Tech and Cybersecurity: A Closer Look at This Week’s News. 31/03/2024

This week in tech has been a whirlwind of innovation and cautionary tales. Here's a rundown of the top five stories that have dominated the headlines:

Security Alert: Potential SSH Backdoor Via Liblzma.

A critical security vulnerability was identified in the xz compression utility, commonly used in Linux distributions. This vulnerability could potentially expose SSH services to unauthorized access. This backdoor discovery underscores the importance of vigilant security practices in software development and deployment.

The recent discovery of a backdoor in the xz compression utility, part of the liblzma library, has raised significant security concerns. This vulnerability, identified as CVE-2024-3094, could potentially allow unauthorized access to SSH services. The compromised versions of the xz utility, specifically 5.6.0 and 5.6.1, were found in several Linux distributions, including Fedora Rawhide and Debian Unstable.

To mitigate this threat, users and administrators are advised to take the following steps:

Identify Affected Systems: Check if any systems are running the compromised versions of xz/liblzma, 5.6.0 and 5.6.1.
To check if any of your systems are running the compromised versions of xz/liblzma, you can follow these steps:

1. Open a terminal window on the system you wish to check.
2. Type the command xz --version and press Enter.
3. The output will display the xz version that is currently installed on your system.

If the output indicates that your system is running xz version 5.6.0 or 5.6.1, you should immediately address the vulnerability. This may include updating to a newer, secure utility version, downgrading to a previous safe version, or disabling SSH services until the issue can be resolved. Following the guidance provided by your specific Linux distribution or software vendor is essential for the most appropriate mitigation steps.

If affected versions are found, stop using them immediately. Downgrade to a safe version of the xz utility, such as 5.4.x, which has been confirmed to be free of the backdoor.

To downgrade to a safe version of xz/liblzma, you can use the package management system specific to your Linux distribution. Here are the general steps you might follow:

Use the package manager to remove the compromised version of xz/liblzma. For example, you would use `sudo apt-get remove xz-utils` on Debian-based systems.

After removing the vulnerable version, install a safe version of the utility. For instance, to install version 5.4.x, you could use

sudo apt-get remove xz-utils

Ensure that the correct version has been installed by using `xz --version`.

Please note that the exact commands can vary depending on your Linux distribution. You should refer to your distribution's documentation or forums for the precise commands. Additionally, some distributions may have already provided an updated package that patches the vulnerability, so you can update your system using the standard update command for your package manager.

Users and system administrators must act swiftly to protect their systems from potential exploitation. Staying informed and adhering to recommended security practices can help mitigate the risks associated with such vulnerabilities.

For more detailed information and updates on this issue, please refer to the official advisories and documentation provided by your Linux distribution or software vendors.

Researchers Demonstrate 4.5 Million Times Faster Internet.

In a groundbreaking achievement, researchers at Aston University have demonstrated internet speeds 4.5 million times faster than the current average on existing fibre networks. This leap in data transfer technology could revolutionize how we connect and communicate globally.

Collaborating with the National Institute of Information and Communications Technology (NICT) in Japan and Nokia Bell Labs in the US, the team attained a data transfer speed of 301 terabits per second on an existing fiber network. This speed is a staggering 4.5 million times faster than the average broadband connection, opening up new possibilities for meeting future data demands.

The key to this achievement lies in utilising new wavelength bands, specifically the E-band and S-band, which are not traditionally used in fiber optic systems. By expanding into these bands, the researchers could significantly increase the data transmission capacity without the need for deploying new fiber cables, making it a more sustainable and cost-effective solution.

This advancement could lead to vastly improved end-user connections, as it promises to enhance the backbone network that supports our internet infrastructure. The implications of this technology are far-reaching, potentially affecting various sectors, from healthcare to education and entertainment to security and AI development.
The implications of such a monumental increase in internet speed for AI and Large Language Models (LLMs) are profound. With the ability to transfer data at unprecedented rates, AI research and deployment could accelerate significantly, leading to more advanced and sophisticated models. LLMs, which require vast amounts of data to train and improve, could benefit from reduced latency and higher throughput, enabling real-time learning and adaptation.

Moreover, this could democratize AI, allowing researchers and developers from around the world to collaborate more effectively and share large datasets and insights almost instantaneously. The potential for innovation in natural language processing, machine learning, and other AI domains is immense, promising a future where AI can be more responsive, accurate, and integrated into our daily lives. This leap in internet speed is not just a technical milestone; it's a gateway to a new era of AI possibilities.

iPhone Phishing Scam: Reset Password Alert

A sophisticated phishing attack targeting iPhone users has been reported. The scam involves a barrage of reset password prompts followed by a spoofed phone call to trick users into compromising their Apple ID credentials. It's a stark reminder of the ever-evolving landscape of cyber threats.

This scam involves a series of rapid-fire password reset notifications followed by a spoofed phone call to panic the user into revealing their Apple ID credentials. The attackers initiate the scam using email and phone number information, likely obtained from previous data breaches.

Here's what you need to know to stay safe:

Recognize the Scam: Legitimate companies, including Apple, will never ask for your Apple ID password, verification codes, or other sensitive information over the phone.

Do Not Respond to Pressure: If you receive unsolicited password reset notifications or calls, do not feel pressured to respond. Take your time to verify the authenticity of the message.

Verify Directly with Apple: If you're unsure about the legitimacy of a request, contact Apple directly through their official support channels.

Use Two-Factor Authentication: Always use two-factor authentication for your online accounts to add an extra layer of security.

Report Suspicious Activity: Forward any suspicious emails or messages to Apple's official phishing report email address,reportphishing@apple.com, and report any fraudulent calls to your local authorities.

By staying vigilant and informed, you can protect yourself from such phishing attempts and ensure your personal information remains secure.

AI and the Future of Tech.

Generative AI continues to be a hot topic in the tech industry, with companies investing heavily in AI capabilities. This year, we're seeing a surge in AI integration across devices and platforms, promising a more personalized and efficient digital experience.

As we move into 2024, AI continues to drive innovation, with large language models (LLMs) like GPT-4 and Google DeepMind's Gemini leading the charge. These models are not only becoming more advanced in processing text. Still, they are also expanding their capabilities to include images and even videos, opening up many new applications across various industries.

One of the key trends to watch is the customization of chatbots. Tech giants are developing user-friendly platforms that allow individuals to tailor powerful language models to their needs without coding skills. This democratization of AI technology means we can expect a surge in personalized AI applications, making the technology more accessible and valuable for the average person.

Moreover, integrating AI into big pharma and healthcare could potentially revolutionize drug discovery and patient care. While the full impact of AI on these sectors is still unfolding, the current trajectory suggests that AI could significantly streamline research and development processes, leading to faster and more efficient healthcare solutions.

As AI models become more multimodal, the potential for new applications is vast. For instance, a real estate agent could use a customized AI to generate property descriptions by simply uploading text and media. This level of automation and personalization could significantly enhance productivity and creativity across various fields.

However, advancements in AI are not without challenges. Data bias, copyright, and ethical considerations continue to shape the research and regulatory agenda. The industry must address these challenges proactively to ensure that AI technology benefits society.

Sam Bankman-Fried Sentenced to 25 years in prison.

Sam Bankman-Fried, the founder of the now-defunct FTX crypto exchange, was recently sentenced to 25 years in prison. This verdict came after a month-long trial where Bankman-Fried was found guilty of seven counts of fraud and conspiracy. The charges were related to his role in the collapse of FTX and defrauding lenders to FTX’s sister company, Alameda Research. Despite the severity of the charges, Bankman-Fried maintained his innocence and expressed regret for his decisions. This case has been a significant event in the cryptocurrency sector, marking a dramatic fall for Bankman-Fried, who was once celebrated as a leading figure in the industry. The verdict serves as a stern reminder of the legal boundaries within the rapidly evolving world of cryptocurrency.

FTX, the defunct cryptocurrency exchange, has been making progress in recovering customer funds. As of now, they have managed to recover and secure approximately $7.3 billion. This recovery process is part of their bankruptcy proceedings.

The plan proposed by FTX’s new management, led by CEO and bankruptcy expert John J. Ray III, is to send 90% of the recovered assets to former customers. However, it’s important to note that this 90% refers to the funds FTX has been able to recover, not the total customer deposits at the time of the exchange’s collapse. Therefore, customers may not necessarily get back 90% of their lost assets.

When it filed for bankruptcy, FTX had an estimated shortfall of $8.7 billion. As of September, roughly $6.9 billion of that shortfall had been recovered, and the recovery process is still ongoing.

Those who withdrew more than $250,000 from FTX in the nine days before the exchange’s collapse will be able to pay a 15% fee on those funds to avoid potential clawback attempts. This part of the amended plan implies an expected 85% or more customer recovery.

FTX is also considering restarting the exchange by the end of June and aims to confirm its goals within a year after that date. However, the actual customer shortfall remains unknown.

These stories highlight the rapid pace of technological advancement and the need for robust security measures to protect against emerging cyber threats. As we embrace these innovations, let's also commit to safeguarding our digital ecosystem. Stay informed and stay secure.

Exploring the intricate world of tech and cybersecurity, we’ve delved into the latest news and trends. Stay informed, stay secure, and keep pushing the boundaries!” 🌐🔒