Toots for thegrugq@infosec.exchange account

Accessing sensitive data will require biometric authentication on an iOS device, not just the unlocked device. This renders stealing the passcode less useful for thieves.

This configuration is, interestingly enough, the security setup that is recommended for mobile devices used on the Ukrainian front lines. Unlock the device with a passcode, but each application (that supports it) has to be individually unlocked with biometrics. This prevents the enemy from abusing access to a device recovered from the battlefield.

Innovation from the intense security environment of the Russo-Ukraine war makes its way into consumer devices!

https://www.theverge.com/2023/12/12/23998665/apple-stolen-device-protection-face-touch-id-icloud-account-vulnerability-ios-17-3-beta

=> More informations about this toot | View the thread

Written by the grugq on 2023-12-12 at 20:19

Initial Thoughts on the Kyivstar Hack

https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/

In some ways this looks like a destructive attack similar to the VIASAT hack at the start of the war. But it differs in far more significant ways.

In similarities, the hack has some military implications: firstly a lot of air raid warning systems are now offline, and secondly a lot of Ukrainian military communications is done over mobile phone.

The attack won’t be as damaging to military communications as the VIASAT hack. Ukraine’s mobile telecommunications systems have been configured for increased resilience to disruption.

The three carriers all accept customers from other networks so if there is any signal from any network at all, people can make phone calls and get internet.

That said, Kyivstar is the top carrier in Ukraine. It has 26m subscribers, almost as much as the other two carriers (Vodafone 19m, and Lifecell 9m) combined.

Disrupting Kyivstar means 50% of mobile subscribers lose their main carrier. Half of the country’s mobile telephony infrastructure is offline. This will cause congestion and overloading on the remaining carriers’ networks.

This sort of attack shapes the battle space and creates conditions that can be exploited. For example, I would think that the front lines and the ISR (intelligence, surveillance, reconnaissance) drone operators will have less bandwidth to communicate with artillery and other support elements. This will decrease their operational capacity and reduce their defensive capabilities.

It isn’t clear yet whether this attack was coordinated with any other actions. I would expect some attempt to exploit this, otherwise it is just adding friction to daily life for a short time. Unpleasant, but not strategically significant.

Maybe they are literally just trying to make people’s lives miserable?

It is worth keeping an eye out to see if there are further attacks on telcos. Taking down all of the telecom providers would be an effective attack. Sure, mobile internet isn’t the critical component of military communications… but it is damn hard to run a modern war without a data link.

=> More informations about this toot | View the thread

Written by the grugq on 2023-12-07 at 07:51

What is “Streisand effect” in Hindi?

https://hachyderm.io/@BenjaminHCCarr/111535801364951454

=> More informations about this toot | View the thread

Written by the grugq on 2023-11-05 at 16:38

https://www.youtube.com/watch?v=Lw1n6YihwUY

Head of Ukraine SBU cyber operations discusses cyber warfare between Russia and Ukraine.

=> More informations about this toot | View the thread

=> This profile with reblog | Go to thegrugq@infosec.exchange account

Proxy Information

Original URL: gemini://mastogem.picasoft.net/profile/109285061158066651
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 427.937236 milliseconds
Gemini-to-HTML Time: 3.45841 milliseconds

This content has been proxied by September (ba2dc).