CyberWire Daily - Spectre and Meltdown mitigations. Psiphon and Iran's unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.
Episode Date: January 9, 2018In today's podcast, we hear about how Spectre and Meltdown mitigations are proceeding, with many successes (but some blue-screen-of-death failures, too). Psiphon looks like the souped-up VPN of ...choice for Iranian dissidents, as that country's Internet crackdown continues. Pop-up ads infest mobile devices as an old tactic finds new scope for its misapplication. Olympic phishing targets South Korean companies. China moves to stop illicit cryptocurrency miners. Jonathan Katz from UMD on bitcoin mining power use. Guest is Udi Yavo from Ensilo on Process Doppelganging. Is there an alt-coin bubble? Sure looks like it. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Spectre and Meltdown mitigations proceed with many successes,
but some blue screen of death failures, too.
Syphon looks like the souped-up VPN of choice for Iranian dissidents as that country's Internet crackdown continues.
Pop-up ads infest mobile devices as an old tactic finds new scope for its misapplication.
Olympic fishing targets South Korean companies.
China moves to stop illicit cryptocurrency miners.
And is there an altcoin bubble?
Sure looks like it.
And is there an altcoin bubble?
Sure looks like it.
I'm Dave Bittner with your CyberWire summary for Tuesday, January 9, 2018.
The very large task of mitigating the speculative execution processor vulnerabilities, Spectre and Meltdown, continues, with a number of successes.
Apple has addressed Spectre with a fix for iOS and macOS devices. On the whole, the cooperation vendors are showing in addressing the vulnerabilities
seems commendable, at least Intel thinks so, and with some reason. But problems applying
the fixes offered are widely reported, as one would expect. Microsoft has pulled its
fix of Spectre and Meltdown for AMD-based devices.
That patch is reported to have bricked some of the machines to which it was applied.
There's a general lesson here about patching.
Fixing problems that have ramifications across many platforms and many applications
involves complex dependencies and often unintended consequences.
This is particularly true for patches that touch systems where downtime or
interruption are too costly to tolerate, as in industrial process controls and similar IoT
environments. So the speed with which mitigations have been pushed out is encouraging.
Where Twitter was the enabling technology of Iran's failed Green Revolution of 2009,
current dissenters are turning to Canadian-made Siphon,
a firewall evasion app that's seen up to 700,000 downloads a day in the new year,
most of them in Iran.
Siphon, developed by the University of Toronto's Citizen Lab,
isn't the only tool being used to circumvent Iran's filter net,
but observers are tending to keep quiet about other tools,
lest they blow the gaff
to the regime. That regime appears to be showing some internal ambivalence toward its own response
to dissent. A surge in pop-up redirect ads is troubling mobile device users. The tactic isn't
new, but it's recently become very widespread and has begun infesting top-tier websites.
Media outlets that depend upon ad servers for revenue are feeling a pinch and are looking
for ways to pressure those services into better behavior.
Concerns continue over phishing attempts during the run-up to the Winter Olympics.
It appears to be a targeted campaign directed at selected South Korean companies.
There's no attribution yet, but eyes are inevitably turning toward the usual suspects in Pyongyang.
Researchers at security firm Insilo recently published work
outlining an exploit they've named process doppelganging.
Udi Yavo is chief technology officer at Insilo.
Microsoft added the capability to NTFS to support transactions. What this essentially
means is that once you do file actions, you'll be able to easily roll them back.
This is very useful, for example, for installers. When installers start putting files on disk,
maybe at one point or another, it may have an error and it makes it very easy to roll it back
to roll back all the changes that were done to the file system what we figured is what's going
to happen if we create an executable map it as executable into memory which means it's ready to
execute and then we roll back the transaction So essentially it means that what we see in memory,
what's running is not related to the data on disk.
So if something tries to read from the disk,
it will no longer read data that actually exists in memory.
So you've got something on disk,
and that's what you load in for your executable.
And then at just the right moment, you execute this
function in the NTFS file system that reverts
the disk back to its previous state. So, from the disk's
point of view, it appears as though the file never changed,
and what's executing no longer matches what's on the disk. Is that correct?
Exactly. And still, even though it's no longer matches what's on the disk. Is that correct? Exactly.
And still, even though it's not longer there,
everything that tries to look at the process
will see the properties of the file that resides on disk.
So, for example, if you try to check its signatures, it will look okay.
Is this process something that's at the research stage for you all?
Was this an original bit of research that you all did,
or is this something that you've discovered that other people are using?
No, it's research that was done entirely by us.
So there's no evidence that anyone is using this out in the wild yet
for any bad things?
No, and this is also why we did not release any source code
because we don't want to make it easy to leverage at this moment.
And so in terms of evading standard AV software,
how does it go about doing that?
And then how can you detect this sort of thing?
It depends on when exactly the AV is doing its scanning. Most AVs
do the scanning either when the file is closed or when the process is created. In both cases,
it's going to be problematic because the file is no longer the original file. Some AV vendors do
it from user mode process, and then it's not going to be in the context of the transaction.
So this is why it's able to evade.
So is this a flaw in the NTFS file system fundamentally, or is it just someone being
clever and take advantage of something that's functioning the way it was intended?
It's actually the second option.
There is no type of vulnerability here and no kind of bug.
It's just a way to leverage features in an unpredictable way.
That's Udi Yavo from Insilo.
You can learn more about process doppelganging on the Insilo website.
It's in their blog section.
Criminals are showing sustained interest in cryptocurrency mining and hardware wallet pilferage as the altcoins' very high valuations persist.
Chinese authorities appear to be preparing a crackdown on the illicit installation of currency miners in unsuspecting third parties.
Miners are spreading to new mobile precincts as they're reported to have appeared in BlackBerry sites.
to have appeared in Blackberry sites.
And the government of North Korea shows little sign of forsaking theft of cryptocurrency as a means of redressing the financial shortfalls imposed by international sanctions
and an economy that produces little that anyone wants to buy.
Initial coin offerings continue, and both actual businesses and regulators are giving them some attention.
The U.S. Securities and Exchange Commission is devoting some of its beefed-up cyber oversight muscle
to the initial coin-offering market,
and there are a number of startups going the ICO route as they seek funding for growth.
One of those is Telegram, the encrypted messaging startup
whose service is among those currently blocked in Iran.
Telegram is planning, according to TechCrunch,
a multi-billion dollar ICO
to put its own blockchain platform in place,
complete with its own native cryptocurrency,
said to represent an evolutionary advance
over pioneers like Bitcoin and Ethereum.
The new platform will be called TUN,
the Telegram Open Network,
and will enable payments in the Telegram chat app and elsewhere.
Founder Pavel Durov is said to be interested in the sort of independence of government
control he wasn't able to attain with his earlier company, Russian social media platform
VK.
So, is there a bubble in altcoins?
A lot of people resist saying so, some of them apparently out of the kind of pardonable
but starry-eyed techno-libertarianism
that seems to animate telegram enthusiasts. But this market looks a speculative mania for the
ages, one to rival tulip bulb futures, or maybe, to take a more recent bubble, subprime loan
derivatives. Witness Dogecoin, named after a dog but not pronounced like dog because it came from
an old meme that originated in the Homestar Runner puppet show, where Homestar Runner calls Strong Bad his doge.
You quack me up. Quack. Me. Up. That's why you're my D-O-G-E.
You're doge? What are you talking about? I'm Strong Bad!
about. I'm strong, bad!
Various others picked this up on Tumblr and elsewhere
with posts that featured pictures of a
Shiba Inu dog, then encounters
with this particular white fluffy
doge, and then the white fluffy doge
making, as Ars Technica puts it,
excited but ungrammatical
declarations.
We explain this because, first of all, we
are a bring-your-own-dog shop here at the
Cyber Wire,
so we're naturally attracted to news with a canine angle.
But second of all, because this backstory should suggest that Dogecoin probably wasn't meant to be taken entirely seriously.
Indeed, that seems to be the case.
The cryptocurrency hasn't been under active development for about a year, and it was intended to be something people could goof around with until it faded naturally into oblivion. Only natural oblivion isn't in prospect. In fact,
Dogecoin peaked at $2 billion this Saturday, that's b-b-billion, billion with a b,
before a market correction yesterday brought it back to its current level of about $1.7 billion.
Dogecoin co-founder Jackson Palmer,
who really hasn't been actively involved with Dogecoin since 2015,
told the altcoin news outlet Coindesk,
quote,
You said it, Mr. Palmer, released a software update in over two years as a $1 billion plus market cap, end quote.
You said it, Mr. Palmer, but all things blockchain are singing to speculators nowadays.
The governments of Russia and Venezuela are introducing blockchain-based fiat currencies,
which seems in some ways to be missing the point, but okay.
The crucial question remains, will those fiat cryptocurrencies be convertible
to Dogecoin? Or maybe even Vop. Here, innovation isn't a buzzword.
It's a way of life. You'll be solving customer challenges faster with agents, winning with
purpose, and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning
digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Jonathan Katz.
He's a professor of computer science at the University of Maryland
and also director of the Maryland Cybersecurity Center.
Jonathan, welcome back.
There's been a lot of news lately about Bitcoin mining in particular and the amount of power that it uses. And I was hoping you could just spread some light on why is that? Why is the
energy use so significant for Bitcoin mining? And is it going to eventually collapse under its own
weight? Yeah, that's a really interesting question. And there were some reports going around a couple of weeks ago about the amount of electricity being used for Bitcoin
mining and how it compares to the electricity usage of even certain countries. And fundamentally,
the reason is that the Bitcoin network is secured by the computational processing being done by all
the nodes in the system. And as more and more nodes are joining, as more and more people are becoming interested in Bitcoin,
and as more and more people want to mine Bitcoin,
you see more people investing more and more effort into solving these computational puzzles
that reward the miners with Bitcoin when they can find a solution.
And people are worried about this.
People are concerned about the amount of electricity that Bitcoin is using
and also concerned about the huge waste of this electricity, because essentially it's not doing anything useful for anybody other than allowing the people who solve the puzzle to get some reward in Bitcoin.
So there's definitely a concern about that. People have been thinking about ways to design systems that don't use as much as much energy. Those have so far remained academic
proposals. They haven't really become as popular as Bitcoin. But it's definitely something to keep
an eye on. And it's a concern for how much the Bitcoin network can continue to grow in the future.
And is there any risk of these blockchain systems sort of collapsing under their own weight?
I wouldn't quite say collapsing under their own weight. I think there's always the concern that these things are a bit of a bubble. And as it becomes, I mean,
we've seen this even with Bitcoin itself, that as it becomes harder and harder to solve these
puzzles that underlie Bitcoin, the average user, the kind of the hobbyist who might be interested
in being a Bitcoin miner for fun is being priced out of the marketplace. And what you have instead are
people who run small businesses, essentially, where they have these huge mining farms,
investing quite a lot of money, still able to turn a profit. But nevertheless, you're kind of
getting rid of the small people and only leaving room for larger people who can do the mining.
And there's always the risk that that will eventually collapse as the average person can't get in anymore at ground level and loses interest.
So there is a potential concern there.
And using a lot of electricity as they go.
Yeah, that's right. That's right.
So I think about it in terms of just the environmental impact.
It's still small relative to all the other things we're doing to the planet.
It's still small relative to all the other things we're doing to the planet, but it's something to think about.
And the amount of electricity and consumption that's being wasted, essentially, just to keep the Bitcoin network going.
Jonathan Katz, thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total
control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
Listen for us on your Alexa smart speaker too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, Thank you. impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.