#AxisOfEasy 206: Stop What You’re Doing: Apple iOS Edition

 

 


Weekly Axis Of Easy #206


Last Week’s Quote was  “Rhetoric is no substitute for reality,” was Thomas Sowell. I missed his birthday (same as mine) so I wanted to get one in belatedly. Winner was Thomas Gill.

This Week’s Quote:  “History is much more the product of chaos than of conspiracy.” … by??

THE RULES: No searching up the answer, must be posted to the blog– the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.



In this issue:

  • Stop What You’re Doing: Apple iOS Edition
  • Akamai DNS outage craters huge chunk of internet
  • Researchers inject malware into artificial neurons
  • Expired domain takeover spews pornographic ads across major websites  
  • Windows vulnerability enables any user to escalate privileges    
  • Amnesty releases tool to check if your phone has been infected by NS0
  • Serial swatter gets five years in prison for causing death of man
  • Vaccine hesitant? This may help set your mind at ease
  • France scales off vaccine passport after mass protests
  • Congress blocks bill to declassify COVID origin materials 
  • It’s like Shazam, but for bird calls…
  • Update on easyDNS Fold@Home team

 

Stop What You’re Doing: Apple iOS Edition

Poor Tracy. It seems every week these days there’s a better than 50% probability that after I send her AoE on Monday afternoons for editing and formatting, I have to send her a “stop the presses” type email on Tuesday morning.

Here we are again, as Apple released iOS 14.7.1 for iPhones and iPads and it contains a security fix for a vulnerability that is reportedly being exploited in the wild.

Their posting on the update says that under a vulnerability assigned CVE-2021-30807, submitted by an anonymous researcher:

“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”

The Hackernews thread on this contains some speculation that it could be related to NSO Groups’ Pegasus spyware which we’ve been reporting on last edition and this one.
In any case, if you don’t have automatic upgrades enabled on your iOS device, better go make sure you’re on iOS 14.7.1

Read: https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-affecting-iphones-and-macs-exploited-in-the-wild/


Akamai DNS outage craters huge chunk of internet

Another installment in the “it’s always DNS” trope came with an outage at Akamai’s Edge DNS service on Thursday the 22nd of July. It punched a large hole through the some of the biggest websites and services on the internet because people have an inexplicable inability to learn from other people’s foibles and thus fail to set up nameserver level redundancy until after they experience a catastrophic outage because of it.

Akamai’s RFO (Reason For Outage) says the mishap occurred after a bad software configuration update and was not a cyberattack.

We never tire of saying this: Everybody experiences DNS outages and every vendor is a logical Single-Point-of-Failure unto itself. No exceptions. Not if, when, and in some cases “how often?”

But that doesn’t mean you have to experience downtime when it happens. When you use failover at the nameserver level, like our Proactive Nameservers, you come through DNS outages like a pro. 
Learn more here.

Read: https://arstechnica.com/gadgets/2021/07/todays-massive-internet-outage-comes-courtesy-of-akamai-edge-dns/

And: https://blogs.akamai.com/2021/07/akamai-summarizes-service-disruption-resolved.html


Researchers inject malware into artificial neurons

According to a pre-print of a research paper released last week, it is possible to inject malware into the artificial neurons that comprise neural nets without them being detected.

Neural nets are meshes of logical circuits that endeavor to process information via machine learning. These neural nets and machine learning algos form the basis of what we call “AI.” As readers of this newsletter know, I am an AI skeptic in the sense that I don’t believe neural nets will ever become intelligent, much less conscious, as we understand it. (We can go down a separate rabbit hole about why I think that and I’m supposed to be writing a book about this, but at the moment that’s stalled.)

In the meantime, we have these neural nets which are the current standard of AI, which for me means “Algorithmic Imitation.” Some of these nets may become so good at this algo imitation that they can even beat the world’s greatest chess masters at their own game. That doesn’t matter, because they have no awareness of being able to do so.

But what can happen with the current state of the art is that they can be infected with malware. Researchers were able to replace as much as 50% of the neurons within an AlexNet instance, a standard AI engine, with malware that could then be used to compromise an organization deploying it. The infection went undetected by 58 of the most common anti-virus programs, while doing so still enabled the neural net to operate as expected.

Read: https://www.vice.com/en/article/bvzp78/researchers-hid-malware-inside-an-ais-neurons-and-it-worked-scarily-well


Expired domain takeover spews pornographic ads across major websites  

Here’s a case where an expired domain comes back from the dead to wreak havoc. A now defunct ad network using the domain vid[.]me (NSFW) to host publisher videos shut down and allowed their domain to lapse over four years ago.

As with the case of ad networks, client websites embed JavaScript in their content management systems and when something like this happens, it is very common for many of the websites to inadvertently leave the now broken JavaScript in place after the domain from which the ads or other assets is long gone.

According to the article, vid[.]me changed hands twice after it expired, and now redirects to an adult website hosting adult NSFW videos. All of the websites that still had the JavaScript embedded, sites like the Washington Post and Huffington Post, ended up displaying pornographic videos to their visitors. At the time of the Bleeping Computer article on this, days later, some sites were still serving the adult content.

Read: https://www.bleepingcomputer.com/news/technology/major-news-sites-serve-porn-after-vidme-domain-takeover/

This is yet another failure vector site owners need to be aware of and watch out for. We’re in the process of adding a new module to our Domainsure system that keeps track of outbound links on pages of your organization’s websites.


Windows vulnerability enables any user to escalate privileges    

Yet another new Windows vulnerability allows any local user on a Windows 10 or 11 system to escalate their privileges to an admin level.

There is a weakness in the Windows registry which allows non-privileged users to access the password hash (encrypted password) of admin users. Attackers can then take that encrypted value and use it in a “pass-the-hash“ attack to get elevated access.

pass-the-hash attack is one where an attacker doesn’t even need to know the password if they have its encrypted hash, they simply pass that encrypted value to an authentication system as-is to gain a session login.

Read: https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/


Amnesty releases tool to check if your phone has been infected by NS0

Last week we reported on new findings by Amnesty International, Toronto’s CitizenLab, and others that NSO Group’s Pegasus spyware, which is sold to governments who use it to target mobile devices of journalists.

Amnesty has now released a free tool that anybody can use to check and see if their own phone has already been compromised by NSO Pegasus. You’ll have to know your way around a shell to use it. It involves creating an encrypted backup of your mobile device, then finding the location of that backup file, then installing and running the tool on it for analysis.

The Verge article links to the instructions and also steps the reader through where to find directions for either version.

The tool has been released in both iOS and Android versions.

Read: https://www.theverge.com/2021/7/21/22587234/amnesty-international-nso-pegasus-spyware-detection-tool-ios-android-guide-windows-mac

The tool: https://mvt.readthedocs.io/en/latest/index.html

There is also this op ed in Haaretz by Indian journalist Swati Chaturvedi who was targeted by the Modi government and who had her phone hacked with Pegasus.


Serial swatter gets five years in prison for causing death of man

“Swatting” is the practice of making a fake 9/11 call to the police and telling them some kind of armed hostage situation is occurring at an address of either a random person, or somebody you have a gripe with. The local police department scrambles their SWAT team to that address and the people who do this think it’s a big joke. Sometimes the victim gets his head blown off or has a heart attack and dies. Then the people who do this stop laughing when they’re sent to prison, where they belong.

In Tennessee an 18-year old serial swatter was sentenced to five years in prison for his role in a swat attack that left its victim, 60 year old Mark Herring (a software pioneer who created Sparkware and QWIKMail) also from that same state, dead of a heart attack. Shane Sonderman initiated an attack after a months long harassment campaign against the victim in an attempt to get him to relinquish his Instagram handle: @Tennessee. When the police surrounded the man’s home and demanded he climb over a fence to approach them (his gate latch became stuck) the victim became so stressed at the situation that he went into cardiac arrest.

In handing down the sentence the judge remarked that Sonderman deserved more than 5-years in prison but he was getting the maximum allowable by law. As part of a deal, Sonderman was pleading guilty to one count of criminal extortion.

Recall that in 2018 serial swatter Tyler Barris “Swautistic” received 20 years in prison for his role in a swatting attack that resulted in a Wichita, Kansas man being killed by police.

Read: https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/


Vaccine hesitant? This may help set your mind at ease

Vaccine hesitancy is of large concern lately. I had mistakenly assumed it would be mostly a non-issue as such a large a chunk of the populace would rush out to get the jab without much cajoling. In the US vaccination rates have stalled out a little above 50% of the population compared to here in Canada where despite a slow start, we’re north of that.

Vaccinating young people is controversial, especially for anybody looking at the statistics who knows that school children were not a statistical transmission vector for Alpha strain. Delta is more contagious and hitting younger adults, but we don’t have much data on in-school transmission to know about children. We do see from fatality data finally coming in that it is looking like Delta has about 1/10th the fatality rate of the already pretty low Alpha (0.2% vs 1.9%).

Anyway, social media is alight with anecdotal stories of horrific side effects from the jab, and for vaccinating children there is the tragedy of Jacob Clynick, a 13-year old Michigan youth who died in his sleep two days after his second dose. This one is circulating like wildfire on social media. It is untouched by mainstream media. It looks like a real story in terms of the boy was real and sadly passed away unexpectedly. Apparently the CDC is investigating.

It’s so hard to separate the hysteria from the conspiracy from the trolls and the mainstream press is useless.  So I emailed Bert Hubert to ask him if he’d heard of any side effects and what his thoughts were, particularly toward vaccinating young people.

Readers may recall Bert (“Big Brain Bert,” as I think of him), came up in the DNS biz as the creator of PowerDNS and recently left the business. He crunches big data for astrophysicists and is now part of a civilian oversight board that reviews surveillance requests from Dutch law enforcement agencies. He put out some great YouTube videos about how mRNA vaccines work, and he was also among the first I had seen to be talking coherently about the efficacy of Vitamin D in prevention and treatment of COVID.

He got back to me with a couple of articles he wrote, in Dutch, but seem to translate fairly well if you run them through a translator in your browser.

The TL,DR according to Bert is this:

  • If you haven’t gotten COVID yet, you will get Delta or some subsequent variant at some point, practically guaranteed. (My aside is: you may not even notice, or there is a small possibility that it may kill or debilitate you, YMMV).
  • Myocardic pulmonitus – one of the much vaunted side effects of the jab, is something that occurs in 30% to 40% of all COVID cases anyway.
This second point was news to me as I was under the impression that this was some side effect out of deep space, as in “whoa, where did that come from?” In reality it looks to me like these are cases where the body begins to react in a way as if it really had COVID, which is what vaccines are all about.

Finally, speaking of long term side effects, and this is the one I am most worried about, Bert links a paper that states:

  • In all prior vaccines, 100% of all side effects surface within 2 months.
Said differently, in the history of all vaccines ever invented, there has never been a side effect that came to light more than 2 months after the vaccine was publicly deployed, and we are further than 2 months in with these ones now.

So in other words, the side effects we know about already are likely the full set of side effects. Those may be significant enough for some. It may allay the fears of others.

The two articles (in Dutch) are here:

Read: https://berthub.eu/articles/posts/corona-newsflash

And: https://berthub.eu/articles/posts/corona-delta-update/

What I really wish for was an easy path to getting tested for antibodies so I can figure out if I, like innumerable others, have already had COVID. Because as Bert writes in those articles, with a couple of the vaccines you should stop after one dose if you’ve already had COVID.

What I can say is this: Politicizing COVID was fscking stupid, damaging and negligent. Everybody is trying to muddle through this shitshow as best they can, and the government, Big Tech and the media have not been helping. At all. I lay the blame largely at the feet of the Triple Entente between Big Tech, Big Media and Big Government. There I said it.



France scales vaccine passport after mass protests

Last week we also reported that France was getting ready to make vaccine passports mandatory for anybody seeking to enter a bar or restaurant. It provided for six months in prison for those attempting to do so without one, and fines and prison sentences for up to a year on proprietors who didn’t enforce it.

Hundreds of thousands of citizens flooded the streets in protest and in some places, like Nantes, violence erupted and police had to disperse crowds with tear gas.

The French Finance Minister then came out and said the vaccine passports would only be required to enter shopping malls with indoor areas greater than 20,000 sq ft.


Read: https://www.express.co.uk/news/world/1464334/Emmanuel-Macron-France-protests-Paris-Covid-health-pass-latest-news-vn

Again, my solution to all this is to let people and business owners figure our their own risk tolerance for themselves. We have some companies that refuse to deal with anybody not wearing a mask and requiring proof of vaccination status, other businesses may say “come one, come all.” The outcomes of this would produce the most valid signals that would transmit through society. People are not stupid, all governments begin from the assumption that they are.


Congress blocks bill to declassify COVID origin materials 

Just in case Americans don’t already distrust in their government enough, the US Congress blocked a bill to declassify intelligence agency materials on the origins of the COVID-19 virus. The COVID-19 Origin Act was sponsored and tabled by Senator Josh Hawley (R-AR) where it passed unanimously. Senators across both parties voted for the Bill which was then shot down in Congress, failing by a vote of  216 to 207.

I did say already that politicizing COVID was stupid. Here we are.

Meanwhile, even CNN is reporting that,

“Senior Biden administration officials overseeing an intelligence review into the origins of the coronavirus now believe the theory that the virus accidentally escaped from a lab in Wuhan is at least as credible as the possibility that it emerged naturally in the wild.”

Read: https://thefederalist.com/2021/07/21/house-democrats-block-bill-declassifying-the-origins-of-covid-19/

And: https://www.cnn.com/2021/07/16/politics/biden-intel-review-covid-origins/index.html


It’s like Shazam, but for bird calls…

It almost feels like a whole new world was opened up to me when I came across a story on Hackernews about Cornell University’s free Birdnet app, which is like Shazam for bird calls. You record a bird singing nearby and the system tells you which type of bird it is and other information to learn more about it.

It may seem obvious, but I was pleasantly surprised that when I went to download the app to my phone I also came across myriad other ones, not just for birds, for plants too. Of course these exist! But when you’re mired down in the slog of reporting on what seems the worst abuses and clusterfscks of technology, this sort of stuff eludes me. I need to find more of it.

Read: https://birdnet.cornell.edu/

It also reminded me of the time I almost invented Shazam. I coulda been a contender…


Update on easyDNS Fold@Home team

It’s been awhile since I reported on the Team easyDNS Fold@Home status. Recall, Fold@Home is a crowd-cloud computing initiative to rope excess computing power into a gigantic super computer to execute molecular folding calculations in service of various medical initiatives. COVID-19 becoming the priority when the pandemic hit, which is when we spun up Team easyDNS.

I’m not sure if COVID is still the priority there now that vaxxes are here, but the project is still humming along swimmingly and there are still other diseases that need calculations such as Alzheimer’s and cancer.

G. David Frye provided an update in a previous issue of AoE:

“Team EasyDNS will, on Thursday if nothing unusual happens, pass team CANADA and drop into 190th place in the Folding@Home all-time rankings. EasyDNS ranks 86th in points per day, which is pretty respectable considering the number of large-scale miners out there who are donating cycles to folding. And everyone, EasyDNS included, appears to be generating a little less work product (maybe -10%?) the past 10 days, as though there’s some kind of systemic slowdown. I know there were a couple of days when GPU folders couldn’t get work units.”


To Mr. Frye’s point on general slowdown, I know for my part I had to power off ex-Monero-Rig because during the summer months it just heats up the office too much. However we can do one better than his prediction, we are in fact, currently in 189th place, worldwide.

Grab your excess CPU power, head on over to Fold@Home, and join Team EasyDNS, #248548 and let’s make a serious move for entering the Top 100 and advancing science at the same time!

View: https://stats.foldingathome.org/team/248458

5 thoughts on “#AxisOfEasy 206: Stop What You’re Doing: Apple iOS Edition

  1. The long term vaccine side-effects issue is nothing like as simple as your item “Vaccine hesitant? This may help set your mind at ease” presents.

    1) Viruses, by their very nature can trigger auto-immune disease and/or cancers. These may not emerge for years. All the vaccines so far developed for Covid-19 are of the type which introduces genetic material into healthy cells for express, just like the virus itself, and therefore have the same potential to induce auto-immune response. Hopefully, that risk is small. The younger the person vaccinated, the longer they have to live with the long-term risk.

    2) All the vaccines cause healthy cells to express the spike protein which is so helpful to the virus for invading a cell. The cels expressing it alert the immune system to the invasion and get marked for destruction. Innoculated tissue gets destroyed in the porcess.

    3) Some of the more worrying issues with Covid-19 seem to be caused by naked spike protein circulating in the blood (and they are small enough to cross the blood-brain barrier. All the vaccines can result in naked spke protein being released.

    4) For reasons (2) & (3) it is very important that the vaccine is confined to the inoculation site. Unfortunately, Pfizer’s own test data show that vaccine escape is not uncommon and it accumulates in certain tissues. One of those sites is ovaries, which should worry all young women and girls. Given this fact, I should say it would be irresponsible even to suggest vaccinating women under 55, unless they have a specific vulnerability to serious illness from Covid-19.

    5) The escape problem is particularly worrying for the Pfizer and Moderna mRNA vaccines, becasue they are packaged in lipids with no specificty for which cell types they will invade. In this regard the Oxford Astra-Zeneca vaccine has a traditional protein package resembling that of the virus itself, so it ought to confine itself to the the preferred cell-types of the virus itself.

    6) There is an issue with the inoculation protocol used in Britain (and which is likely to become a scandal when it becomes more widely known). The aspiration step is being skipped. This is supposed to test whether the needle has accidentally pierced a blood vessel, in which case the inoculation must be aborted, because the vaccine must not enter the bloodstream. The reports of unexplained blood-clots and heart attacks occasionally following the Astra-Zeneca vaccine are almost certainly due to accidental injection intp the blood-stream.

    Bottom line: There are good reasons why young, covid-non-vulnerable people, especially young women and girls, should not vaccinate against Covid with any of the currently available vaccines.

    1. Can you – or anyone – state unequivocally which young people are covid-non-vulnerable? I’m think it’s no one.

  2. My 90 year old father contracted covid after the first jab (I’m not sure which brand). He suffered through the typical disease progression, was never hospitalized, and recovered. Then one of his health providers decided he needed the second shot. He got the second shot and 3 days later a massive stroke from blood clots. This was in March. I think it’s better known now that during the 2-shot regimen you are more susceptible to contracting covid, and contracting it after the first shot might make the health care provider think twice about administering the second.

    This is only an anecdotal case. Nothing to see here. Move on and do what the authorities say.

Leave a Reply

Your email address will not be published. Required fields are marked *