cybersecurity (4)

'Teleporting' Images...

12344019066?profile=RESIZE_584x

High-dimensional quantum transport enabled by nonlinear detection. In our concept, information is encoded on a coherent source and overlapped with a single photon from an entangled pair in a nonlinear crystal for up-conversion by sum frequency generation, the latter acting as a nonlinear spatial mode detector. The bright source is necessary to achieve the efficiency required for nonlinear detection. Information and photons flow in opposite directions: one of [the] Bob’s entangled photons is sent to Alice and has no information, while a measurement on the other in coincidence with the upconverted photon establishes the transport of information across the quantum link. Alice need not know this information for the process to work, while the nonlinearity allows the state to be arbitrary and unknown dimension and basis. Credit: Nature Communications (2023). DOI: 10.1038/s41467-023-43949-x

Topics: Applied Physics, Computer Science, Cryptography, Cybersecurity, Quantum Computers, Quantum Mechanics, Quantum Optics

Nature Communications published research by an international team from Wits and ICFO- The Institute of Photonic Sciences, which demonstrates the teleportation-like transport of "patterns" of light—this is the first approach that can transport images across a network without physically sending the image and a crucial step towards realizing a quantum network for high-dimensional entangled states.

Quantum communication over long distances is integral to information security and has been demonstrated with two-dimensional states (qubits) over very long distances between satellites. This may seem enough if we compare it with its classical counterpart, i.e., sending bits that can be encoded in 1s (signal) and 0s (no signal), one at a time.

However, quantum optics allow us to increase the alphabet and to securely describe more complex systems in a single shot, such as a unique fingerprint or a face.

"Traditionally, two communicating parties physically send the information from one to the other, even in the quantum realm," says Prof. Andrew Forbes, the lead PI from Wits University.

"Now, it is possible to teleport information so that it never physically travels across the connection—a 'Star Trek' technology made real." Unfortunately, teleportation has so far only been demonstrated with three-dimensional states (imagine a three-pixel image); therefore, additional entangled photons are needed to reach higher dimensions.

'Teleporting' images across a network securely using only light, Wits University, Phys.org.

Read more…

Zero Days...

11019670494?profile=RESIZE_710x

Image Source: Tech Target

Topics: Computer Science, Cryptography, Cybersecurity, Spyware

Spyware vendors are exploiting zero days and known vulnerabilities in Android, iOS, and Chrome, sparking an increase in "dangerous hacking tools," warned Google's Threat Analysis Group.

In a blog post on Wednesday, Clement Lecigne, a security engineer at Google, detailed two recent campaigns that TAG discovered to be "both limited and highly targeted." The campaigns leveraged zero-day exploits alongside known vulnerabilities, or N days, against unpatched devices on widely used platforms.

In addition to emphasizing an ongoing patching problem, Google said the threat activity showed just how prevalent spyware vendors have become and the dangers they present, especially when wielding zero days.

"These campaigns are a reminder that the commercial spyware industry continues to thrive," Lecigne wrote in the blog post.

TAG currently tracks more than 30 commercial surveillance vendors that sell exploits or spyware programs to various governments and nation-state threat groups. While Google acknowledged spyware use might be legal under national or international laws, such tools have historically been used against targets such as government officials, journalists, political dissidents, and human rights activists. For example, in 2018, NSO Group's Pegasus spyware was linked to the death of journalist Jamal Khashoggi, who was killed by Saudi government agents in 2018 after being surveilled and tracked via his mobile phone.

While spyware has been used to track high-value targets in the past, Lecigne warned vendors that access to zero days and N days poses an even broader threat.

"Even smaller surveillance vendors have access to 0-days, and vendors stockpiling and using 0-day vulnerabilities in secret pose a severe risk to the internet," Lecigne wrote. "These campaigns may also indicate that exploits and techniques are being shared between surveillance vendors, enabling the proliferation of dangerous hacking tools."

Google: Spyware vendors exploiting iOS, Android zero days, Arielle Waldman, Tech Target News Writer

Read more…

QAOA and Privacy…

10928256657?profile=RESIZE_710x

A quantum computer at IBM’s Thomas J. Watson Research Center.

Credit: Connie Zhou for IBM

Topics: Computer Science, Cryptography, Cybersecurity, Quantum Computer

A team of researchers in China has unveiled a technique that — theoretically — could crack the most commonly used types of digital privacy using a rudimentary quantum computer.

The technique worked in a small-scale demonstration, the researchers report, but other experts are skeptical that the procedure could scale up to beat ordinary computers at the task. Still, they Are quantum computers about to break online privacy. Davide Castelvecchi, Naturewarn that the paper, posted late last month on the arXiv repository1, is a reminder of the vulnerability of online privacy.

Quantum computers are known to be a potential threat to current encryption systems. However, the technology is still in its infancy, and researchers typically estimate that it will be many years until it can be faster than ordinary computers at cracking cryptographic keys.

Researchers realized in the 1990s that quantum computers could exploit peculiarities of physics to perform tasks that seem to be beyond the reach of ‘classical’ computers. Peter Shor, a mathematician now at the Massachusetts Institute of Technology in Cambridge, showed in 19942 how to apply the phenomena of quantum superposition and interference to factoring integer numbers into primes — the integers that cannot be further divided without a remainder.

Are quantum computers about to break online privacy? Davide Castelvecchi, Nature

Read more…

Shields Up...

10390341690?profile=RESIZE_710x

Ukraine foils Russia-backed cyberattack on the power grid, The Statesman

Topics: Civics, Civil Rights, Cybersecurity, Existentialism, Fascism

Summary

This joint Cybersecurity Advisory (CSA)—coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE)—provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 and targeted the U.S. and international Energy Sector organizations. CISA, the FBI, and DOE responded to these campaigns with appropriate action in and around the time that they occurred. CISA, the FBI, and DOE are sharing this information in order to highlight historical tactics, techniques, and procedures (TTPs) used by adversaries to target U.S. and international Energy Sector organizations.

On March 24, 2022, the U.S. Department of Justice unsealed indictments of three Russian Federal Security Service (FSB) officers and a Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) employee for their involvement in the following intrusion campaigns against the U.S. and international oil refineries, nuclear facilities, and energy companies.[1]

  • Global Energy Sector Intrusion Campaign, 2011 to 2018: the FSB conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data. 
    • One of the indicted FSB officers was involved in campaign activity that involved deploying Havex malware to victim networks. 
    • The other two indicted FSB officers were involved in activity targeting U.S. Energy Sector networks from 2016 through 2018.
  • Compromise of Middle East-based Energy Sector organization with TRITON Malware, 2017: Russian cyber actors with ties to the TsNIIKhM gained access to and leveraged TRITON (also known as HatMan) malware to manipulate a foreign oil refinery’s ICS controllers. TRITON was designed to specifically target Schneider Electric’s Triconex Tricon safety systems and is capable of disrupting those systems. Schneider Electric has issued a patch to mitigate the risk of the TRITON malware’s attack vector; however, network defenders should install the patch and remain vigilant against these threat actors’ TTPs.
    • The indicted TsNIIKhM cyber actor is charged with an attempt to access U.S.-protected computer networks and to cause damage to an energy facility.
    • The indicted TsNIIKhM cyber actor was a co-conspirator in the deployment of the TRITON malware in 2017.

Alert (AA22-083A)

Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector, Cybersecurity & Infrastructure Security Agency (CISA)

So the warning by CISA has some connotations we should think about. Since Nexflix bailed on Russia, they could block streaming services and retaliate rather petty. Another is infrastructure such as public utilities. Yeah, getting your AC turned off when it's in the eighties outside sucks, but a hospital getting its power cut during an emergency operation, an episiotomy or sinus surgery can cost lives that otherwise wouldn't be affected. It would affect water and utilities, access to ATMs, and Wall Street trading. Any attack is a move of desperation, not "strength." Any rat trapped in a corner will strike back, even with its last breath. Sean Hannity tried to give Mango Mussolini a layup question that he couldn't answer: "is Putin evil?" After bodies stacked like Hurricane Katrina victims, a plethora of war crimes that would embarrass HITLER, he still can't form his puckered mouth, which strangely looks like an anus, to criticize his handler; he is still the lapdog of a KGB spymaster. I doubt it has anything to do with pee tapes: it's darker than that. He wants to BE Putin, he wants America to be Russia. He wants Jeff Bezos to bow to him on the floor of the New York Stock Exchange in parody to 2 Thessalonians 2:4. Here is a failed businessman, a serial bankruptcy artist, a short-fingered vulgarian whose college professor stated he was the "dumbest student he EVER had," using more colorful metaphors. He takes a gig as host of a reality show to pay just enough of his crumbling life expenses to keep up the facade, and never admitted to himself that whatever his father had, he never had, and never will have. A person like that constructs fantasies because reality, "real reality," is too harsh for malignant narcissists. "Great again" in a sick mind is a dystopian nightmare to the sane rest of us, unless you're QAnon while reading this.

I think of Edward Snowden at this time. He's probably a valuable asset to Vladimir Putin and the GRU, despite his rock star status in exposing corruption: he broke the law and fled the country before it could prosecute him. Funny how he ends up in Russia; funny how the malware the GRU started using in 2016 suddenly "sprang up" spontaneously. I'm surprised no one is discussing this as a possibility. If you look at the link that I've provided, he boasted a top salary of $200,000 working at the NSA, as he put it, as a "computer Guru," without the benefit of a college degree. His paint job and privilege greased the skids to his ascension in the intelligence community (an oxymoron if there ever was one) and his six-figure salary. One thinks of the idioms "blowback" and "chicken's coming home to roost" the second made famous first by Chaucer of The Canterberry Tales before Malcolm X used the idiom to comment on President Kennedy's demise.

As Ukraine goes further in the crapper for the Russian bear, and Putin gets desperate to pull off a "win" in time for the May 9th festivities (the Soviet victory over Nazi Germany in WWII), cyber warfare is his best option to damage, deter the West, and save "face" at home. Moscow's Flagship sunk: either from Ukrainian armaments, or Russian naval incompetence. Social media is making it difficult to blame the "special military operation" on ghost Nazis. Since American billionaires hide their money in the Caymans, and Russian oligarchs (tomato, to-MAH-toe) hide their grand theft in western countries, "nuking the joint" just because you're pissed at looking bad doesn't make financial sense. Neither does the use of chemical weapons because the optics of killing babies in a majority white country can't endear you to the crowd that thinks white people are being "replaced." Free trade after Ukraine is going to have a cost for Vladimir: it's not going to be free, and like Finland and Sweden considering NATO membership, he may have sparked a global "Green New Deal" revolution that mere logic, and the absolutely sane desire to save the planet couldn't. The veneer of invincibility so-called strongmen like to exude can't be as shiny as it was when W "looked into his eyes, and saw his soul." At least the 46th president called "malarky" on that google-eyed tyrant worship, proto the fascism the right is exhibiting daily.

CPAC stands for "conservative political action committee," and the action you would THINK they would like to be politically responsible for is the election of conservative lawmakers to enact a platform and state an agenda. As of 2020, there is none, except supporting the American Orange Fuhrer. CPAC is meeting in Hungary, home of authoritarian leader Viktor Orbán, who has packed the courts, squelched the news down to a cheerleading outlet, attacked the LGBT in his country (guilty of the crime of EXISTING), rigged elections to where he cannot lose, demonized minorities and added to that antisemitism. Just the kind of country American Conservatives cum fascists (prior to WWII, there was a German American Bund that openly supported Hitler and the Nazis) would love to form in the US.

The Growth and Opportunity Project stated things that the right has thus far refused to do: change, evolve, give up the "Southern Strategy," start sounding less racist and appeal to more minorities, and young people. In other words, a functional political party would have taken the 2012 election loss as a wake-up call to course-correct.

What we are currently experiencing isn't a functional party. The party went from GOP to INGSOC, from Mitt Romney to a Boy From Brazil that had a copy of Hitler's speeches on his nightstand, that he obviously read. What he leads is more a Congress of sociopaths, people fearful of the changes their hubris wouldn't let them make. The percentage of black republicans has dwindled steadily since the 2000 RNC convention, but the New York Times managed to cobble a few together to make a point that fascists somehow have "inroads" with the African American community after Associate-Designate Supreme Court Justice Ketanji Brown-Jackson survived what amounted to a Klan coven. Yeah: inroads.

If the DNC isn't making attack ads with the material the insurrection party gave during her marathon, disrespectful confirmation hearings, it amounts to bringing a butter knife to a bazooka fight. It is political malpractice. Batman doesn't negotiate with the Joker: he pummels him and sends him back to Arkham. He does it as many times as necessary.

Racists could care less about diversity, equity, and inclusion, and fascists ONLY care about their "superiority" and making sure the necks they stamp on never shift from their places. Put on your flack jackets and gear up for piles of manure dressed up as political discourse. Get ready for malware blackouts and excuses that this direct attack on our homeland is somehow "our fault" because a psychopath believed his yes men, and got out over his skis. Like Dumbo Gambino, we're finding out the "stable geniuses" are all flatulence and hype.

In the words of Star Trek (any version): "red alert. Shields up!"

 

 

 

Read more…