Reality is that which, when you stop believing in it, doesn't go away. (Philip K. Dick)
SecurityDiscovery.com and Cybernews have jointly found the largest collection of hacked credentials ever discovered. Containing over 2,500 data breaches with 15 billion records, this is a new record. As it contains multiple breached one must assume there will by duplicates.
This comes only a week after Techspot discovered over 71 million credentials and 25 million never-before-seen passwords.
The February issue of MIT Technology Review reviews a 51% attack on Ethereum Classic. The article also covers similar attacks on lower value crypto currencies and its progress to now attacking top 20 currencies. Also covered (again) are the current issues with Smart Contracts.
These issues represent the Damocles sword of Crypto Currencies, the openness of its approach is also its biggest weakness.
As you may remember the introduction of Apple’s M1 CPU’s there was a lot of discussion on the inclusion of the T2 chip and its impacts on upgrades and 3rd party HW. As highlighted in the article on Tom’s hardware, with some effort the RAM and HD’s in the apple Mac Mini with M1 you can (with nerves of steel) desolder both and replace them without issues.
I wonder how long before Apple blocks this?
An article on Arstechnica cover the case and prosecution of an ex-employee on: “In late March 2019, Wednesday’s indictment said, Post Rock experienced a remote intrusion to its computer system that resulted in the shutdown of the facility’s processes for ensuring water is safe to drink.”
Was discovered accidentally, could have contaminated the water supply to 1,500 retail customers and 10 wholesale customers in eight Kansas counties
As the world keeps on getting excited with IOT and the security (or lack thereof) is getting a lot of attention. Karl Marx famously stated that “History repeats itself, first as a tragedy, second as a farce” so a look at the same issues in current infrastructures such as remote terminal units (RTU) Programmable logic controller (PLC) and the latest discovery with the Ovarro RTU proves that the history like Stuxnet is an relevant exaple of the problems IOT will face.
Another example of the impact of the risks of synthetic trades on futures backfired spectacularly last week. A private hedge fund Archegos Capital Management (website currently down) defaulted on a series of Total Return Swap deals on ViacomCBS (among others) forcing a liquidation of shares and a subsequent couple of trading days. The scale of the default is still not known, but major financial institutions have issued loss warnings that are assumed is an outcome of the issue. As always: highly hedges give you profit if you’re good and major disasters if you don’t. For those old enough: Remember LTCM.
Update: A paywalled article from Wall Street Journal on the market impacts
The latest bit coin (actually Ethereum) craze to emerge is Non-fungible token or NFT’s, Simply put its’s an digital ledger containing digital assets, mostly art as digital: I.E. a ledger where the “rights” to the content is owned by you as a transferable asset. Several high value transactions are in the news such as Beeple and DJ3LAU recently, NFT’s are not as straight forwards as people think. An interesting article shows the ins and outs of buying and owning (or not) of FCC’s on Motherboard highlights some of the problems with this.
As the world wakes up to the threats of Malware it is worth pointing out that this is not a new thing. Hackernews has posted a very informative post going through the history and the trends and techniques used as this evolved as well as an overview of the main families and operators throughout its history
As you may already know a series of 0-day bugs have been discovered recently and are actively used by hackers globally. First used by a Chinese hacking crew Hafnium it has evolved into a bigger problem. Paul Kerbs has a nice timeline on this. Microsoft has now launched a one-click solution for admins that have not implemented the already released patches: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065,
Microsoft just made public the details on their DID implementation, ION, as their part of the drive towards decentralised Layre 2 authentication and control.
“We are excited to share that v1 of ION is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well”
