Marcel Brown: October 10th, 1980. Namco officially transfers rights to Midway for distribution of the games Pac-Man and Rally-X in North America. While the exact date that Pac-Man started shipping to arcades in North America is currently unknown, most sources cite October of 1980.

Edwin Kwan: A new Linux vulnerability, known as the Looney Tunables, impacts most Linux distributions and allows attackers to gain administrative root privileges.

Katy Craig:  In the midst of ongoing clashes between Hamas and the Israel Defense Forces, hacktivist groups have entered the digital battleground.  Cybersecurity experts warn of the growing involvement of threat actor groups in digital attacks on government websites and IT systems.

Ian Garret:    Is this the beginning of the end of passwords as we know them? Google has made the move to make passkeys the default sign-in option for personal Google accounts, simplifying the login process and enhancing security.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Linux Distributions Vulnerable to Looney Tunables

A new Linux vulnerability, known as the Looney Tunables, impacts most Linux distributions and allows attackers to gain administrative root privileges.

This is Edwin Kwan from Sydney, Australia.

The vulnerability, discovered by security researchers, is due to a weakness in the GNU C library’s ld.so dynamic loader. The library is in most Linux kernel-based systems and it provides essential functionality and is necessary for typical program execution. That library has a buffer overflow weakness that can be fairly easily exploited by attackers or malicious software to gain root access and take over the machine.

The flaw was introduced in April 2021, and security researchers had successfully exploited the vulnerability on major distributions like Fedora, Ubuntu, and Debian. It should be noted that in order to exploit this vulnerability and get root access, attackers will first need to have local user access. The security team, which disclosed the vulnerability, is withholding the exploit code for now, and urging all admins to patch their systems to keep them secure.

Resources
– Red Hat: https://access.redhat.com/security/cve/CVE-2023-4911
– Qualys: https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so#potential-impact-of-looney-tunables
– The Register: https://www.theregister.com/2023/10/04/linux_looney_tunables_bug/
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/new-looney-tunables-linux-bug-gives-root-on-major-distros/

 

Katy Craig
Hactivists Enter the Middle-East Fray

In the midst of ongoing clashes between Hamas and the Israel Defense Forces, hacktivist groups have entered the digital battleground.

This is Katy Craig in San Diego, California.

Notably, the infamous Killnet, a Russian hacker group, claimed responsibility for an attack on the Israeli government’s website, blaming them for supporting a terrorist regime in Ukraine. Killnet clarified that their target is the regime, not ordinary citizens, pledging not to attack critical infrastructure on either side.

Anonymous Sudan, which is neither anonymous nor Sudanese, believed rather to be a Russian hacktivist group, has aligned with Hamas and Killnet launching cyberattacks, including on the Jerusalem Post’s website. They claimed to have targeted Israel’s Iron Dome and Alert applications.

Meanwhile, pro -Israeli hacktivists have also been active. The official Hamas website was taken down reportedly by Indian hackers, and a group in Pakistan claimed responsibility for hacking an Israeli hydroelectric power plant.

As the conflict between Israel and Hamas escalates, cybersecurity experts warn of the growing involvement of threat actor groups in digital attacks on government websites and IT systems, further complicating the situation.

This is Katy Craig. Stay safe out there.

Resources
– CyberNews: https://cybernews.com/news/israel-palestine-hamas-cyber-attack-hacking-killnet/

 

Ian Garrett
Google Helps Drive the End of Passwords

Is this the beginning of the end of passwords as we know them? Google has made the move to make passkeys the default sign-in option for personal Google accounts, simplifying the login process and enhancing security.

Hey folks, this is Ian Garrett in Arlington, Virginia.

Google recently announced that passkeys are now the default sign-in option for personal Google accounts across its services and platforms. This move aims to streamline the sign-in process and improve security.

Passkeys are tied to specific devices like computers, tablets, and smartphones that are registered with a user’s account. Once set up, users can sign into their Google accounts without the need for traditional passwords or two-step verification.

Passkeys offer enhanced security and convenience by allowing the use of biometric sensors, pins, hardware security keys, or screen lock patterns for authentication. Using passkeys significantly reduces the risk of data breaches and phishing attacks, as they cannot be exploited to hijack accounts. Passkeys also eliminate the need to remember and manage passwords, making the sign-in process both more secure and user-friendly.

Passkeys are securely stored and synchronized in the cloud, preventing lockouts in the case of device loss and facilitating transitions to new devices. This functionality is compatible with major web browsers and platforms, including Windows, macOS, iOS, and Chrome OS.

Google’s adoption of passkeys follows the broader industry trend towards passwordless authentication. The company introduced support for passwordless sign-in on all Google accounts earlier and extended passkey support to Android and Chrome in the past year. This move aligns with the commitment of tech giants like Microsoft and Apple to promote passkeys as a universal standard for passwordless sign-ins.

Google’s decision to make passkeys the default sign-in option for personal Google accounts is a significant step towards improving both security and user experience. As the industry continues to embrace passwordless authentication, users can look forward to a more convenient and secure online experience.

Resources
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/google-makes-passkeys-the-default-sign-in-for-personal-accounts/

 

Marcel Brown
This Day, October 10, in Tech History

This is Marcel Brown bringing you some technology history for October 10th.

October 10th, 1964. The opening ceremonies of the Summer Olympics in Tokyo became the first Olympic broadcast relayed live by geostationary communication satellites. The satellite CINCOM 3, which was in orbit over the Pacific Ocean, made the Tokyo 1964 games the first games to be televised via satellite to a worldwide audience.

Additionally, other technologies, such as slow-motion and the use of computers to keep live statistics, were first introduced in the Tokyo games of 1964. Foreshadowing future technological advancements, the 1964 games was also the last time hand-timing was done with stopwatches. Future games would use electronic timing for improved accuracy.

October 10th, 1980. Namco officially transfers rights to Midway for distribution of the games Pac-Man and Rally-X in North America. While the exact date that Pac-Man started shipping to arcades in North America is currently unknown, most sources cite October of 1980.

While the Japanese release under the name “Puck-man” had occurred in May of 1980, the game’s popularity didn’t fully take off until being released in the United States. Pac-Man will become the first true mega-hit video game in history, sparking “Pac-Man Fever” and catapulting the video game industry into mainstream culture.

That’s your technology history for today. For more, tune in tomorrow and visit my website, thisdayintechhistory.com.

Resources
– This Day in Tech History: https://thisdayintechhistory.com/10/10