cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator - September 4th

Level 17

Had a great time at VMworld last week. I enjoyed speaking with everyone who stopped by the booth. My next event is THWACKcamp™! I've got a few more segments to film and then the show can begin. I hope to "see" all of you there in October.

As always, here are some links I hope you find interesting. Enjoy!

VMware Embarks on Its Crown Jewel’s Biggest Rearchitecture in a Decade

Some of the news from VMworld last week. Along with their support for most public clouds (sorry Oracle!), VMware is pivoting in an effort to stay relevant for the next five to eight years.

Google says hackers have put ‘monitoring implants’ in iPhones for years

The next time the hipster at the Genius Bar tries to tell me Apple cares about security, I'm going to slap him.

Amazon's doorbell camera Ring is working with police – and controlling what they say

This really does have "private surveillance state" written all over it.

Volocopter’s air taxi performs a test flight at Helsinki Airport

At first I thought this said velociraptor air taxi and now I want one of those, too.

Fraudsters deepfake CEO's voice to trick manager into transferring $243,000

Interesting attack vector with use of deepfake tech. Use this to raise awareness for similar scams, and consider updating company policies regarding money transfers.

About the Twitter CEO '@jack hack'

Good summary of what happened, and how to protect yourself from similar attacks not just on Twitter, but any platform that works in a similar manner.

Employees connect nuclear plant to the internet so they can mine cryptocurrency

What's the worst that could happen?

From the VMworldFest last week, a nice reminder that your documentation should be kept as simple and concise as possible:

beer.JPG

33 Comments
Level 14

Thanks for the links!  That CEO's voice fraud one is wild!  I foresee more attempts like this in the future. 

MVP
MVP

Had a great time at VMworld last week. I enjoyed speaking with everyone who stopped by the booth. My next event is THWACKcamp™! I've got a few more segments to film and then the show can begin. I hope to "see" all of you there in October. -

Level 16

pastedImage_0.png

I enjoy the convenience of shopping with Amazon but I don't think I will be using any of these cameras.

Level 12

good collection this week! much to think about.

My fingers are crossed for VMware's upgrade.  We rely heavily on VMware; I hope the new solution is reliable and secure right out of the gate.

Level 16

pastedImage_0.png

A few short years ago hobbyists were building their own remote control drones, now you can get a decent one for a few hundred bucks.

The technology is there so it's only a matter of time before they are making them large enough to ride in.... in a garage near you.

The age of the flying riding lawnmower is soon to come

Level 16

pastedImage_0.png

Nothing can go wrong here...

Level 12

I can't wait to see a Volocopter hit the wake turbulence from a departing A350.

Tricking someone into transferring nearly a quarter million dollars? It's serious but I find it funny. Any intelligent CEO who learns of this will create policies to prevent future incidents.

And giving Ring data to police then controlling what the police departments say? It's incredibly disturbing that any PD would accept this. I will never own a Ring after learning of this.

MVP
MVP

From the VMworldFest last week, a nice reminder that your documentation should be kept as simple and concise as possible: perfecto

Another mark against Apple, being vulnerable to such web sites.  Another check against Apple users who haven't secured their iPhones.

But it's not only Apple.  Androids, Unix, Linux . . .   all have their vulnerabilities, and none can overcome staying vulnerable due to clueless or lazy users.

Still, folks I know who read the Actuator story about Apple iOS are already shopping for non-Apple phones.  But will that story, and the many like it, impact Apple sales and stock value?  Apparently not.

Police Departments and Ring.  Another head-shaker.  Sure, surveillance is necessary when the value of a human life and the respect for others decreases.

But getting customers to promote a vendor's product, even endorse it, for cash or prize considerations?  It's often not good when an organization becomes beholden to a vendor, and has their decisions influenced by that vendor.  Next thing you know Ring and the police departments maybe become just like Thwack, influencing decisions and generating product testimonials with points redeemable for swag.

Let's keep it real.  It's hard to draw the line between the Ring-police example and any system that games companies and buyers of products if it influences their decisions.

Of course the big thing is the trust issue, isn't it?  I trust Thwack to get me the right info for Solarwinds configurations and products even as I trust the police to protect my family and me.  And there's the rub--I willingly and knowingly participate in Thwack and purchase SW products for the good of my network.  While Ring is suspected of influencing tax-payers' police protection for the benefit of Ring's bottom line.

There needs to be a hard and fast stop for this kind of behavior when it influences public funds and public protectors' decisions.

The prez of Twitter lost control of his account? 

There's a solution for that:  Don't use Twitter.

I wish that solution would occur to more folks.  It seems Tweets are the avenue of more angst and poor behavior than anything.  Particularly for those without good sense or great manners.

Imagine what would happen if good and responsible people left Twitter! 

Your comment "What's the worst that could happen?" is spot on, regarding using a nuclear energy plant's network for mining bit currency.

Your comment about bit currency mining through a nuclear energy plant's network was spot on.  Nicely called!

Personally, I'm not surprised at all at the iPhone news. It's one of the reasons why I steer away from Apple products. The more popular the brand and device, the more attractive it'll be to ne'er-do-wells who want to have an easy life by selling people's data.

On the PD & Ring: Anyone else see the parallels between the Ring/Police partnerships and the fictional CTOS (Central Operating Systems) from Watch Dogs? Tenuous, perhaps, but you could see it going that way if corporations really start to dig their tendrils in to public services.

The power plant thing is both funny and terrifying. I expect more sensitive architecture will be found to have been compromised in the pursuit of free money, and there is a lot of money to be had in crypto  mining.

Finally, the VISHING story, and deep fakes in general, are a real threat. Given the power social media has, if these become indistinguishable from reality, nothing said or seen can be taken on face value. Pretty worrying, when you think about how the big picture!

MVP
MVP

VMware Embarks on Its Crown Jewel’s Biggest Rearchitecture in a Decade - thanks for sending out the continuity of previous thread

MVP
MVP

Google says hackers have put ‘monitoring implants’ in iPhones for years - sounds bad

MVP
MVP

Amazon's doorbell camera Ring is working with police – and controlling what they say - WoW

MVP
MVP

Volocopter’s air taxi performs a test flight at Helsinki Airport - Cool

MVP
MVP

Fraudsters deepfake CEO's voice to trick manager into transferring $243,000

MVP
MVP

About the Twitter CEO '@jack hack' - Hmm

MVP
MVP

Employees connect nuclear plant to the internet so they can mine cryptocurrency - another terrible thing to do.

Level 13

As always, thanks for a bunch of great links sqlrockstar​!

What could possibly go wrong with using assets at a nuclear power plant to mine cryptocurrency?  Wow.

I knew they could do the deep fake stuff, but I had no idea it could be done more or less real time.  Pretty scary.

Level 13

Tbh now I've looked into the website hack it actually affect all mobile operating systems and not just iPhone. It was chosen by Google to only mention that iPhone were affected. Suspicious seeing as the new Pixel is out soon as is the new iPhone.

Its really disappointing to see either Project Zero or Google hiding information around this. It has also turned out it was targeting Muslim websites running in China and was a Chinese Government funded hack to target those individuals.

The moment they wouldn't say if it affected other devices then iPhones, which nation the attacks came from or what websites were affected, screams purposefully hiding information for personal gain.

Like you say ALL devices are at risk, ALL of the time. No device is ever "secure", it just might be harder to get into but they will never be 100% secure. Especially when a user sits on the device, seeing as most compromises come from user error.

Also the real nail in the coffin for me is that "Google said it had reported the security issues to Apple on 1 February. Apple then released an operating system update which fixed the flaws on 7 February." So Apple patched it in 7 days, a very quick turn around. Far quicker then any fragmented Android release could achieve. So why bring it up now, on the eve of a new iPhone release? Yes its all true that iPhone had a big, all be it very hard to exploit flaw but the timing sadly screams sales tactic and purposeful mis-information, which is poor form on a supposedly impartial group.

Level 12

I am not surprised that Google would misrepresent this. They don't want to admit their own phones were compromised right before a release.

Thanks for the additional information. 

When we understand and accept that " No device is ever "secure", it just might be harder to get into but they will never be 100% secure," what does that say about us?

We all want secure communications.  But when we can't have them, we accept that knowledge and complacently continue on using the insecure technology--because we've grown addicted to the constant social and news and advertising inputs--we surely demonstrate our lack of practicality.

It's as if our common sense has died.

Dropping the use of insecure tech globally would solve the issue, and vendors would be shaken seriously, and stirred.  But we realize this would come at the cost of serious disruption--even financial loss to ourselves.  Worse, it would be inconvenient.

So we continue using the insecure tech.  We do nothing to correct the social environment and morals that cause misbehavior resulting in hacking and theft.

It's disappointing to be part of the problem, to never say "If my cell phone and if computer communications are vulnerable, I won't use them again until they ARE secure."

But to do anything else is to accept defeat without caring about being defeated.

Level 14

But Apple were already accessing your data (allegedly). 

Level 14

How secure are they.  Would a hacker be able to access the system and prevent it alerting the homeowner when their mates turned up to rob the place.

Level 14

I want one.  Somehow I'll convince the bosses to create a helipad on the roof and my morning commute will become a lot easier.

Level 14

I don't know any company that would transfer money on the basis of a phone call.  There would be processes and procedures in place to stop any form of rapid payment.  It all helps cashflow and gives extra interest payments (and is morally wrong but most companies do it).

Level 14

Makes me really happy that I have never used twitter.  To be fair I barely use SMS.    

Level 14

Crypto mining.  Well I guess they shouldn't run out of power.  What gave it away.  The reactors spinning up to 105% (Hunt for Red October).

Level 14

Now that is probably the best sign in the world (see what I did there).

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.