A new cyber threat is bringing down home routers.germany passes law claim End-to-end encryption.Elon Musk receives harsh rebuke from federal judge as reports expose insanity in tech hiring practices, US government responds with his SQL injection attack, and more from The X-Files – Musk is there
These articles and more are featured in the “Check References” edition of Hashtag Trends. I'm your host, Jim Love. So let's get down to business:
A major new cyber threat has been revealed targeting routers and smart home devices around the world. Researchers at telecommunications company Lumen Technologies have revealed details of a massive hacking campaign that has already infected tens of thousands of vulnerable devices.
Hackers have resurrected the infamous botnet known as TheMoon, which researchers thought had been destroyed years ago. In just 72 hours earlier this month, more than 6,000 of his Asus routers were infected.
But that's just the tip of the iceberg. Lumen's investigation revealed that TheMoon compromised over 40,000 of his routers and smart devices across 88 countries between January and February.
Many of these infected gadgets are currently being used to power a criminal agency service called Faceless, allowing users to disguise their identities and conduct malicious Internet activities. .
Experts believe TheMoon's resurgence is related to cybercriminals finding new ways to cover their tracks as law enforcement ramps up investigations into online criminal organizations. There is. Nearly 7,000 new users join the Faceless network every week.
Although the specific hacker is unknown, this is a disturbing and widespread trend. In the past two years alone, Lumen has witnessed seven separate campaigns from him exploiting vulnerabilities in poorly secured routers and other smart home technology.
For consumers, the advice is clear: keep your router's software up to date with the latest security patches. While Lumen currently blocks access to infected devices on the network, this evolving threat highlights how prevalent outdated and insecure connected devices are.
Sources include: Axios
In stark contrast to many governments' efforts to undermine digital privacy, Germany is taking a completely different approach by legislating a “right to encryption.”
While the US, UK and others are pushing for weaker encryption in the name of security, the German government is taking the opposite approach, drafting the first bill to require end-to-end encryption for messaging. are doing. , email and cloud service providers.
The bill, announced this week by Germany's Digital and Transport Ministry, would require technology companies to use strong encryption where technically possible to ensure confidentiality and protect users' fundamental rights. It is the content that makes it mandatory.
Digital rights activists have hailed the bill as a landmark victory in online privacy and data protection, an area where Germany has historically led the way with strict data laws.
The law states that “individual messenger services” will no longer be able to omit full encryption or only partially encrypt, unless there are legitimate technical restrictions.
Maximilian Funkekaiser, digital policy spokesperson for Germany's Free Democratic Party, said this was to prevent future encryption breaches following anti-encryption efforts such as the controversial “chat control” proposal. “This is a necessary measure.”
The bill still needs to pass through parliament, likely by 2025, but it comes as the German government bucks the global trend for encryption backdoors and client-side scanning capabilities. Those are praising the idea.
Ten years after the launch of encrypted email service Tutanota in Germany, the country is now poised to become the first country in the world to enshrine digital secrecy and the “right to encryption” in federal law as a fundamental civil right. is being arranged.
Source: Tuta
The US government is cracking down on SQL injection flaws once and for all.
SQL injection attacks have plagued websites and applications for decades, allowing hackers to maliciously access and manipulate backend databases. Now, U.S. authorities say they are fed up with companies shipping products with these “inexcusable” vulnerabilities.
In a new warning, the FBI and Cybersecurity and Infrastructure Security Agency are pressuring software vendors to begin formal code reviews and build security into the development lifecycle from the ground up.
Their call comes after last year's massive supply chain hack of Modefit file transfer software, in which a zero-day SQL injection flaw exposed the personal data of 95 million people.
SQL injection holes exist when user input is not properly sanitized and can maliciously modify backend database queries.
Although the problem has been well-known for more than 15 years, the government says such vulnerabilities remain widespread and unprotectable in new software releases.
Vendors are encouraged to incorporate “secure design” principles using techniques such as parameter binding that separate code from user input, rather than relying on weak sanitization filters that are easily bypassed by hackers. It has been.
In addition to encouraging improved coding practices, this alert encourages transparency and encourages companies to properly disclose SQL flaws using standard CVE systems so that customers can track their vulnerabilities. I'm looking for it.
Analysts say the government's message is clear: Companies that undermine established security fundamentals are putting the economy and national security at risk.
Source: The Register
A federal judge has dismissed Elon Musk's high-profile lawsuit against social media platform It seems that.
A lawsuit against the Center for Combating Digital Hate, an organization owned by Elon Musk that has been highly critical of the social network's handling of hate speech and misinformation.
In a scathing judgment, Judge Charles Breyer wrote that X's motive was clear: “to punish the defendant for his comments” criticizing the company, and perhaps “to deter others” from making similar criticisms in the future. He said there is.
The center had released a report accusing X, formerly known as Twitter, of failing to respond to hateful content, even those posted by premium users. It also claimed that racist and anti-Semitic posts were not addressed.
Mr. Musk's company sued the nonprofit last year, alleging that it waged a “scare campaign” to drive away advertisers, costing Company X tens of millions of dollars in lost revenue. The center accused it of illegally collecting data from the platform.
However, Judge Breyer dismissed the breach of contract and unlawful scraping claims, finding that X had not adequately shown its actual losses. He said that if the Center's report was defamatory, it was something else, but X carefully avoided making that claim.
The center said the landmark ruling will intensify efforts by public interest researchers to hold social media companies accountable for the hate and misinformation they host.
It's a scathing rebuke of Musk's sweeping legal tactics against one of his chief critics, and exactly the kind of thing Musk claimed his self-proclaimed “free speech” position supported. It's speech.
Source: The Verge
Is the employment of engineers in ruin? Hiring practices in the technology industry are facing increased scrutiny.
When it comes to hiring at big tech companies, it's a tale of two extremes.
On the one hand, there's Google's notoriously grueling interview process, which turns away highly skilled engineers. Ironically, the person they rejected was the creator of the popular Homebrew package manager used by many Google teams.
At Google, countless potential employees talk about interviews that focus more on theoretical questions and memorization than practical troubleshooting abilities.
Meanwhile, Meta is reportedly hiring candidates for key AI roles without conducting any interviews. This reflects the company's desperation to hire talent quickly amid the artificial intelligence arms race.
And just to stem the AI brain drain caused by the company's push into generative AI, Meta has seen CEO Mark Zuckerberg personally recruit talent from rivals such as DeepMind and create a luxury rivalry. I am presenting a proposal.
However, the hiring rush has seen Meta invisibly hiring candidates based solely on their credentials, raising eyebrows over screening criteria.
Dysfunction is not limited to these two companies. It also states that Amazon lays off engineers every two years, with the philosophy of constantly refreshing its workforce with new and exciting talent.
Big tech's hiring frenzy puts talent through the wringer or completely fails to properly evaluate it. And, of course, there are layoffs.
Just to check, does anyone else see a correlation between Google's hiring process and their failure to capture attention with something that captures the public's imagination?
In a world where we know your big advantage is your team and culture, this situation is an anomaly. We've said it before and we'll say it again – we are smart people-focused people. I'm sure you can do more than this.
Source: IndiaToday
And finally, The Daily Beast published an article about how seniors are being fooled by AI-generated fakes on Facebook.
According to research cited in the article, older adults are far more likely to be fooled by AI-generated images and sounds.
We were afraid of “conversations” with our children. Now, there's one more “talk” you need to have – with your parents.
There is one scam in particular that is on the rise. It's a fake child abduction.
If you think it won't happen to you, let me tell you, my father, a smart man, fell for a similar scam. Someone told me that my brother was in jail and needed bail money to come out. He sent them money. When he told me about this, he said he knew it could be fake, but would he take a chance?
With the advent of AI and deepfakes, anyone can and has been fooled. Here is a public service announcement. Most of our viewers may be quite knowledgeable, but please tell your friends. Retrieve the password with your child. If you don't have your password, ask for it because we absolutely cannot tolerate calls like this. Police call it proof of life. This is information only your children or grandchildren will know and is not something to put on Facebook. Think about it now, not when you or your parents get a call in the middle of the night.
Source: The Daily Beast and WCPO TV
And that’s today’s show…
Remind your friends that they can listen to audio podcasts from anywhere, including Google, Apple, Spotify, and even smart speakers. Also, if you like the podcast, please give us a good review. That's important. As you may know, you can find a copy of his show notes at itworldcanada.com/podcasts.
I'm your host, Jim Love. Have a wonderful Wednesday!
