shift change 01-11-2024

Welcome to your shift change, reports from the off-going watch to the oncoming on anything interesting in privacy, security, or intelligence.

Me, at any opportunity.

1. ExTwitter blames the SEC’s account takeover on the SEC not using multi-factor authentication.

This should be embarrassing for everyone involved, but it’s the US government so I don’t expect anything to happen. Maybe a blue ribbon commission on something an older blue ribbon commission already commissioned…say, when did MFA become a requirement for federal government accounts? November 8, 2021. Oh, good grief, it takes less than 5 minutes, SEC, way less time than filling out an 8K!

2. Kentucky looks to join Illinois as a bastion for biometric privacy, fingers-crossed.

A citizen with a private right of action returning to their home with an expectation of privacy they can enforce.

Highlights are: two bills, one addressing the variety of ways the government has to intrude on your privacy (drone surveillance and license plate readers, but also physical surveillance cameras at public utilities,) and a second with a private right of action for collecting biometric data about you without your prior written consent (just like Illinois!).

And look, the Kentucky Attorney General can also enforce the rights afforded the people in the statute, but the people are not left high and dry if the AG does not agree that a harm occurred or that the law can provide relief. Your rights should never be solely in the hands of a political actor, private right of action—hooray.

3. Chinese electronic warfare researchers are working on backup radar detection systems if their primary capabilities are knocked out, by using the entire environment of radar signals to draw well informed inferences.

Matt just needs some basic equipment and for all your ships to move slow enough.

The tech does have some limitations though:

"Our system works well for slow-moving targets at sea," explained the researchers…

4. Mirai is still going strong, now infecting bots with cryptominers, please stop using Telnet.

Live look at all those unsecured IoT devices.

Other than dropping a miner, the news here is the technique to prevent a well known threat from being detected:

NoaBot uses a novel technique to prevent such detection. Instead of delivering the configuration settings through a command line, the botnet stores the settings in encrypted or obfuscated form and decrypts them only after XMRig is loaded into memory. The botnet then replaces the internal variable that normally would hold the command line configuration settings and passes control to the XMRig source code.

The story notes the threat actors may be done with that miner, but the stay-but-adapt power of Mirai is not going anywhere, turn off Telnet and lock down your internet-of-things devices unless you want them to be someone else’s internet-of-thing devices.

## The shift change is a collection of timely stories of interest in the security, privacy, and intelligence worlds. Thanks for reading, and feel free to reach out to will@signaltonoise.fyi for any questions, comments, or thoughts on items you’d like to see highlighted.