WillyW

Summary Kaspersky Labs detailed an attack chain that affected Apple devices mostly iPhones that was on-going for four years before it was shut down by patches, but jailbroken iOS devices remain vulnerable. The alleged originator of this is the NSA as per the Russian Gov't without supporting evidence. One of the vulnerabilities, CVE-2023-41990, was a vulnerability in Apple’s implementation of the TrueType font which had existed since the 90s. The detail of how the attack chain achieves infection is presented in the video and is quite complicated and sophisticated, but in brief it takes advantage of several previously undocumented features/vulnerabilities and attempts to hide itself from detection by sophisticated means and is quite long and complicated. Once infected the malware extracts users data including pictures but in order to reduce bandwidth it makes use of the Apple Silicon's own machine learning features to perform image recognition on photos. The initial attack vector is undetectable by the user, and requires only the phone number of the victim. Quotes My thoughts This is a report from Kaspersky which is a Russian security research agency with alleged Russia gov't connections, but regardless well documented. With all the advertising from Apple about how secure and privacy focused their devices are you have to wonder if they know they have a culture problem. The four vulnerabilities have previously been reported and patched (CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, CVE-2023-41990) but what is new here is a detailed account of what they did and who they were targeting. The article mentions "Besides affecting iPhones, these critical zero-days and the secret hardware function resided in Macs, iPods, iPads, Apple TVs, and Apple Watches." What this brings home is a number of things, first when you are in a closed ecosystem you make yourself more vulnerable to hacks that work on all devices, and that you really should not be using devices that are no longer supported. It is likely that if this was the NSA they have other ways in, and have already moved on, but now that the vulnerabilities and the attack method is detailed that it becomes that much more easy for others to exploit these vulnerabilities. Also, the fact that users do not notice hacks occurring does not mean that they are secure from them or that they haven't already been compromised, as mentioned in the Q&A portion of the video below there is no way for the user to know they are or have been infected without taking deliberate steps to determine i.e. check logs or take backup an analyze with a tool. At my work we train users monthly on threats and despite all this we still have users clicking on things they shouldn't and despite our training we still have people trying to hide when they have. Sources https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/

Summary With technology from Peter Jackson (Lord of the Rings producer), the remaining Beatles members were able to upscale a previously recorded set of tracks for a song and produce the song with direct input from the two deceased members of the band. The sources were a badly recorded cassette tape 40+ years ago from John Lennon, and a 90s guitar recording from Harrison, both preserved and enhanced and combined as tracks in the new song. Quotes My thoughts This would seem to be one of the cases where AI has benefits that most people would not have thought to think of. There are many upsides and downsides to this. Say you have a media library with very poor MP3 encoded bitrate files, sometime in the future you could use a tech like this to upscale the set. Now all you would need is some AI to write a CMS for you if wanted to be able to host this on a home NAS or offline storage. Downsides could be that in future estate holders could try to claim extended copyright on works and try to get the 50 year copyright term extended in law reducing the ability for things to go open source and a be used to create more unique works, and enrich a few people who do not contribute much to society. Sources https://www.theverge.com/2023/11/2/23943290/now-and-then-the-beatles-new-song-ai - Article

Summary In a survey done by CBC and researchers at the University of Guelph Ontario found that about 50% of tech repair shops snooped private data on a users computer when it was brought into repair. This included Geek Squad/Best Buy, Canada Computers and other independent repair shops. Quotes My thoughts This is not surprising, but it bears repeating because, at least in my experience, when your average person is faced with something that may be difficult to do or too much trouble will shrug it off and not want or not care to do it. When I send in laptops to the repair center we always remove passwords, user accounts, login info for any services, and remove the device from the domain and remove BIOS/default administrator passwords. Though I don't have time right now, I may in future consider a full automated MECM re-image. Sources LInk to article - CBC 20OCT23 Link to more CBC links and videos on the topic

Summary A Yutube user created a generative AI song with sources from Drake and The Weekend. There was some drama with the song being taken down across various different sites including Apple Music and Spotify, but there was further drama with Youtube. The issue at hand is that a DMCA takedown notice was only applicable to the song because of a specific sample in the song. If the user removed that sample it would pit Youtube's interest in direct contrast to Google's generative AI businesses. This will become complicated as the label that represents Drake and The Weekend, UMG has publicly stated that they do not view generative AI as fair use, but Google themselves have said in the past that generative AI products are fair use. Quotes My thoughts In the past record labels have been quite litigious and given that the generative AI business is also predicted to be quite profitable for the tech giants, at a minimum there will be some upcoming changes in Copyright law. In the past lobbyist groups for major rights holders groups like record labels have successfully obtained provisions in legislation and trade agreements such as the TPP. It really is anyone's guess who will have the bigger say, but personally any time the RIAA runs into problems I am generally happy given the underhanded tactics that they have tried to protect their profits whilst not increasing the profit from artists. The Recording industry is quite an exploitative industry if you are not a big name. Sources https://www.theverge.com/2023/4/19/23689879/ai-drake-song-google-youtube-fair-use

Summary A teen in Alberta Canada received a weighted box instead of the graphics card that he was supposed to receive. Amazon refused to refund him saying that he needed to return the originally ordered product. It wasn't until CBC called them that Amazon responded positively to the incident. They recommend to make an unboxing video to prevent something like this from happening to you. Quotes My thoughts It does not say which graphics card he ordered but I'm assuming that it was a 3060 or 2060 given this was in June and it was approx $530 US or $690 CDN. Also not sure which warehouse that he received this from but it does say Amazon Canada so given that this has happened a few other times to other people who ordered stuff from Amazon I imagine that it is a system wide issue for them, such as in the time that they give to solve cases, the amount they pay these employees and other reasons. It is a little crazy to expect that everyone is going to now need to make an unboxing video for themselves for high value small products. I also remember reading an article somewhere that talked about how the free returns were going to start to be a thing of the past, so this might be part of that, meaning that changes in the way returns staff take product back is making it more difficult to get proper service and highlight an issue. Also this is a huge credibility hit to Amazon, when a tech news story makes it outside of the tech news and lands on someone like CBC or NYT or CNN the company has problems, and it will take a long time to rebuild that goodwill. Sources https://www.cbc.ca/news/business/amazon-returns-1.6669601

Not SEC, it's FaceBooks investors, SEC did a lazy job of enforcement and these guys want them to redo it. But the story has to get traction and be true and have a competent person who picks it up at the SEC.

Summary Investors from a consortium of Facebook shareholders are suing the company over its unlawful gain in market power in a large lawsuit that was filed in Delaware. Some of the allegations are that FB had failed its 2012 consent decree, removed apps from its platform that didn't give it data, knew about the Cambridge Analytical Scandal but did nothing, paid the FTC $4.9B to protect the Zuck personally, insider trading occurred, among others. Quotes My thoughts If everything alleged to happen is true it would seem that everyone is now after Facebook and it is only a matter of time before heavy regulation is brought in and Zuck is ousted like Elon was at Tesla. Sources https://twitter.com/jason_kint/status/1440304941428473857 https://rfob.medium.com/exclusive-facebook-executives-sued-over-cambridge-analytica-scandal-254b1cbf6b3f

Summary Because the majority of the Apple supply chain originates from China, Apple has given into increasingly larger demands to the Chinese gov't. They include holding all the data in China, building a system to skirt American laws for data, building a datacentre in China that is managed by a third party, giving up control of the Chinese data to said third party, allowing Chinese gov't access to the data, removing the Made by Apple in California branding on the back of its phones, setting up a system to block specific apps based on Chinese gov't requests (in the 10 thousands), which includes any apps that are critical of the Communist gov't in China, and building a separate bureaucracy to monitor apps inside of Apple which in the past has fired employees when the Chinese gov't complains, weakening security keys for data storage, and handing over the encryption keys to Chinese data to Chinese authorities. This is in stark contrast to the behavior of Apple in the rest of the world. China accounts for 1/5th of all sales in Apple. Quotes My thoughts While it is not much of a surprise that this is happening, this hasn't been as well documented specifically for Apple in any other story. Without getting into political topics the amount of customization that is going on here is staggering. Given the volume of interference in other countries political and electoral affairs and state sponsored hacking that China does ongoing (like other big powers) it is a little surprising that Apple has given in the way that it has and shows how dependent on China Apple and other tech players have become. This is a little reminiscent of the whole Coca-cola / fanta thing that occurred during the second world war because of the bad optics of doing business in Germany during that time. Sources https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html

Summary Scientists have been working with diamonds to test to see if they can be stretched and state that the heat and electrical conductivity would make them an ideal fit for Quantum QBits and or photons. Quotes My thoughts The article leaves out several important details and items. For starters you will notice that the picture shows a scale of 500nm with the strands about half that matching it to about Pentium II level transistor size, they do state in the article that it was about 100nm which would put it somewhere in the Pentium III to Pentium M size. That begs the question as to how exactly they got the diamonds to that size, acid, high energy? Also, previously it was shown that diamonds were not exactly electrically as conductive as silicon as silicon is doped with either more or less electron atoms (N , and P type doping). This might just be purely for research purposes but given the current climate it would make sense for researchers to keep these details close to their chest as knowledge of a new way to manufacture chips would be quite valuable. I have many questions, forgot a few of them. Another thought, I'm assuming that they like the stretching component of the material because naturally under different heating conditions different parts of the chip will get hotter and others will be cooler. This was shown to be something that needs to be engineered for with the whole Nvidia 'bumpgate' controversy in 2009-2010 which ended up causing Apple and Nvidia to break up because Nvidia designed a sloppy GPU chip that would break the solder balls underneath the GPU with normal use. Sources Inverse Article - Sarah Wells 31DEC20 Reference: Nvidia Bumpgate

The pictures are from the submitted benchmark results as proof of their setup.

Summary Microsoft has settled a class action lawsuit with a total payout of $517M, with $400M going to consumers. To date 100K people have filed claims. Consumers who purchased: - Microsoft OS, and - Microsoft Office suite, - Dell computer is mentioned but it is not a requirement (the way the CBC article initially mentioned it it was misleading) Between: Dec. 23, 1998 and March 11, 2010. Can make a claim. This follows from similar issues that occurred in the US with DOJ. The documentation requirements for these claims will be mostly just a sworn statement as it is unlikely users will have all the documentation necessary. You have until Sept. 23, 2021 to file a claim. Quotes My thoughts This is mostly for tech people in Canada, also LMG staff as this applies to only Canadians. But it is noteworthy that the claim period goes back to 1998, as many of the viewers of this 'channel' were probably born around this period. Sources CBC Article

I mean I just purchased a 286, 386, 486, i960, Pentium, 5x86, K5, 6x86, and Trasmetta Crusoe.

Summary User ivanqu0208 from China overclocked a Intel Celeron D 347 to 8362.21 mhz with what looks like a paper cup and ln2, and a Asus P5E64 WS Professional motherboard. While he didn't achieve the world record for that processor nor absolute highest CPU overclock, it was an impressive effort. Quotes My thoughts With the given shortages of all things gaming processors, now might be the best time to browse on eBay and find some old hardware to try to overclock. Sources Gizmodo article HWBot Techspot

In a scathing report by the the Canberra-based Australian Strategic Policy Institute (ASPI) China is accused of using forced labour in factories that supply products from many different global brands. The report linked here: https://www.aspi.org.au/report/uyghurs-sale Details all of the brands that have components that have used forced labour: Tim Cook is even seen touring a factory that used forced Uighur labour for the iPhone 8 and X selfie camers on his Weibo profile attached to this post. The article details several case studies including: - Showing workers making sneakers for Nike where the workers were being actively monitored for anti Chinese ideology and behaviour - Where it showed that workers were transferred directly from re-education camps to factories to make products for Fila, Nike, Adidas, Puma and others - Where workers were expected to learn the Chinese way and acclimate to love the 'party' in factories that manufactured goods for GM, Apple, Lenovo, Sony, HP, Dell, Huawei, HTC, ASUS, Samsung, Acer, Amazon, LG, Microsoft, Oppo, and others. This is the Case study where Tim Cook was quoted as saying in a now deleted Apple Press Release: "Cook praised the company for its ‘humane approach towards employees’ during his visit to O-Film, asserting that workers seemed ‘able to gain growth at the company, and live happily." The article acquired it's sources from: https://www.theguardian.com/world/2020/mar/01/china-transferred-detained-uighurs-to-factories-used-by-global-brands-report The labourers have increasingly become a priority for China as: The report makes several recommendations including pointing out most importantly :

This topic was from a week ago, I was having technical difficulties. But in a CBS news piece the New Mexico attorney general states: The lawsuit details how Google used free chromebooks to spy on the behaviour of children through the Google for Education program. The AG is Hector Balderas, the same one who took on Google for the COPPA controversy. The verge (I know) summarizes the information that was being collected as follows: This is another reason why properly funding schools is much better than receiving handouts from corporations who always expect something in return for the 'gifts'. It is much better for schools to build their own PCs and acquire their own software. So make sure to donate your old tech to your local PC for schools charity! Here are the article sources: https://www.cbsnews.com/amp/news/google-education-spies-on-collects-data-on-millions-of-kids-alleges-lawsuit-new-mexico-attorney-general/ In this source you can find the actual suit filed: https://www.theverge.com/2020/2/20/21145698/google-student-privacy-lawsuit-education-schools-chromebooks-new-mexico-balderas