Marcel Brown: November 5th, 2007. Google introduces the Android platform, it’s mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008.

Edwin Kwan: The Canadian government has announced a ban on the use of WeChat and Kaspersky’s apps on government-issued mobile devices. The Canadian government banned TikTok in February 2023 and is now adding Tencent’s WeChat and Kaspersky to the list.

Hillary Coover: The debate over the cost of privacy in the face of corporate surveillance is intensifying, as Meta introduces a subscription model allowing users to opt out of behavioral advertising. While Meta argues it aligns with regulatory requirements, critics see it as extortion and an attempt to maintain the status quo, potentially leading to further legal battles. What would you pay for privacy?

Mark Miller: Leave it to the North Korean nation state to release KandyKorn malware in time for the holiday season, starting with the Day of the Dead. On October 31st, Elastic Security Lab documented a malware infection that exposed an attempt by the DPRK to infect crypto exchange platforms through their blockchain engineers.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
WeChat and Kaspersky Apps Banned on Canadian Government Devices

The Canadian government has announced a ban on the use of WeChat and Kaspersky’s apps on government-issued mobile devices.

This is Edwin Kwan from Sydney, Australia.

The Canadian government banned TikTok in February 2023 and is now adding Tencent’s WeChat and Kaspersky to the list. This follows a disclosure by the Five Eyes countries representing Australia, Canada, New Zealand, UK, and the US a few weeks ago where they accused China of intellectual property theft and using artificial intelligence for hacking and spying against their nations. The Canadian government said that the ban is part of a risk-based approach to keep government information and the networks secure. The ban is effective from October 30th, 2023.

Kaspersky claims that the ban is made on political grounds and China’s foreign ministry accused the Canadian government of not having any hard evidence and instead overstretching the concept of national security and abusing state power to suppress the companies of a particular country.

Resources
– Hacker News: https://thehackernews.com/2023/10/canada-bans-wechat-and-kaspersky-apps.html

 

Mark Miller
Just in Time for Día de los Muertos: KandyKorn Malware

Leave it to the North Korean nation state to release KandyKorn malware in time for the holiday season, starting with the Day of the Dead. On October 31st, Elastic Security Lab documented a malware infection that exposed an attempt by the DPRK to infect crypto exchange platforms through their blockchain engineers.

In the Elastic documentation of the malware event, they found “The intrusion was traced to a Python application posing as a cryptocurrency arbitrage bot delivered via a direct message on a public Discord server.” Elastic’s description continues, ” Attackers impersonated blockchain engineering community members on a public Discord frequented by members of this community. The attacker social-engineered their initial victim, convincing them to download and decompress a ZIP archive containing malicious code.”

What does the supposed arbitrage bot really do? The malware is implemented in a four-step process, ending with the candy corn payload. The ultimate goal is to steal cryptocurrency.

There’s an interesting twist to how KandyKorn is called. Unlike other malware, it doesn’t pull the server for commands. It waits for commands to be sent to it. This reduces the number of endpoint and network artifacts generated and provides a way to limit potential discovery.

The research team at Elastic has done a great job of documenting the process, including detailed descriptions of each of the commands issued to the bot. I’ve put a direct link to the Elastic Security Lab’s findings in the transcription of this episode at 505updates.com.

This is Mark Miller, Executive Producer of It’s 5:05. Happy mining!

Resources
– Elastic Security Labs: https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn

 

Hillary Coover
Meta’s Privacy Pivot: Upholding Principles or Extortion?

The debate over the cost of privacy in the face of corporate surveillance is intensifying, as Meta introduces a subscription model allowing users to opt out of behavioral advertising. While Meta argues it aligns with regulatory requirements, critics see it as extortion and an attempt to maintain the status quo, potentially leading to further legal battles.

What would you pay for privacy?

Hi, this is Hillary Coover in Washington, DC.

Meta, previously advocating for an ad-supported internet, is undergoing a significant shift. In response to mounting pressure from European privacy regulators and legal actions, the company has introduced a new subscription service that allows users to opt out of behavioral advertising in exchange for a monthly fee. Currently priced around $10, this marks a significant change in META’s approach. The move’s been met with lots of criticism and threats of further legal action, though.

Privacy advocates and regulators argue that META’s subscription option is an attempt to evade the necessary changes to align with European privacy laws. European courts have long asserted that Meta can only use personal data for advertising with explicit consent, and Norway has labeled Meta’s behavioral advertising practices as illegal, imposing hefty fines. Now, the ban on these practices is set to extend across the entire EU, subject to approval by the European Data Protection Board. If Meta fails to comply, the EU can impose even more substantial fines.

Tobias Juden, a spokesperson for Norway’s Privacy Watchdog, deems Meta’s pay for privacy model as extortion, giving users a stark choice between paying or surrendering their rights. He argues that users are essentially coerced, as they lack a viable alternative to Meta’s platforms due to the presence of friends and family.

Resources
– Wired: https://www.wired.com/story/meta-facebook-pay-for-privacy-europe/

 

Marcel Brown
This Day, November 6, in Tech History

This is Marcel Brown bringing you some technology history for November 5th and 6th.

November 5th, 2007. Google introduces the Android platform, it’s mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008.

November 6th, 1980. IBM and Microsoft formally signed a contract whereby Microsoft will create an operating system for the in-development IBM PC. During the summer of 1980, IBM was originally interested in licensing the popular CP/M operating system, but the inability to come up with an agreement with Digital Research led IBM to ask Microsoft if they could develop an operating system similar to CP/M.

Microsoft was already going to work with IBM to deliver their basic programming language for the IBM PC, but they did not have an operating system. However, Microsoft knew that a small company named Seattle Computer Products had developed an operating system similar to CP/M called QDOS for Quick and Dirty Operating System.

Microsoft suggested to IBM that QDOS could work as the IBM PC’s operating system. IBM asked Microsoft to license and further develop the operating system, which led to the formal contract on November 6, 1980. After the contract was signed, in December of 1980, Microsoft would license the QDOS operating system to begin development of the IBM PC version.

In July of 1981, just weeks before the IBM PC would ship, Microsoft purchased full rights from SCP for what was now called 86-DOS. IBM PCDOS was the name of the operating system that would ship on the IBM PC, but it was Microsoft that wholly developed the operating system after acquiring it from SCP.

Microsoft shrewdly included a clause in the agreement that allowed them to sell the operating system to other companies under the name MS-DOS. It was this clause that changed the course of technology history, opening the door for Microsoft to become the dominant technology company of the PC era.

Microsoft seemed to understand that by controlling the operating system, the underlying hardware became less relevant. IBM obviously did not consider this concept, nor did they foresee that companies would be able to successfully clone their hardware platform. Once companies were able to clone the hardware, they needed an operating system. Microsoft was more than happy to provide them with that operating system, which by design, was completely compatible with IBM’s PC-DOS. Once IBM lost control of the platform they created, power shifted to the one major commonality between the IBM-PC-compatible clones: Microsoft’s operating system. It was IBM’s name that pushed the IBM PC into prominence, but it was the combination of hardware cloning and Microsoft licensing the operating system that created the dominant platform of the PC era, crushing nearly all competing personal computer platforms in the process.

Without this seemingly minor clause in this pivotal contract, the history of the PC era could have been quite different than it was.

That’s your technology history for today. For more, tune in tomorrow, and visit my website, ThisDayInTechHistory.com.

Resources
– https://thisdayintechhistory.com/11/06