Tag Archives: daily read

News of the day: Numerous internet disruptions & Chinese businessman plotted with GE insider to steal transistor secrets

The month began in Myanmar with a military coup. Since then, numerous government-directed internet shutdowns have followed. Read more in

https://restofworld.org/2021/in-myanmar-the-junta-is-watching/

Chinese businessman plotted with GE insider to steal transistor secrets, say Feds

A Chinese businessman has been accused by the US government of trying to steal silicon secrets from General Electric (GE).

Chi Lung Winsman Ng, 64, who lives in Hong Kong, has been charged with conspiring to pilfer sensitive information on the American giant’s silicon carbide MOSFET transistors; a technology he told potential investors was worth $100m.

The FBI alleges that between March 2017 and January 2018, Ng and “at least one co-conspirator” – a GE engineer of more than seven years – plotted to swipe the blueprints for the transistor, which are electronic components typically found in industrial equipment and vehicles that regulate the flow of electricity. The duo planned to use the stolen trade secrets to set up a competitor in China, it’s claimed.

Read more in

https://www.theregister.com/2021/03/01/china_mosfet_theft/

GPS Security: How vulnerable GPS is & what’s the alternative?

Abstract

Coordinated Universal Time, or U.T.C., the global reference for timekeeping, is beamed down to us from extremely precise atomic clocks aboard Global Positioning System (GPS) satellites. The time it takes for GPS signals to reach receivers is also used to calculate location for air, land and sea navigation……

The problem is that GPS signals are incredibly weak, due to the distance they have to travel from space, making them subject to interference and vulnerable to jamming and what is known as spoofing, in which another signal is passed off as the original. And the satellites themselves could easily be taken out by hurtling space junk or the sun coughing up a fireball. As intentional and unintentional GPS disruptions are on the rise, experts warn that our overreliance on the technology is courting disaster, but they are divided on what to do about it.

Impact of GPS Security

More than 10,000 incidents of GPS interference have been linked to China and Russia in the past five years. Ship captains have reported GPS errors showing them 20-120 miles inland when they were actually sailing off the coast of Russia in the Black Sea. well documented are ships suddenly disappearing from navigation screens while maneuvering in the Port of Shanghai. 

Alternative of GPS

“China, Russia, Iran, South Korea and Saudi Arabia all have eLoran systems because they don’t want to be as vulnerable as we are to disruptions of signals from space,” said Dana Goward, the president of the Resilient Navigation and Timing Foundation, a nonprofit that advocates for the implementation of an eLoran backup for GPS.

Read full story here

Good Read: What Twitter Attack Says on Human Nature, Social Engineering

Abstract

While investigations are ongoing, Twitter reported it was the victim of a “coordinated social engineering attack.” The company confirmed that threat actors targeted and successfully manipulated a small group of employees and used their credentials to gain unauthorized access to an administrative tool that is “only available to internal support teams.”

According to Chako social engineering attacks like this one are “so effective because they use psychological manipulation to convince a person to take an action or divulge sensitive information that they shouldn’t. In fact, cyber attackers are the ultimate psychologists.”

Using these psychological tricks, the attackers were able to hijack Twitter accounts then post messages to dupe social media users into donating Bitcoin payments to fraudulent causes.

Read More:

https://www.cyberark.com/resources/blog/what-twitter-attack-says-on-human-nature-social-engineering

Daily Read: Learn to use security tools SSH, TLS/SSL and Digital Certificates securely.

Best Practices for Securing SSH: What Are Your SSH Security Risks?

SSH_Security_Risks-2.jpg

6 Scariest Ways Your Developers Can Use Digital Certificates

t’s hard to argue that that all web services and applications should not be secured using HTTPS. However, securely obtaining and deploying the certificates needed for securing web services is a challenge, especially for developers.
 

Simply put, there is no easy way for developers to request certificates that comply with corporate policy. First, they need to know where the internal CA is, then they must be granted access to it and possess the proper credential to authenticate.

TLS/SSL Preventing Downgrade Attacks

TLS (transport layer security), also known as SSL (secure socket layer), is the cryptographic protocol that enables billions of people across the world to use the internet by protecting their privacy and data security. It forms the very foundation of website security.
 

The strength of TLS protection lies in the encryption algorithms and security parameters that it works on. These algorithms and parameters differ from one SSL/TLS version to another. When a security element of a TLS version is found to be seriously vulnerable, that version of SSL/TLS is deprecated and is replaced by a newer version.

Learn how password cracking works?

The biggest security problem is a weak password. Either individual password or enterprise server passwords. Maintaining good password is very challenging. And, We all end up using same weak password in multiple places.

This video gives a good understanding of how password can be cracked within a seconds. Listen here.