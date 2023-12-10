Security Leftovers
Axios ☛ Apple report finds steep increase in data breaches, ransomware [Ed: Microsoft's Ina Fried as Apple megaphone]
Data breaches and ransomware attacks are getting worse. Some 2.6 billion personal records have been exposed in data breaches over the past two years and that number continues to grow, according to a new report commissioned by Apple.
Why it matters: Apple says the escalating intrusions, combined with increases in ransomware means the tech industry needs to move toward greater use of encryption.
Mobile Systems/Mobile Applications
Food & Wine ☛ An Influencer Ended Up With $60,000 of Shrimp and Squid at Lunch, and It's Kind of Her Fault
Even though the photo was only shared with her WeChat friends list and not the entire social network, someone — or a lot of someones — used that QR code to add a ridiculous amount of food to her order. Wang was absolutely shocked to learn that “her” meal soon included 1,850 orders of duck blood, 2,580 orders of squid, and an absolutely bonkers 9,990 orders of shrimp paste. According to the South China Morning Post, Wang didn’t know what she’d accidentally done until a member of the restaurant’s staff stopped by her table to confirm her CN¥430,000 ($60,400) order.
Confidentiality
Simon Josefsson ☛ Classic McEliece goes to IETF and OpenSSH
The foundation for lattice-based post-quantum algorithms has some uncertainty around it, and I have felt that there is more to the post-quantum story than adding sntrup761 to implementations. Classic McEliece has been mentioned to me a couple of times, and I took some time to learn it and did a cut’n’paste job of the proposed ISO standard and published draft-josefsson-mceliece in the IETF to make the algorithm easily available to the IETF community. A high-quality implementation of Classic McEliece has been published as libmceliece and I’ve been supporting the work of Jan Mojžíš to package libmceliece for Debian, alas it has been stuck in the ftp-master NEW queue for manual review for over two months. The pre-dependencies librandombytes and libcpucycles are available in Debian already.
Windows TCO
Security Week ☛ Russian APT Used Zero-Click Outlook Exploit
Tracked as CVE-2023-23397, the vulnerability was patched in March 2023, when Microsoft warned that it had already been exploited in the wild. A bypass for the patch, tracked as CVE-2023-29324, was fixed in May.
Rated ‘critical severity’, CVE-2023-23397 can be triggered via crafted email messages, with exploitation occurring before the email is viewed in the Preview Pane.
Quartz ☛ AI in Focus: Gemini has entered the chat
We pitted Google’s Gemini (via Bard) against OpenAI’s ChatGPT 4 in a highly unscientific three-round challenge.
