Dr. T's security brief
Daniel Tauritz
Satellite Security Lags Decades Behind the State of the Art
Ruhr-Universität Bochum (Germany)
Julia Weiler
July 11, 2023
Researchers at Germany's Ruhr University Bochum (RUB) and CISPA Helmholtz Center for Information Security found a profound lack of modern security concepts implemented in low-earth orbit (LEO) satellites. They examined three satellite systems and found they were missing security measures standard in modern cellphones and laptops, such as code and data separation. Software analysis revealed poor technical security could allow attackers to hijack the satellites by severing their ground control connection. RUB's Johannes Willbold said satellite developers' approach to security hinges on the lack of their systems' documentation. However, this does not make them any less vulnerable to attack methods like reverse engineering, added RUB's Moritz Schloegel.
HSBC Tests Quantum Tech to Guard Against Future Hacks
Bloomberg
Thomas Seal
July 4, 2023
U.K. bank HSBC Holdings will test a quantum key distribution system operated by U.K. telecom BT Group, the Amazon Web Services cloud, and Japanese technology company Toshiba. HSBC will deploy equipment to transmit test data 62 kilometers (38.5 miles) between its London headquarters and a datacenter in the county of Berkshire. The test will help the bank better analyze threats and formulate data-protection strategies, according to HSBC. The bank's Colin Bell explained, "As technology develops and current methods begin to be defeated, we have to make sure we have the most up-to-date robust encryption and security standards. Ultimately it becomes a 'when' question rather than an 'if' question—and hence why we are very pleased to take part in a trial like this."
*May Require Paid Registration
Security Experts Reflect On Benefits And Risks Of Generative AI
In a more than 3,100-word special report, SiliconANGLE 
(7/3, Gillin, Dotson) “posed a simple question to numerous security experts: Will artificial intelligence ultimately be of greater benefit to cyber criminals or those whose mission is to foil them?” According to SiliconANGLE, “Their responses ran the gamut from neutral to cautiously optimistic. Although most said AI will simply elevate the cat-and-mouse game that has characterized cybersecurity for years, there is some reason to hope that generative models can be of greater value to the defenders than the attackers.”
Facebook Loses Challenge In EU Court Over Data Privacy, Ads
The AP (7/4) reports Meta lost a legal challenge Tuesday in the EU’s top court “over a groundbreaking German antitrust decision that limited the way the company uses data for advertising.” The European Court of Justice “said competition watchdogs can consider whether companies like Facebook comply with the continent’s strict privacy rules, which are normally enforced by national data privacy regulators.” The court “ruled that antitrust authorities can take into account any violations of data privacy rules as they investigate whether tech giants are abusing their dominance in the market by boxing out competitors.”
Reuters (7/4, Chee) reports that the case centered on “a challenge by Meta after the German cartel office in 2019 ordered the social media giant to stop collecting users’ data without their consent, calling the practice an abuse of market power.” According to Reuters, at issue was “whether the German antitrust agency overstepped its authority by using its antitrust power to address data protection concerns, which are the remit of national data protection authorities.” In response to the ruling, a Meta spokesperson said, “We are evaluating the Court’s decision and will have more to say in due course.”
The New York Times (7/4, Satariano) reports the ruling “undercuts Meta’s business model, which relies on selling targeted advertising based on the massive amounts of data it gathers about its users” and “provides fresh momentum for supporters of tougher regulation of the world’s largest technology companies.”
Hacker Group Claims Responsibility For Sending Hoax Email About University Of Connecticut President’s Death
The AP (7/6) reports hacking group called “SiegedSec” has taken responsibility “for breaching the University of Connecticut’s network and sending an email to the community that claimed the school’s president had died.” The hoax email, sent on Wednesday, “went to everyone on the school’s undergraduate listserv informing students of the ‘Unfortunate Passing of Radenka Maric.’” The group claimed responsibility, and also “claimed responsibility for hacking government websites in several states that it said on its Telegram channel were targeted for acting to ban gender-affirming care.” In an “online chat interview with The Hartford Courant, a person claiming to be the group’s leader said the UConn break-in was not political.”
FCC Proposes $200M Investment To Boost K-12 Cybersecurity
K-12 Dive (7/13, Merod) reports Federal Communications Commission Chairwoman Jessica Rosenworcel “announced a proposal Wednesday to invest up to $200 million over three years to boost school and library cybersecurity. The move follows urgent calls for the FCC to update its E-rate program to cover advanced firewalls and other network security measures.” The announcement is part of Rosenworcel’s “recently launched Learn Without Limits initiative, which looks to modernize the E-rate program created in 1996 to help fund basic internet connectivity in schools and libraries.” The pilot “would fall under the Universal Service Fund and be separate from E-rate so ‘gains in enhanced cybersecurity don’t come at a cost of undermining E-Rate’s success in promoting digital equity,’ the FCC said.”