by Paul Arnote (parnote)
The War On Your Privacy: Monthly Update
To be perfectly honest, things seem to have been really quiet on this front lately. All of the data worth vacuuming up has already been assimilated, or media outlets just aren't reporting on them as much as they were. I'm not sure which it is. This section of the Short Topix article last month wasn't included, because there really wasn't anything to report, which in some ways, is news in and of itself. So, we got one month off, but now there are some new "threats" to your privacy for this month.
RICHMOND, VA: NEW RESEARCH FROM HIVE SYSTEMS FINDS ANY 8-CHARACTER PASSWORD CAN BE CRACKED IN LESS THAN AN HOUR. In its most recent research in password security, Hive Systems found that any 8-character password can be cracked in less than an hour through brute force. Further, any password containing less than seven characters can be cracked instantly. These are just two major findings from extensive research conducted by the cybersecurity firm.
"While passwords aren't the only method to keep your information safe" said Alex Nette, CEO and founder of Hive Systems. "a strong and unique password is the best way to stay safe online."
The research also found that advances in technology over the past two years have cut the amount of time it takes to crack a password through brute force exponentially. In 2020, a complex eight-character password could be cracked in eight hours -- a number that has now decreased to less than an hour. The rise in affordable cloud computing has contributed to this trend.
The use of a password manager for creating and storing passwords significantly increases the safety and security of passwords. In fact, a 12-character password created by a reputable password manager could take up to 3000 years to crack through brute force the research found.
"Password best practices have been well documented, but as technology improves, passwords become less secure," said Corey Neskey, VP of Quantitative Risk at Hive Systems. "The safest option for consumers is to use a password manager to create and store all of your passwords. Never use a password twice, and always be aware of sites that have had a password breach. If you reuse passwords, your information can be stolen instantaneously."
The table of results -- shared thousands of times across Twitter, Reddit, and other social media platforms -- is available for download here.
IN FEBRUARY, A CHINESE-BACKED HACKING GROUP NOTED AS APT31 TARGETED EMAILS AFFILIATED WITH THE U.S. GOVERNMENT WITH PHISHING ATTEMPTS, according to a TechRepublic article. The emails, all to Gmail accounts, were all successfully marked as spam by GMail. In a subsequent Google blog post on March 7, Google alerted users to a variety of threats emanating from Russia, Belarus, and China. Especially with the war in Ukraine raging on, users are urged to maintain vigilance over their accounts and data, as cybersecurity experts anticipate an increase in threat vectors. Sanctions imposed on Russia may escalate those threats, as they attempt to circumnavigate those sanctions.
There is no doubt that RUSSIAN THREAT ACTORS ARE TARGETING UKRAINIAN SYMPATHIZERS AND THOSE ATTEMPTING TO AID UKRAINE as the Ukraine-Russian war goes on, according to a threat advisory from Cisco Talos. Cybercriminals are attempting to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these files infect unwitting users rather than delivering the tools originally advertised.
Do you have "Craftsart Cartoon Photo Tools" installed on your Android device? If so, you might want to remove it ... now. More than 100,000 users have installed this "cartoonifier" app from the Android Google Play Store. THE APP CONTAINS THE TROJAN "FACESTEALER," WHICH ATTEMPTS TO STEAL A USER'S FACEBOOK LOGIN CREDENTIALS, ALLOWING THEM UNFETTERED ACCESS TO A USER'S FACEBOOK ACCOUNT. Security researchers and security firm Pradeo discovered the malicious app in the last half of March 2022.
GOOGLE'S DIALER AND MESSAGING APPS HAVE BEEN COLLECTING AND SENDING DATA TO GOOGLE WITHOUT SPECIFIC NOTICE OR CONSENT, possibly in violation of Europe's GDPR, according to an article on The Register. The data collection does not appear to have an ability to "opt out," either. Google has countered that the data is stored in a hash, and is ONLY used for internal diagnostics to help figure out problems with the services. (Anyone want to buy a bridge in Brooklyn I'm trying to sell?)
New NSA Report On How To Secure Your Networks
The (U.S.) National Security Agency (NSA) has released a new report (PDF) on "best practices" to secure your network against cyberattacks. Called the "Network Infrastructure Security Guidance," the report covers network design, passwords, password management, remote logging and administration, security updates, and key exchanges, as well as services such as SSH, NTP, HTTP, and Simple Network Management Protocol.
Google Confirms Browser Attacks, With Explanation
Google confirmed the (obvious) increase in cyberattacks on Google Chrome and other Chromium-based browsers in a recent blog post. They also told users to expect an increase in "zero-day attacks."
Since the (long overdue) death of Flash, malware threat actors have refocused their attention on the Chromium-based browsers (Google Chrome, Chromium, Brave, Opera, Microsoft Edge, etc.). The blog post goes on to explain what Google is doing to help minimize and mitigate those security concerns.
Surprisingly, the graph provided by Google on their blog post shows no significant threats to Firefox. And that same graph shows how much Chromium-based browsers have taken the place of Flash as an attack vector.
So, if Google Chrome or any other Chromium-based browser is reminding you to update, perhaps you should listen and grab the update.
Sabotage Code Added To Popular NPM Package
The war in Ukraine has spilled over to the digital world, as well, according to an article on Ars Technica. One developer of a popular open source package embedded code that erased files for users in Russia and Belarus. The software would read the IP address of the user, and if they were found to be in either Russia or Belarus, the payload/damage was delivered. This was to protest Russian aggression in Ukraine, and the support by Belarus for that aggression.
Many are calling this software (and any software like it that performs similar actions) a black eye on the open source community. Now, instead of apolitical software, end users have to wonder if a developer is going to impose their own belief system upon the end users. And what if that software was being used for mission-critical functions ... such as life support? Now, innocent people are being deliberately harmed, which is no better than the aggression that's being protested.
The developer in question has since issued updates with the offending code removed. While the wrong has been righted, doubts now exist (especially for that developer) if future updates will bring further (or more severe) forms of protest.
First Images From James A Webb Space Telescope Exceed ALL Expectations
In the planning and construction stage for what seemed to be forever, the James A. Webb Space Telescope, launched last December, has finally reached its destination and is undergoing the process to fine tune, focus and align its 18 hexagonal mirror segments. Combined, those 18 hexagonal mirror segments combine to make a 6.5 meter wide primary mirror. Extensively covered in multiple media outlets, the article at Cosmos Magazine provides an excellent discussion of the JWST.
Orbiting the Earth at 1 million miles (~1.5 million Kilometers) at Earth's Lagrange Point 2, the telescope is too far away for a service mission, a la Hubble, were "things" to run afoul. So there was a lot of nervous trepidation as the JWST mirrors unfolded and deployed. Then, the lengthy process of aligning those mirror segments absolutely perfectly began in earnest.
As a part of that process, the mirror was pointed to a rather "boring" star that is 100 times dimmer than can be viewed with the naked human eye. Yes, it's a pretty picture of a rather unremarkable star. But what really got the astronomers and scientists excited was the background of that image. Each of the little dots of light that make up that background are dim, distant galaxies, too dim to be viewed. Yes, those galaxies are now viewable for the very first time.
Those galaxies pop into crystal clear view, exceeding the lofty expectations mission designers have maintained throughout the planning and construction of the telescope. For all of the remarkable discoveries that the Hubble Space Telescope has delivered from it's near-Earth orbit (and continues to deliver), the JWST is 100 times more sensitive. It is estimated that the JWST will allow astronomers to peer back in time to within a few hundred million years of the start of the universe, observing things about our universe never before seen.
Currently, only the Near-Infrared Camera (NIRCam) is currently online. The other three scientific packages are expected to be online by June or July. Once that happens, JWST mission members are warning to watch out. This is only the first of many, many finely detailed images to come from the platform, which is expected to set a new standard for astronomical space exploration. In other words, stay tuned! The best is yet to come!
The PCLinuxOS Magazine Short Topix Roundup
UBLOCK ORIGIN IS NOW THE MOST POPULAR FIREFOX ADD-ON, according to an article on gHacks. After landing in the second most popular spot behind Adblock Plus for quite some time, it has finally surpassed the former leading add-on. The content blocker is expected to widen its lead over Adblock Plus in the coming months.
According to an article on Phoronix, REACTOS IS MAKING SIGNIFICANT PROGRESS ON SMP (SYMMETRIC MULTI PROCESSING) SUPPORT. This support is becoming increasingly important for today's hardware, which most often supports multiple core processors.
V7 has created a new AI-BASED GOOGLE CHROME PLUGIN THAT DETECTS ARTIFICIALLY GENERATED PROFILE PICTURES with a 99.28% accuracy rate, according to an article on PetaPixel. Called "Fake Profile Detector," the plugin should be available for most Chromium-based browsers. Right-click your mouse on a profile picture and select "Check fake profile picture" from the context menu. The results will be displayed in a popup window in the upper right corner of the web page.
FIREFOX IS FINALLY ADDING SUPPORT FOR AV1 VIDEO, a full two years after support has been added to Chromium-based browsers.
A photographer who had been photographing some of the biggest names in Rock and Roll music since the 1960s, HAS OVER 3,200 UNDEVELOPED ROLLS OF FILM sitting in his Boston home. Those rolls likely contain a never-before seen historical record of the early days of some of the biggest names in rock and roll, according to an article on PetaPixel.