Radio Show Notes
November 1 to 7, 2021
Craig Peterson
Show Notes
November 1 – November 7, 2021
Use Apple’s Hide My Email iCloud feature to get a burner email address
Apple’s latest email privacy feature for iOS 15 and iCloud Plus will randomly generate email addresses, helping you keep your inbox clear of spam.
The feature, called Hide My Email, is part of a trio of new privacy-focused services for iCloud users with iCloud Plus. To take advantage of it, you’ll have to pay for the premium upgrade that ranges monthly from $1 to $10. (If you’re already an iCloud subscriber, your account will automatically get upgraded to iCloud Plus when it’s released with iOS 15.)
Hide My Email lets you generate random email addresses when you fill out an online form or sign up for a website, so you don’t always have to give out your real address. In effect, you’re scrambling your tracks. We’ll walk you through how Hide My Email works and how to set it up once the new iOS is released.
Not an Apple User?
Use Fastmail in your web browser, on mobile devices, and on desktop apps (Outlook, Thunderbird, Mac Mail). https://www.fastmail.com Starts at $3 per month.
+++++++
The Lithium Gold Rush: Inside the Race to Power Electric Vehicles
https://www.nytimes.com/2021/05/06/business/lithium-mining-race.html
A race is on to produce lithium in the United States, but competing projects are taking very different approaches to extracting the vital raw material. Some might not be very green.
The mine, constructed on leased federal lands, could help address the near-total reliance by the United States on foreign sources of lithium.
But the project, known as Lithium Americas, has drawn protests from members of a Native American tribe, ranchers, and environmental groups because it is expected to use billions of gallons of precious groundwater, potentially contaminating some of it for 300 years, while leaving behind a giant mound of waste.
“Blowing up a mountain isn’t green, no matter how much marketing spin people put on it,” said Max Wilbert, who has been living in a tent on the proposed mine site while two lawsuits seeking to block the project wend their way through federal courts.
++++++++
QR Codes Help Attackers Sneak Emails Past Security Controls Using Images
Researchers have observed an attacker using a technique they hadn’t previously seen to attempt to sneak phishing emails past enterprise security filters.
The emails contained a message that described the QR code as offering access to a missed voicemail and appeared designed to bypass the enterprise email gateway.
The Better Business Bureau (BBB) in July warned of a recent uptick in complaints from consumers about scams involving the use of QR codes. Because the codes cannot be read by the human eye, attackers are increasingly using them to disguise malicious links, the BBB said.
Attackers are distributing malicious QR codes via direct messages on social media, text messages, physical mail, paper flyers, and email, it noted. Users who scan the codes using their mobile phones are directed to phishing websites that are designed to harvest personal information and login credentials, automatically follow a malicious social media account, or launch a payment app.
++++++++
You’ve Just Been Ransomed … Now What?
- Don’t Panic
2. What Are You Dealing With?
3. Isolate and Save
4. Try to Understand the Attack Vector
5. Offline Backups
6. To Pay or Not to Pay?
These processes should be practiced and updated regularly. With an emergency plan in place, the risk of making mistakes under pressure resulting in further damage is minimized.
++++++++
Google Fi (Google’s Smartphone Service) is getting end-to-end encrypted phone calls
https://arstechnica.com/gadgets/2021/10/google-fi-is-getting-end-to-end-encrypted-phone-calls/
Google Fi, is getting a surprise new feature: encrypted phone calls. Encrypted voice chats via messaging apps have been available for a while, but this is the first time we’ve seen a company hijack the regular phone system for end-to-end encrypted calls. Open the phone app, dial a number, and your call can be encrypted.
End-to-end encryption is not a normal phone standard, so both parties on the call will need to be firmly in the Google Fi ecosystem for the feature to work. Google’s description says that “calls between two Android phones on Fi will be secured with end-to-end encryption by default.” Google Fi works on the iPhone, too, but given that Google would have to use Apple’s default phone app, it can’t add encryption.
For encrypted Fi-to-Fi calls, Google will show a new “Encrypted by Google Fi” message in both users’ phone apps, along with the ubiquitous lock icon. The company says there will be “unique audio cues” as well.
++++++++
Cybercriminals Take Aim at Connected Car Infrastructure
https://www.darkreading.com/attacks-breaches/cybercriminals-take-aim-at-connected-car-infrastructure
Car thieves abuse keyless entry systems, hackers find new ways to exploit vehicle components, and fraud targets auto financing, automotive cybersecurity experts said in interviews this week.
In September, for example, New York City police raided a car-theft ring that reportedly stole cars using cloned key fobs based on security codes bought online and encoded into a device by a local locksmith. They also used an aftermarket scanning tool, typically used by mechanics, to reprogram targeted cars’ ignitions to make them think all the keys had been lost.
The rise in electronic-enabled thefts is only one unintended consequence of the rapid adoption of connected software in the automotive space, says Guy Molho, vice president of products for Upstream, provider of cybersecurity services for the industry.
“Auto OEMs are running to provide their customers with a lot of new capabilities, and these are new surfaces for hackers and attack vectors,” he says. “That surface area is just going to grow, because it is no longer just a car — it’s a software platform on wheels.”
++++++++
Microsoft reclaims title of most valuable public company after Apple falls
Microsoft regained its crown as the most valuable publicly listed company in the world on Friday from Apple, whose shares slumped following a weak quarterly earnings update from the maker of iPhones and Mac computers.
Microsoft’s 2.2 percent gain on Friday lifted its market valuation to $2.49 trillion. Apple slid 1.9 percent, taking its market cap to $2.46 trillion.
Microsoft reported this week that its revenues soared in the third quarter, aided by a pandemic-fuelled surge in cloud computing resulting from a shift to remote working. The company’s quarterly revenue grew 22 percent, its largest gain since 2014.
Apple missed analysts’ forecasts in results released after markets closed on Thursday evening, as chip shortages and factory disruptions due to the coronavirus pandemic hit production.
++++++++
Advanced VPN Exploits: The Perfect Storm
“VPN devices are an attractive target for attackers because of their place in the network itself — the leverage point, the foothold it provides them into remote networks, and not because of the pandemic,” Vanautgaerden explains, adding that the team “only saw marginal increases in attacks” targeting VPN devices during the pandemic.
“What stood out is the sophistication of the attack itself, and that really started with how these attackers approach these VPN devices,” Vanautgaerden says. Normally, the response team might have information like IP addresses to help them, but in this case the attackers took extra care to use IP addresses in the location where the VPN clients would typically connect from.
They also used anti-forensic techniques on the VPN device, wiping logs and files and taking extra care to not leave any traces of their activity behind. Within the network, where typically incident responders might see an attacker executing malware on systems on dropping executables, they took additional steps to blend into their target environment, he adds.
++++++++
