This week in SiliconANGLE

Here are the ones from the first part of the week.

  1. I did a video interview for a sponsored virtual event for TheCube here, talking about ransomware, air gapped networks, and other reasons to secure your data. 
  2. An analysis of Infrastructure As Code — where it comes from, why it is important, and why it can be both blessing and trouble for IT and devs.
  3. An analysis of everyone’s least favorite hacking group, Lazarus of North Korea, and how they are changing tactics and using Telegram as a command channel, and scooping up millions of dollar-equivalents.
  4. This week, Ukraine’s largest telecom carrier got hit with a massive cyberattack. They are gradually bringing stuff back on line, including the ordinary (like people’s cell phones and bank’s ATMs) and the war-related stuff to target the people most likely to have originated the attack (you know who they are).
  5. A new report from Cloudflare shows their growth in internet traffic along with other interesting stuff such as outages and the percentage of those poor souls who are still using ancient TLS versions.
  6. Another report that examines the past year or so of various cyber attacks and other assorted breaches from a very well respected source at MIT.

If you use iCloud, make sure it is properly secured — now

A friend told me this tale of woe that someone he knows had all their Mac Things compromised to the point where they were no longer working. Before I describe the situation, if you use iCloud, do these three things now:

  1. Change your iCloud password now. Pick something unique, complex enough to satisfy all of Apple’s requirements (lower case, upper case, a number and a symbol). For easy typing on phones, I use a series of words with the other adornments. I know changing passwords is a pain. But please do this now. Really. I will wait.
  2. Go to the iCloud security settings page and make sure you are using a two-factor method that isn’t SMS-based (and if you dare, uses passkeys).
  3. Go to your photo collection, and delete pictures of your ID documents, like driver’s license or passport. If you travel (remember travel?), one of the things they tell you is to make copies of your ID in your photo stream. I don’t think that is safe advice now, and will explain later. If you want to keep copies of these documents, make a printed photocopy and keep it in a different place from your actual documents.

Now, why go through all this? If you don’t know about SIM swapping, take a moment to click on that piece that I wrote a few years ago and learn more about it. Basically, once a criminal knows your cell phone number, they can impersonate you and get your phone number reassigned to their own phone and the fun begins.

What if you don’t use iCloud but use Google’s Account? You should follow a similar path, particularly if you have an Android phone.

Now, why the business of deleting your identity docs? This is because once someone has control over your iCloud, they look through your photo stream and find these things, and then use that as the authentication process to recover your other accounts. And if you employ the “fake birthday” dodge (as I do and described here) you will have additional pain and suffering if you have to show your ID and the person you are talking to can’t match it to your fake birthday that you set up when you first created your FaceTwitTok account.

Happy holidays folks. Don’t respond to texts from out of the blue. Don’t click on anything in email, even from someone you correspond with. And don’t reuse your passwords and eat your veggies while you are at it too.

Faking the demo

Simon and Garfunkel once sang:

I know I’m fakin’ it / I’m not really makin’ it /I’m such a dubious soul
I was thinking about this song while I was reading this report in TechCrunch about a recent Google demo of their Gemini AI model. Turns out the demo was faked. “Viewers are misled about how the speed, accuracy, and fundamental mode of interaction with the model,” they wrote.
Now, in the rush to either overlaud or bedevil AI over the past year, we have this. It is enough to make me want to dive back into the Bitcoin market, where the real faking was going on. Just kidding.
Getting to the bottom of how demos are conducted used to be my bread and butter as a roving technology reporter back in the go-go 1980s and 1990s. I was (in)famous for going behind the equipment that was being demo’ed in front of me, and pulling the plug or some Ethernet cable to see if it stopped, testing the reality of the situation or seeing if the vendor was running some canned video. PR folks warned their clients ahead of time that I was going to do this, and some vendors even incorporated the “Strom reveal” in their demos.
I recognize that the demo gods can be cruel, and often things go wrong at the last minute. We all recall the famous moment when Bill Gates himself got hit with a blue screen when showing off some Windows 98 demo. The audience cheered, I guess in sympathy — at least that was back when the titans of tech could be sympathetic and not act with the emotional range of children. Or when candidates running for national office — or podcasters with huge multi-million audiences — wouldn’t espouse ridiculous conspiracy theories. I am sure you can guess who I am talking about in each of these cases. Sadly, there are multiple examples of each. These people are in plentiful supply.
Now, it is great that my tech press colleagues can call foul play on Google’s demo. Especially on the topic of AI, when the hype is already on overdrive. But maybe it is time to return to a more believable era, when things were more genuine, and when “alternative facts” were once called “bold faced lies” or something more profane. Or when we had fewer dubious souls roaming the planet.
Self-promotions dep’t
Among the numerous articles that I wrote this week for SiliconANGLE is one about Joe Marshall who was the genuine real deal. You should read about his leadership and determination to help the Ukrainian people. Recall how the Russians jammed GPS signals so their troops weren’t targeted? Turns out that doing that does more than prevent folks from finding their way around the country. It also disrupts their power grid, which needs precise absolute time to synchronize the power flows. Marshall cobbled together some Cisco gear (he works for the company, but that isn’t really the point) and got their lights turned back on thanks to his doggedness in figuring out how to do it.
Speaking of GPS jamming, even in the best of times there are numerous GPS fails. How about all the people — and there were a lot of them — who were stranded in the Mojave desert coming back to the LA area from Vegas. They were following directions from Google Maps, and also didn’t know that there is only one way to get there (I-15). Now they certainly do.

This week in SiliconANGLE

Here are this week’s stories in SiliconANGLE.  My most interesting story is about one man’s effort to improve the power grid in Ukraine, thanks to a very clever collection of Cisco networking gear that provides backups when the GPS systems are jammed by the Russians.

Two stories of intrepid Red Cross volunteers

The American Red Cross responds quickly when disaster strikes. News programs are filled with striking scenes of disaster relief — shelters housing hundreds of survivors, the distribution of thousands of meals and disaster assessment volunteers at work across the affected area. But these efforts would be impossible without the support of the Operations Department working behind the scenes.

For one story, I interview Randy Whitehead and Dan Stokes and their various roles as volunteers. Both have transported a Red Cross emergency response vehicle from one location to another. That effort doesn’t capture news headlines, but it is essential to the mission.

For a second story, I spoke to the people behind an effort to help lawyers better understand international humanitarian law, something very much in the news these days. Lori Arnold-Ellis, the Executive Director of the Greater Arkansas chapter, and Wes Manus, an attorney and Red Cross board member, have expanded and extended a course first assembled by the International Red Cross called Even War Has Rules and are teaching it in our region to lawyers and non-lawyers alike. I took one of the courses and learned a lot too!

That is one of the reasons why I keep coming back to volunteer at the Red Cross: there are so many places to help out and you meet the most interesting people. It is terrific to get to talk to them and hear their stories.

This week in SiliconANGLE

Here are four stories that I wrote this week.

This week in SiliconANGLE

Happy holidays! Here are my stories for the week:

  • The group behind LockBit ransomware is now exploting the Citrix Bleed vulnerability, which made big news last month and still at risk for thousands of devices around the world. US and Australian cybersec officials released a security advisory this week that provide the details, and my article follows up with what is going on with this very dangerous and prolific ransomware operation.
  • The group behind the Phobos ransomware is also stepping up its game too.
  • I examine a series of recent cloud security reports, some surveys of IT managers and some taken from actual network telemetry of customers and public sources, to show a not very rosy picture of the situation. Secondary issues such as security alerts take too much time to resolve, and risky behaviors fester without any real accountability to prevent or change.

The latest ransomware ploy

Say your company has just been attacked by a ransomware gang, and they are demanding payment or they will do various criminal acts. So whom do you call first?

  1. The corporate security manager, to lockdown your network and begin the process of figuring out how they got in, what damage they have caused, and what your company needs to do to get back to normal operations,
  2. The chief legal officer, to activate law enforcement solutions,
  3. Your insurance agent, to find out the specifics of your cybersecurity policy and to begin the claims process
  4. The chief compliance officer, to begin the process of letting the various regulatory authorities know that a breach has occurred.

Ideally, you should make all of these calls in quick succession. But a situation involving a finserv firm’s ransom attack earlier this month has brought about a new wrinkle in what is now called the multipoint extortion games. This term refers to ransomware gangs using more than just encrypting your data as a way to motivate a company to pay up. Now they file a complaint with the SEC.

Say what? You mean that the folks who caused the breach are now letting the feds know? How is this possible? Read this story by Ionut Ilascu in Bleeping Computer for the deets. They have the victim on the record that they were breached, and information from the ransomware group seems to match up with a complaint that was filed with the SEC at about the same time period. So how annoyed were the ransomware gang that they decided on this course of action? The victim says they have contained the attack. The one trouble? Apparently the breach notification law doesn’t come into effect until next month that requires the mandatory disclosure. Someone needs to provide legal assistance to the bad guys and at least let them know their rights. (JK)

But seriously, if you have a corporate culture that prevents breach disclosure to your customers — at a minimum — now is the time to fix that and become more transparent, before you lose your customers along with the data that the ransomware folks supposedly grabbed.

This week on SiliconANGLE, I covered major security announcements adding AI features to the product lines of Microsoft, Palo Alto Networks, and Wiz. All are claiming — incorrectly — to be the first to do so.

This week at SiliconANGLE

I had an unusually productive week here at SA. This is the rundown.

First and foremost is my analysis of kubernetes and container security, which describes the landscape, the challenges, the opportunities for security vendors to fill the numerous gaps, and what else is going on here. There is a lot going on in this particular corner of the infosec universe, and I think you will find this piece interesting and helpful.

There were some shorter pieces that I also wrote:

My 30-year love affair with TCP/IP

Is it possible to fall in love with a protocol? I mean, really? I know I am a nerd, and I guess this is yet further evidence of my nerdom. But to properly tell this story, we have to go in the Wayback Machine with Mr. Peabody to 50 years ago, when Vint Cerf and Bob Kahn were working at Stanford and inventing these protocols. I was too young to appreciate the events at the time, but later my life would change drastically as I learned more about TCP/IP and how to get it working in my professional life.

You can read the original 1974 paper here as well as watch an interview with both men that was recorded earlier this year.

In the mid 1990s, I would meet Vint and so began our correspondence that has lasted to this day. I posted an interview with him in 2005 here that is still one of my favorite profiles. This was when he was about to start at Google and when I was running Tom’s Hardware. I asked him to recall the most significant moments of TCP/IP’s development:

  • 1/1/1983 – The cutover on Arpanet to TCP/IP
  • 6/1986 — The beginning of NSFNET
  • 1994 — Netscape supports HTTP over TCP/IP and when Berkeley BSD 4.2 unix release with support for TCP/IP
  • 2007 – The introduction of the iPhone

That is a pretty broad piece of computing history.

TCP/IP spent its first couple of decades growing up. Few people used it, and those that did were more akin to being members of a secret society, the keepers of the flame called Unix. (Unix would evolve into Linux, as well as the MacOS, and then into containers.) But then something called the Internet caught hold in the early 1990s. I wrote a blog post not too many years ago about the early tools we had to suffer with during that era to get TCP/IP working on other computers, such as DOS and Windows and Netware. It was far from easy, and many businesses had all sorts of pain points to get TCP/IP working properly. BTW, that link also has a hilarious clip about “the internet” that has held up well.

Netware is actually where my love for the protocols blossomed. Many of you might recall how powerful this early network operating system was, and how it could run multiple protocols with relative ease. They saw the importance of TCP/IP and invested heavily in equipment that would bring it to ordinary desktops, and by ordinary I mean the versions of Windows that we had to suffer with back then. Setting up a computer to connect to something else then was made a lot easier with Netware’s TCP/IP support.

But it wasn’t just Netware, but the web that really turbo-charged TCP/IP. That also took off during the 1990s, and it went from curiosity to standard practice seemingly overnight. The web really changed how we interacted with information. In my own case, I saw the publications that were making millions of dollars selling printed magazines go to a much reduced online form, and editorial staffs drop dozens of people from their mastheads. Now it is rare that a publication has more than a single full-time editor, which is great if you are a freelancer (which I am) but then budgets continue to shrink too, which is not great.

But in spite of these cataclysmic moments, I still say that I love TCP/IP. I don’t blame the protocol for the transformation of my industry. Au contraire, it made my computing life so much easier. Its beauty was its extensibility, its universal connectedness that was useful in so many different situations. And it also enabled so many apps, both then and now. And every app tells another story, which is after all my bread and butter.

This week, I bought a lighting controller that supports TCP/IP, for example. And that brings up another point. Today, we don’t give TCP/IP much attention, because it has been woven into the fabric of our computing systems so well. It is pervasive: you would be hard pressed to name a computer that doesn’t support TCP/IP. And by computer, I mean our smart TVs and other home appliances, our cable modems, our networks, our cars.

Vint wrote me after he read this essay: “TCP/IP has been improved over the years by people like Van Jacobson and David Taht among others. Google introduced QUIC which provides TCP-like functionality with some additional features. But it has certainly been a workhorse for the world wide web and its applications.” Note what he is doing here: giving credit to other innovators and extensions who have built some interesting things on what he and Kahn came up with 50 years ago. A class act.

So much love to spread around. I count myself lucky to have been present for the last 30 years of the tenure of TCP/IP, and chronicle its growth and popularity.