hatemail tech newsletter 2023-09-05

What makes a "good" Linux kernel bug?; Public transit hacks and leaks; and more in the week's ethical tech news

hatemail tech newsletter 2023-09-05

What is a "good" Linux Kernel bug?

I found my first Linux kernel vulnerability in 2006, but it wasn't a particularly good one. At the time I was just copying everything that my colleague Ilja van Sprundel was doing, and that was good enough to find something. If you watch Ilja's video from CCC, Unusual Bugs (2006) [Isoceles Blog]

FBI and Global Partners Disrupt Notorious Botnet Software Qakbot

Last week the FBI, along with international law enforcement partners, successfully tricked thousands of computers into uninstalling a botnet software that officials say has caused hundreds of millions of dollars in damage worldwide. [TechCrunch]

Teens Hacked Boston Subway Cards to Get Infinite Free Rides—and This Time, Nobody Got Sued

In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off. [Wired]

A Brazilian phone spyware was hacked and victims’ devices 'deleted' from server

The Portuguese-language spyware app has been used to compromise over 76,000 devices to date, the leaked data shows. [TechCrunch]

Cyber security experts lament west’s failure to learn lessons from Ukraine

US and its allies struggle to copy Kyiv’s collaborative efforts, say delegates at world’s biggest cyber security conference [Financial Times]

Conti Inc.: Understanding the Internal Discussions of a large Ransomware-as-a-Service Operator with Machine Learning

Ransomware-as-a-service (RaaS) is increasing the scale and complexity of ransomware attacks. Understanding the internal operations behind RaaS has been a challenge due to the illegality of such activities. The recent chat leak of the Conti RaaS operator, one of the most infamous ransomware operators on the international scene, offers a key opportunity to better understand the inner workings of such organizations. [arxiv]

Predict And Prevent DDOS Attacks Using Machine Learning and Statistical Algorithms

This study uses several machine learning and statistical models to detect DDoS attacks from traces of traffic flow and suggests a method to prevent DDOS attacks. For this purpose, we used logistic regression, CNN, XGBoost, naive Bayes, AdaBoostClassifier, KNN, and random forest ML algorithms. [arxiv]

UK and allies support Ukraine calling out Russia's GRU for new malware campaign

Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices. [United Kingdom press release]

Subscribe to hatemail for weekly rollups of ethical tech, hacking, and privacy content.

ACLU Files Complaint Against MasterCard Anti-Online Sex Work Policy

The ACLU has submitted a Federal Trade Commission complaint against MasterCard over a new policy that discriminates against online adult content sellers. [ACLU]

Police Have Only Arrested Black People In All Known Cases of False Accusation Due to Facial Recognition Technology

All six publicly known reports of false arrests due to facial recognition technology have been made by Black people. Civil liberties groups, tech experts, and activists continue to warn that the use of facial recognition technology in law enforcement will only increase racial inequities in policing. [BusinessInsider]

IBM Returns to Facial Recognition Market After Promising to Leave It

IBM has signed a $69.8 Million contract to provide facial recognition technology just three years after promising to abandon the technology due to ethical concerns. [The Verge]

Japanese Government To Use ChatGPT Tech In Administrative Tasks

Microsoft will supply Japan's government with the technology underpinning its ChatGPT generative AI for use in clerical work and analysis. [NikkeiAsia]

I Tracked an NYC Subway Rider's Movements with an MTA ‘Feature’

“Obviously this is a great fit for abusers,” an expert on domestic violence and cybersecurity said. [404media]

New York police will use drones to monitor backyard parties this weekend, spurring privacy concerns

Those attending outdoor parties or barbecues in New York City this weekend may find an uninvited guest looming over their festivities: a police drone. [AP]

Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed

A hacker said they breached the maker of internet-connected chastity cages to warn about security flaws that are exposing users' data. [TechCrunch]

Project Shows How Much It Costs To Build An AI Disinformation Machine

A developer used widely available AI tools to generate anti-Russian tweets and articles.The project is intended to highlight how cheap and easy it has become to create propaganda at scale. [Wired]

Meta’s ‘Biggest Single Takedown’ Removes Chinese Influence Campaign

The campaign began at least four years ago and spanned thousands of accounts on Facebook, Instagram, TikTok, X, Substack and Chinese websites, Meta said. [NYTimes]

China’s Misinformation Fuels Anger Over Fukushima Water Release

By exaggerating the risks from Japan’s discharge of treated wastewater, Beijing hopes to cast Japan and its allies as conspirators in malfeasance, analysts say. [NYTimes]

Subscribe to hatemail for weekly rollups of ethical tech, hacking, and privacy content.

Subscribe to hatemail

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe