Weekly Axis Of Easy #197
Last Week’s Quote was “Until you realize how easy it is for your mind to be manipulated, you remain the puppet of someone else’s game.” ..was Evita Ochel, winner was Lonnie Simmons again, but he’s already won several times this year
This Week’s Quote: “You are neither right nor wrong because the crowd disagrees with you. You are right because your data and reasoning are right.”… by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.
|
Today’s Sponsor:Swan Bitcoin
The easiest, low stress way to garner exposure to Bitcoin is to dollar cost average a small amount on a regular basis. Swan Bitcoin enables you to set up a Bitcoin savings program that is easy, fits your budget and secure. With the Bitcoin dip, now is the perfect time to start stacking sats. Learn more here. Android apps leak data vs misconfigured cloud backends A report published by Check Point Research found that numerous Android apps leak personal data via improperly configured or inadequately secured cloud storage. Apps will frequently make use of virtualized cloud platforms to offload storage and be able to sync across different platforms. “According to CPR, the 23 Android apps examined — including a taxi app, logo maker, screen recorder, fax service, and astrology software — leaked data including email records, chat messages, location information, user IDs, passwords, and images. In 13 cases, sensitive data was publicly available in unsecured cloud setups. These apps accounted for between 10,000 and 10 million downloads each. ” The problem is that data is routinely left open or otherwise accessible on these cloud platforms (just look at the numerous data trove discoveries by Bob Dianchenko we’ve catalogued in these pages over the years. In one case CPR researchers were able to send a simple request to a taxi app’s database and retrieve messages between drivers, pick up / drop off details of passengers as well as their names and phone numbers. Read: https://www.zdnet.com/article/cloud-services-used-by-android-apps-exposed-data-of-millions-of-users/ Personal security app plans private security response There is a crime reporting and neighbourhood watch app called Citizen that enables people to report crimes occurring nearby and keep a watch on the area. Leaked internal documents obtained by Vice show that Citizen is even planning a private, on-demand security response service. Right now the app takes reports from residents and also monitors, transcribes and scans police band radio transmissions. It collates that data and generates alerts to subscribers. What the documents show is that they “plan to create a privatized secondary emergency response network“ and there have been telltale sightings of Citizen-branded police-type vehicles driving around Los Angeles. The company has purportedly pitched the LAPD “at a high level” to assist with emergency response given “the LAPD has been overrun with property crime, and the agency has effectively thrown its hands up because they don’t have enough officers on the street to respond to these sorts of calls.” It all sounds reminiscent of the original Robocop movie…. Read: https://www.vice.com/en/article/v7evbx/citizen-app-private-security-leaked-emails Belarus blogger and journalist snatched off of hijacked plane I happened to catch this one in near real-time as it unfolded on Twitter, first I see the tweet from Belarusian blogger and journalist commenting on fellow journalist Roman Protoplasmic being snatched off a Ryanair flight departing from Athens destined for Lithuania which was then hijacked by state security operatives and forced to land in Belarus: Tweet 1: “What we know so far: KGB operatives boarded the plane in Athens this morning together with Roman Protasevich (he noticed dodgy-looking ppl taking pics of him at the gate). Then when the plane has entered Belarus airspace KGB officers initiated a fight with the Ryanair crew. (1/2) Tweet 2: “Insisting there’s an IED onboard. Eventually the crew was forced to send out SOS (literally moments before the plane would’ve left Belarus airspace). MiG-29 took off and escorted it to Minsk. Security services entered the plane and arrested Protasevich. (2/2)” Protasevich is accused of fostering unrest in Belarus and claims to be facing execution if taken into custody there. Read: https://www.bbc.com/news/world-europe-57219860 Future AI’s could read your keystrokes In the future, you may be open to a new type of “shoulder surfing” attack that could be performed by AI’s using any kind of a camera. With the current trajectory of picture recognition, movement magnification and pattern analysis, future AI’s may be able to infer your key strokes (what you’re typing) simply by watching your hands move. There are already real world applications to this, the article notes a Romanian start-up called TypingDNA that could authenticate users based on their typing patterns. There is a company right here in Canada called Plurilock that does exactly this and has contracts with the US Department of Defence. Unfortunately, with the enhanced security capabilities tech such as this delivers, it can also be used against you: the AIs described in this piece could steal your data or compromise your accounts by analyzing your keystrokes, as opposed to authenticating the way these security companies do. Read: https://thenextweb.com/news/how-ai-could-steal-your-data-by-lip-reading-your-keystrokes I should probably disclose being an early stage investor in Plurilock since it’s publicly traded (TSX-V:PLUR) Krebs: Know the difference between a job offer and identity theft Krebs on Security ran a piece on a recent fake job offer scam that was being run via LinkedIn. Criminals post fake jobs and then after a perfunctory interview, inform the applicant that they have been hired, often on generous and flexible terms. The next step is to gather information, ostensibly to get them on payroll and onboard them. What it actually is doing is soliciting personal details such as banking information, drivers license numbers (asked for in order to clear a “background check”) and even credit card details. Some scams try to get victims to purchase equipment they will need, from the company. The shortlist on red flags to detect this sort of scam is listed as follows: -Interviews are not conducted in-person or through a secure video call. -Potential employers contact victims through non-company email domains and teleconference applications. -Potential employers require employees to purchase start-up equipment from the company. -Potential employers require employees to pay upfront for background investigations or screenings. -Potential employers request credit card information. -Potential employers send an employment contract to physically sign asking for PII. -Job postings appear on job boards, but not on the companies’ websites. -Recruiters or managers do not have profiles on the job board, or the profiles do not seem to fit their roles. Remember the old adage about something being too good to be true. Unfortunately with times being what they are, there are a lot of people desperate for that next steady gig. Read: https://krebsonsecurity.com/2021/05/how-to-tell-a-job-offer-from-an-id-theft-trap/ Dating apps being recruited for vaccination push In the US, dating apps are joining forces to incentivize vaccinations as the country targets a 70% vaccination rate by July 4th. Various apps including Tinder, PlentyOfFish, OKCupid, Match and others will be adding features and enhancements to profiles to denote those prospective singles who are getting or have been vaccinated. According to data compiled by OKCupid, vaccinated users receive 14% more pairings than those who are unvaxxed and don’t plan to get a vaccination. Read: https://www.axios.com/white-house-enlists-dating-apps-in-vaccination-push-2763bf0b-d1a5-4e7e-9050-ad22ea17d9d8.html Fauci says all origin theories should be investigated while media goes into CYA-mode None other than Anthony Fauci has changed his tune on earlier pronouncements on the origins of COVID-19 by now saying he’s not convinced that it couldn’t have originated in a lab leak and that all areas of investigation need to be pursued. The comment came in a video interview with Politifact’s Katie Sanders who asked him point blank if Fauci was convinced COVID-19 had a natural origin meaning a zoological transfer from bats. Fauci responded “no.” He then he spent a couple minutes talking down his exchange with Senator Rand Paul earlier in the week, when Senator Paul had grilled Fauci about co-operative research the NIH had been undertaking with China’s Wuhan Institute of Virology. He then returned to the question at hand and said: “No actually. I am not convinced about that, I think we should continue to investigate what went on in China until we continue to find out to the best of our ability what happened.” (Footage here, relevant exchange begins at 11m 54s) Politi-”fact” for their part, has found themselves retracting an earlier “fact” check they put out in September 2020. They called the idea of a lab leak “debunked conspiracy theory,” adding “The claim is inaccurate and ridiculous. We rate it Pants on Fire!” Now they’ve quietly inserted a back-handed retraction into the archived article, and removed it from their database of actively checked “facts.” As I write this today, the WSJ just reported on a previously unreleased intelligence report that three researchers at the Wuhan Institute for Virology became sick enough in November 2019 to seek hospitalization. I will also note that Zerohedge already picked up on this as far back as January, linking a US State Department Fact Sheet that cited illnesses within the Wuhan Lab. The state department document has since been removed from the website, it is archived here. YCombinator founder (and easyDNS client) Paul Graham also noted via Twitter that Vox stealth edited a March 2020 article debunking possible lab origin as conspiracy theory. (Stealth edited means they simply changed the wording of their piece without disclosing that they changed it.) Is it any wonder nobody believes anything (or conversely, people will believe anything) these days? We’ve entered into an era of journalistic nihilism. It is again important to stress that my ongoing The story is that until quite recently the official media narrative about lab origin was that it was categorically false and only entertained by alt-right, white nationalist Qanon incels. In so doing they’ve created a public square devoid of nuance. They’ve delegitimized themselves, undermined trust in journalism and thus made the mediasphere more receptive and conducive to conspiracy theories. Meanwhile, the mainstream media is in ass-covering mode (again) attempting to spin their deeply flawed and negligent coverage of this as unforeseeable, forgivable and blame it on (you guessed it), Trumpism. Read: https://thefederalist.com/2021/05/20/the-medias-covid-origin-coverup-campaign-has-begun/ I’ve never been a Trump supporter, I’m not a MAGA guy, but I’m beginning to suspect that institutionalized Trump Derangement Syndrome could have caused more all-cause fatalities than COVID-19 would have on its own. WSJ on Canada’s attempt to control free speech online Canada’s Bill C-10 may be on pause for now, but if it passes a review by Canada’s Department of Justice then it’s possible that the power to regulate internet content will be ascribed to the CRTC (Canada’s version of the FCC). The CRTC regulates broadcasting and the rationale behind C-10 is that the internet is a form of broadcasting and thus falls under the purview of C-10. Michael Geist has been covering this relentlessly, and former CRTC Vice Chair Peter Menzies has been indefatigably campaigning against this move. The Internet Society Canada Chapter, led by another ex-CTRC Commissioner Tim Denton has been trying to add some sanity to the proposition. Now we’re finally getting some coverage south of the border when Toronto Lawyer Ian Cooper penned an op-ed for the Wall Street Journal outlining how if passed, C-10 would grant the CRTC open-ended jurisdiction over all Internet content creators in Canada. Even AxisOfEasy would potentially be regulated and eventually required to obtain an license from the CRTC (never mind my Bombthrower blog, which will probably come under the “Internet Killswitch” proposed in another pending legislation because it tirelessly mocks politicians). If any of this sounds familiar, it’s because whether it’s acknowledged to be or not, this is pretty well the wish list proposed last year by the Broadband Telecom Legislative Review (BTLR) which we warned about here and introduced a petition into the House of Commons here urging the government reject the BTLR recommendations in its entirety. The petition flopped (a mere 5,000+ signatures) and the government is doing pretty much the opposite and running with the BTLR recos which we called “A Blueprint to Regulate Content.” Read: https://www.axios.com/white-house-enlists-dating-apps-in-vaccination-push-2763bf0b-d1a5-4e7e-9050-ad22ea17d9d8.html easyDNS Drops DOGE Payments A mere weeks after adding support for Doge payments, we dropped same because the Dogecoin joke just isn’t funny anymore. Some Doge advocates are making their case on why we should continue to support Doge, we’re open to entertaining it if we think there is a legitimate demand from within the client base. Part of the problem around Dogecoin is the completely misguided notion that it was somehow a viable alternative to Bitcoin, and I commented on Elon Musk’s flipflop in this matter over on Bomb thrower. Feel free to weigh in on Dogecoin in the comment thread on our post. Read: https://easydns.com/blog/2021/05/20/easydns-dropping-doge-payments/ |
Do you have RSS feeds for the #AxisOfEasy Channels?
If you do I haven’t been able to find them. Thanks.
I miss listening to the weekly updates as a podcast. Any plans to start recording these again?