Security News for the Week Ending October 15, 2021
Microsoft Investigating Multiple Windows 11 Issues
While some of the issues are not fatal, others like a memory leak in File Manager that can only be recovered from by rebooting are more of a problem. I recommend waiting for a month or two in order for other users to detect more bugs. Credit: Bleeping Computer
Feds Arrest Nuke Navy Engineer for Selling Nuke Secrets to Foreign Power
A Navy nuclear engineer stole restricted data for a Virginia class nuclear submarine and tried to sell it to a foreign power. For whatever reason, the person that he contacted in the unnamed country shared his letter with the FBI. They strung him along for a while as he made several dead drops of data and they paid him cryptocurrency until they arrested him last week. He was able to smuggle the documents out past security, which just shows how hard it is to actually secure against a determined adversary. Credit: The Register
An unintended Consequence of Covid Vaccine Passports
The UK is one place where vaccine passports are required. The app that runs on people’s phones is managed by the National Health Service or NHS. The app has a barcode that security at the airport can use to check a passenger’s vaccine status. No proof of vaccine or negative Covid test and you can’t get on that plane. Which is great until the app’s backend database crashes like it did today. For about 4 hours. Heathrow came to a standstill. One journalist reported that she was offered a later flight for a 250 Pound fee. Oh, yeah, and she would need to take and pay for a rapid Covid test for another 119 Pounds. She opted not to fly. Another passenger tried using his paper vaccine card, but security would not accept it. The app has an offline mode or you could screenshot the barcode, but those only work if the app is running. Unintended consequences. Credit: BBC
Treasury Links $5 Billion in Bitcoin to Ransomware
The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has done some trolling on the Bitcoin blockchain. Anyone who thinks that bitcoin is anonymous does not understand how that works. They identified Bitcoin wallet addresses after analyzing suspicious activity reports (SARs) that banks send in. This has nothing to do with actually recovering any money. If they put those wallets on the banned list then the hackers will create new wallets (which they should be doing anyway to make things harder to track). It is probably a good thing for them to do because a lot of crooks are stupid and those are the ones that they might catch out of this. Credit: Bleeping Computer
Fallout From the Epik Hack
Epik, as I reported earlier, is a domain registrar that is kind of a last resort for people who can’t get another registrar to manage their domain – along with many vanilla domains. Epik supports a number of conspiracy theory and alt-right domains because they say that they are neutral in the battle. As a result of being hacked, a lot of data which people would like to remain private became public. As a result of that, people are being fired and businesses are losing customers. One person, who’s information was disclosed, continued the conspiracy theory tactic and said that the data was easily falsiable (who did this – Epik or the hackers – and why?), that he was the possible victim of extortion and the newspaper that reported the information was “fake news”. Possible, but that is likely not going to help some people who get outed. Credit: The Washington Post