My Weekly RoundUp #114
A lot of links this week!
Today let’s talk about #KKNPP, #DKIM, #DFIR and #TimelineExplorer, #iPhone, #Whatsapp and #NSOGroup, #Powertool, #Protonmail, #Unicredit, #linustorvalds, #guidovanrossum and #python, #themandalorian and #bladerunner.
It’s official, administrative network at Kudankulam Nuclear Power Plant was infected with DTrackSecurity Affairs
… the Kudankulam Nuclear Power Plant (KKNPP) was hit by a cyber attack. Some users are claiming on the social media that a piece of the ‘DTrack’ malware has infected the systems at the KKNPP.Security Affairs
The KKNPP is the largest nuclear power plant located at Kudankulam in Tamil Nadu, but personnel at the nuke plant has denied the incident.
The disconcerting aspect of the story is that the KNPP initially declared that its network is safe and that the control room of the nuclear power plant is not exposed online.
DomainKeys Identified Mail (DKIM) allows a person or organisation to claim responsibility for an email message by associating a domain name with the message.20i.com Blog
The purpose of DKIM is to authenticate that the content of any DKIM-signed email message is not modified during the transfer between sender’s or ISP (Internet Service Provider) and receiver’s mail servers.
DKIM signatures are produced using a private key by the sender’s mail server. They’re then verified by the receiver’s mail server by fetching public key via DNS query
Timeline Explorer 0.9.5.0 is out!
|Timeline Explorer||0.9.5.0||View CSV and Excel files, filter, group, sort, etc. with ease|
KTRW: The journey to build a debuggable iPhone
Doing security research on iPhones is hard, and in my opinion, much harder than it needs to be. Apple has done an impressive job locking down their devices, and while such security improvements are certainly welcome, it does mean that security researchers have to invest a lot of time and effort to create a viable research platform.Project Zero
The need to maintain a research platform can create perverse incentives for well-intentioned security researchers. One common outcome is that researchers will hoard vulnerabilities, only reporting some while keeping the rest for bootstrapping. This is of course less than ideal, since some of these vulnerabilities could simultaneously be used as 0-days to attack users.
Alternatively, many security researchers are able to acquire development-fused iPhones with hardware debugging features (SWD, JTAG) enabled, allowing them to debug the main Application Processor (AP) and some peripherals like the Always On Processor (AOP) and the Secure Enclave Processor (SEP). By halting execution in the bootloader, it is possible to patch the kernel to disable security features before the kernel has even had a chance to run. This makes these devices extremely useful for security research.
More recently, virtualization solutions have gained prominence in the iOS security research community. In principle, virtualization offers a way to conduct security testing on iOS without being subject to the hardware restrictions that prevent kernel modification. The caveat is that these products are often accessed over the web, which would mean that any experiments conducted on a virtualized device could in theory be visible to the company providing the service.
WhatsApp Says Israeli Firm Used Its App in Spy Program
WhatsApp sued the Israeli cybersurveillance firm NSO Group in federal court on Tuesday, claiming the company’s spy technology was used on the popular messaging service in a wide-ranging campaign targeting journalists and human-rights activists.The New York Times
WhatsApp, which is owned by Facebook, claimed in the lawsuit that an NSO Group program that was intended to piggyback on WhatsApp was used to spy on more than 1,400 people in 20 countries.
The lawsuit did not say who was using NSO Group technology to target WhatsApp users. But the area codes for a number of phones that had been attacked indicated a focus on people in Mexico, Bahrain and the United Arab Emirates.
PowerToys v0.12 now available!
We’ve just released our 0.12 release of PowerToys on GitHub. We’ve gotten tons of great feedback and suggestions from the community and want to directly say thank you to everyone.Windows Insider
For those who haven’t heard of PowerToys before, it’s a set of utilities for power users to tune and streamline their Windows experience for greater productivity. Inspired by the Windows 95 era PowerToys project, this reboot provides power users with utilities to squeeze more efficiency out of the Windows 10 shell and customize it for individual workflows. Check out this great overview of the Windows 95 PowerToys.
Got an early iPhone or iPad? Update now or turn it into a paperweight
If you own an Apple iPhone 5, iPhone 4s or one of the early iPads with cellular connectivity, your device is about to be turned into a vintage technology paperweight by the GPS rollover problem that we wrote about in April.Naked Security
Before we explain why, we should say it is possible to avoid this fate by updating your device to iOS version 10.3.4 (iPhone 5) or version 9.3.6 (iPhone 4 and iPads).
But there’s one critical detail – you must apply this update before 12:00 a.m. UTC on 3 November.
If you don’t follow this advice, the iPhone will, according to Apple, no longer be able to…
Maintain accurate GPS location and to continue to use functions that rely on correct date and time including App Store, iCloud, email, and web browsing.
So, losing the GPS stops the time and date being set, which immediately causes internet synchronisation problems affecting services that need to connect to remote servers.
In addition to the iPhone 5 and 4s, the iPads affected are the cellular-enabled iPad mini, iPad 2, and the third-generation iPad.
You can read the iPhone 5-specific warning or the one that includes the iPhone 4s if you want to confirm the worst in more detail.
ProtonMail iOS app goes open source!
We’re happy to announce that the ProtonMail iOS app is now fully open source.ProtonMail Blog
Now we’re taking the next step by open sourcing our iOS app. You can find the code on our Github page.
Mass cellphone surveillance experiment in Spain
Spanish Statistics Institute will track all cellphones for eight days (2 min, link in Spanish, via)Carlos Fenollosa
A few facts first:
– Carriers geotrack all users by default, using cell tower triangulation. They also store logs of your calls and sms, but that is a story for another day.
– This data is anonymized and sold to third parties constantly, it’s part of the carriers business model
– With a court order, this data can be used to identify and track an individual…
– … which means that it is stored de-anonymized in the carrier servers
– This has nothing to do with Facebook, Google or Apple tracking with cookies or apps
– You cannot disable it with software, it is done at a hardware level. If you have any kind of phone, even a dumbphone, you are being tracked
– It is unclear whether enabling airplane mode stops this tracking. The only way to make sure is to remove the SIM card and battery from the phone.
This is news because it’s not a business deal but rather a collaboration between Spain’s National Statistics Institute and all Spanish carriers, and because it’s run at a large scale. But, as I said above, this is not technically novel.
UniCredit breach affects three million records
Italian bank UniCredit has identified a breach of its IT systems affecting millions of customer records, according to breaking reports.Infosecurity Magazine
The lender confirmed on Monday that a file created in 2015 containing three million records relating to Italian clients had been involved in the incident.
However, no details which could give hackers access to these customers’ bank accounts or payment information had been accessed, according to Reuters.
That’s in contrast to a major 2016 breach disclosed two years’ ago in which 400,000 were accessed by attackers in September and October. They were only discovered around nine months later.
Since that time, Italy’s largest bank by assets claimed that it has “invested an additional €2.4bn in upgrading and strengthening its IT systems and cybersecurity,” according to the report.
UniCredit Bank Suffers ‘Data Incident’ Exposing 3 Million Italian Customer Records
UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers.The Hacker News
Officially founded in 1870, UniCredit is Italy’s biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17 countries.
What happened? — Though UniCredit did not disclose any details on how the data incident happened, the bank did confirm that an unknown attacker has compromised a file created in 2015 containing three million records relating only to its Italian customers.
What type of information was compromised? — The leaked data contains personal information of 3 million customers, including their:
– Telephone numbers
– Email addresses
Details for 1.3 million Indian payment cards available on the dark web
Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected that a huge database presumably holding the total of more than 1.3 million credit and debit card records of mostly Indian banks’ customers was uploaded to Joker’s Stash on October 28. The underground market value of the database is estimated at nearly $130 million.Security Affairs
The database under the name “INDIA-MIX-NEW-01” (full name: “ INDIA-MIX-NEW-01 (fresh skimmeD INDIA base): INDIA MIX TR1+TR2/TR2, HIGH VALID 90-95%, uploaded 2019-10-28 (NON-REFUNDABLE BASE”) has been on sale on one of the most notorious underground card shop Joker’s Stash since October 28, 2019. The database contains only credit and debit card dumps Track 2, while its name suggests that it holds both Track 1 and Track 2 records. Track 2 dumps can be used to produce cloned cards for further cashing out.
The Life-Changing Mysteries of Coding
This is what coding is: You type some special words into a text editor. It probably has a black background. Some of those words turn different colors as you type them. Once you’ve typed all the special words, you save, or save and build, or press compile. And then you look at the output…OneZero
Linus Torvalds: ‘I’m not a programmer anymore’
I don’t know coding at all anymore. Most of the code I write is in my e-mails. So somebody sends me a patch … I [reply with] pseudo code. I’m so used to editing patches now I sometimes edit patches and send out the patch without having ever tested it. I literally wrote it in the mail and say, ‘I think this is how it should be done,’ but this is what I do, I am not a programmer.ZDNet
Thank you, Guido
After six and a half years, Guido van Rossum, the creator of Python, is leaving Dropbox and heading into retirement. From the beginning, we knew Guido would be a great addition to our company. In fact, his contributions to Dropbox date back to day one. Our CEO Drew Houston’s very first lines of code for Dropbox were written in Python.Dropbox Blog
“What I love about Python is it just works,” says Houston. “It is so intuitive and beautifully designed. A lot of these attributes inspired my co-founder Arash and me when we thought about the design ethos for Dropbox.”
The Mandalorian – Official Trailer 2
“Mandalorian, look outside.
They’re waiting for you.”
Blade Runner: How well did the film predict 2019’s tech?
It’s November 2019 and Los Angeles is in a state of urban decay. The population has dwindled, and humans face a new threat from manufactured biological robots gone rogue…BBC News
Back in 1982, this is how Blade Runner director Ridley Scott imagined the world would be.
Thirty-seven years after the film was released, how accurate were its predictions about how technology would play a bigger role in our lives?
Here are some of the things the film got right, and others where it was way off the mark.