The mother of all breaches

SecurityDiscovery.com and Cybernews have jointly found the largest collection of hacked credentials ever discovered. Containing over 2,500 data breaches with 15 billion records, this is a new record. As it contains multiple breached one must assume there will by duplicates.  

This comes only a week after Techspot discovered over 71 million credentials and 25 million never-before-seen passwords.

Ethereum Block Chains “Hacked”

The February issue of MIT Technology Review reviews a 51% attack on Ethereum Classic. The article also covers similar attacks on lower value crypto currencies and its progress to now attacking top 20 currencies. Also covered (again) are the current issues with Smart Contracts.
These issues represent the Damocles sword of Crypto Currencies, the openness of its approach is also its biggest weakness.

Apple HW can still be hacked

As you may remember the introduction of Apple’s M1 CPU’s there was a lot of discussion on the inclusion of the T2 chip and its impacts on upgrades and 3rd party HW. As highlighted in the article on Tom’s hardware, with some effort the RAM and HD’s in the apple Mac Mini with M1 you can (with nerves of steel) desolder both and replace them without issues.
I wonder how long before Apple blocks this?

More infrastructure hacking

An article on Arstechnica cover the case and prosecution of an ex-employee on: “In late March 2019, Wednesday’s indictment said, Post Rock experienced a remote intrusion to its computer system that resulted in the shutdown of the facility’s processes for ensuring water is safe to drink.”

Was discovered accidentally, could have contaminated the water supply to 1,500 retail customers and 10 wholesale customers in eight Kansas counties

Can IOT learn from History?

As the world keeps on getting excited with IOT and the security (or lack thereof) is getting a lot of attention. Karl Marx famously stated that “History repeats itself, first as a tragedy, second as a farce” so a look at the same issues in current infrastructures such as remote terminal units (RTU) Programmable logic controller (PLC) and the latest discovery with the Ovarro RTU proves that the history like Stuxnet is an relevant exaple of the problems IOT will face.

Total Return Swaps and Archegos

Another example of the impact of the risks of synthetic trades on futures backfired spectacularly last week. A private hedge fund Archegos Capital Management (website currently down) defaulted on a series of Total Return Swap deals on ViacomCBS (among others) forcing a liquidation of shares and a subsequent couple of trading days. The scale of the default is still not known, but major financial institutions have issued loss warnings that are assumed is an outcome of the issue. As always: highly hedges give you profit if you’re good and major disasters if you don’t. For those old enough: Remember LTCM.

Update: A paywalled article from Wall Street Journal on the market impacts

How safe is NFT?

The latest bit coin (actually Ethereum)  craze to emerge is Non-fungible token or NFT’s, Simply put its’s an digital ledger containing digital assets, mostly art as digital: I.E. a ledger where the “rights” to the content is owned by you as a transferable asset. Several high value transactions are in the news such as Beeple and DJ3LAU recently, NFT’s are not as straight forwards as people think. An interesting article shows the ins and outs of buying and owning (or not) of FCC’s on Motherboard highlights some of the problems with this.

More fun with Exchange

As you may already know a series of 0-day bugs have been discovered recently and are actively used by hackers globally. First used by a Chinese hacking crew Hafnium it has evolved into a bigger problem. Paul Kerbs has a nice timeline on this. Microsoft has now launched a one-click solution for admins that have not implemented the already released patches:  CVE-2021-26855CVE-2021-26857CVE-2021-26858CVE-2021-27065,

MS ION: Decentralized Identifiers (DIDs)

Microsoft just made public the details on their DID implementation, ION, as their part of the drive towards decentralised Layre 2 authentication and control.

“We are excited to share that v1 of ION is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well”