Elite Benefit At Your Expense” and 2005’s “The Monetary Elite vs Gold’s Honest Discipline“. You will look at what is happening today with a fresh pair of eyes (which you will then want to claw out of your own head).
This Week’s Quote: “It takes something more than intelligence to act intelligently” …by ????
THE RULES: No searching up the answer, must be posted to the blog.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
We have launched AxisOfEasy.com ! Today’s edition will be posted there and mirrored on easyDNS. Please help us get the word out and tell your friends and colleagues to check out the new website portal and subscribe to our various tendrils there.
Now that the #AxisOfEasy website is live, you can finally subscribe to the podcast companion to this newsletter via your favourite Podcast service (as long as that service isn’t iTunes, who has rejected it for some reason, we’re working on it)
If you’re wondering why you’re getting these and your .CA registrar was: ArcticNames, EgateDomains, LowCostDomains.CA, RegisterYour.CA, Aloak or DotCanuck, it’s because of our recent acquisition of the ArcticNames family of registrars.
We send this briefing out every week to keep you up to speed on important happenings in the technology space.
In this issue:
- Hacked video conference logins being sold on the Dark Web
- Apple and Google teaming up for Coronavirus contact tracing
- Eurozone Coronavirus surveillance efforts use mobile apps to track spread
- YouTube to quash Coronavirus / 5G content as rioters burn cell towers
- Zoom’s problems around security and privacy continue
- We totally messed up last week’s VPN article – here’s the real story
- Here comes dark_nexus: possibly the most potent IoT botnet ever
- Google Cloud storage experiences outage
- Team easyDNS continues to ascent the Fold@Home rankings…
With the massive shift to remote work globally, hackers are shifting their targeting. Two separate incidents have been reported by security firms of troves of video conferencing logins being posted or sold on the Dark Web. It goes beyond pranksters “Zoom bombing” calls for lols. Serious fraudsters can use stolen credentials to setup fake meetings and convince co-workers to share sensitive documents.
“If the attacker can identify the person whose account he has taken over — and that doesn’t take too much time, just use Google and LinkedIn — then the attacker can potentially impersonate that person and set up meetings with other company employees. This can be used for business email compromise (BEC) types of attacks, where the attacker can impersonate a person in the company and ask to move money. It can also lead to asking people to share files and credentials over the Zoom chat.”
Security tools used for penetration testing, such as OpenBullet, are now being used by hackers to locate vulnerable web conferencing servers and clients.
As per the WSJ:
“Apple Inc. and Google will build software together that would alert people if they were in contact with someone infected with the coronavirus, an unprecedented collaboration between two Silicon Valley giants and rivals.”
The way this would work is by embedding “contact tracing tools” into their respective personal surveillance and compliance beacons smartphones which would use bluetooth to log all the other beacons they come into proximity with. If anybody subsequently tests positive for Coronavirus then the other phones can search through their travel history to see if they came into contact with the infected. This will be all voluntary. And will only apply to coronavirus tracking. Of Course.
The article goes on to caution that this will no doubt “raise some privacy concerns”.
Over in Europe both France and Germany have undertaken initiatives to pursue COVID-19 tracking via specially designed apps for your personal beacons.
In Germany, the federal agency in charge of disease control has teamed up with a health-tech startup called Thryve to create an app Corona-Datenspende (which translates roughly to Corona data donation). The app works across most wearable platforms and gathers data based on wearers heart rate, blood pressure, temperature and certain socio-demographic data like age, weight and gender.
In France, the government has released a smartphone app called StopCovid which will be voluntarily downloaded and similar to the aforementioned Google / Apple piece, it will use the device’s bluetooth to track when people come into contact with somebody who is infected. One possible wrinkle here is that French law currently bars smartphone tracking, with several French lawmakers stating that they remain opposed to geo-tracking citizens.
One of the many tin-foil narratives circulating about the Coronavirus is that newly deployed 5G networks cause it to spread more virulently. Enough people believe this that it has resulted in people setting fires to multiple 5G towers in the UK.
People are going to believe stupid things, and the rational response is simply let people believe stupid things and to just deal with them when that translates into doing stupid things.
But now the tech platforms are stepping in and quashing content that discusses 5G and Coronavirus, and that to me is deeply troubling, for many reasons.
Here’s the shortlist:
- Material that discusses meta issues of the 5G and Coronavirus will likely be suppressed (like the ramifications of the narrative itself)
- Anybody who would otherwise actually undertake a serious analysis or peer reviewed study of it will be discouraged, or suppressed
- The pejorative timbre of the branding and suppression of non-conforming views taints all other non-conforming views, even those that might have some merit.
Zoom’s problems around security and privacy continue
The hits keep on coming for Zoom. After the litany of privacy and PR disasters we reported in last week’s edition of #AxisOfEasy, more bad news kept rolling in:
- Google has banned use of Zoom within the organization on company laptops
- Singapore has also banned Zoom after pranksters Zoom-bombed some online school sessions with pr0nography
- One of Zoom’s own shareholders has sued the company alleging they hid privacy and security flaws
In last week’s article on VPN provider tracking I fundamentally misunderstood the source material for that piece. The entire article regarding trackers, screen recordings, et al do not refer to the actual VPN tunnels you buy from these providers, they refer to the VPN provider’s websites themselves.
Apologies for this significant error in reporting. Thanks to Sean and others who pointed this out via the blog and email. We’ve posted a similar correction to last week’s blog post.
Here comes another virus spreading fast out of China, only this time it’s an IoT botnet called dark_nexus.
IoT botnets have been responsible for some of the most devastating internet attacks in the past. When DNS provider Dynect got knocked off the Internet completely, for an entire day, it was because of the Mirai botnet, which was comprised of IoT devices.
Researchers are tracking the spread of dark_nexus, which is at the moment, most densely concentrated in China. The botnet re-uses some code from the Mirai and Qbot infections but is mostly original code that is authored in a way to make it “particularly potent and robust”.
Original report: https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
Last week Google Cloud services crashed for awhile, I’d be exaggerating if I said it brought down the entire internet but it did take out a decent sized chunk of it, including Gmail, Snapchat and Nest. It’s the third such outage in as many weeks. This just goes to show that even the biggest most cutting edge companies can struggle to keep up with the surge in demand that global remote work is placing upon networks.
Google later attributed the outage to a router failure in Atlanta.
Team easyDNS continues to chug along and do its bit in collective efforts going on globally to undertake molecular folding calculations on behalf of the Fold@Home project, which is contributing the networked computing power toward Coronavirus efforts.
We now have five contributors who have generated over 1 million credits:
..and our team ranking is now 2,833 out of 250,246. Thanks to all who are joining the call, and if you want to get involved, head to the Fold@Home page and then join team #248458