Daily Archives: 28 February 2023

Passcode Vulnerability

Posted on by
Reply

The subheadline of a Wall Street Journal article on cell phone security vulnerabilities presents the subject of my post.

The passcode that unlocks your phone can give thieves access to your money and data; “it’s like a treasure box”

The article then laid out the problem:

The thieves are exploiting a simple vulnerability in the software design of over one billion iPhones active globally. It centers on the passcode, the short string of numbers that grants access to a device; and passwords, generally longer alphanumeric combinations that serve as the logins for different accounts.
With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID. This would lock the victim out of their account, which includes anything stored in iCloud. The thief can also often loot the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords.
“Once you get into the phone, it’s like a treasure box,” said Alex Argiro, who investigated a high-profile theft ring as a New York Police Department detective before retiring last fall.

This image lays out the technique:There’s nothing magic about iPhones in this regard, though; Android cell phones are just as vulnerable to this sort of attack.

However, there are a couple of solutions to this, regardless of the type of cell phone you use. Each solution also works even better when done in concert with the other, and they rely on something old-fashioned: caution and concern for personal privacy.

One solution is to not use your cell phone to conduct any activity, not only financial, that you don’t want exposed to the public, much less to a thief. That way, if your cell phone is stolen, there’s nothing in it beyond your contact list that can be hacked. The potential cost of doing non-telephone things on your cell phone is far greater than the short-term convenience gained.

The other solution is to not store anything in the cloud. Keep your private material private by keeping it entirely within your home’s network, and ideally even more restricted: keep that information solely on your PC’s or laptop’s hard drive, or better, on an external hard drive that connects only via USB—and keep that external storage device separate from your PC/laptop.

Related, and subsidiary to all of that, don’t store passcodes or passwords on your PC/laptop, even via a passcode/word manager. In the unlikely event your laptop is stolen, or your PC is stolen via home break-in, that manager can be hacked at the thief’s leisure.

Disingenuosity of NATO’s “Biggest European Members”

Posted on by
Reply

Here’s the lede in the WSJ article:

Germany, France, and Britain see stronger ties between NATO and Ukraine as a way to encourage Kyiv to start peace talks with Russia later this year, officials from the three governments said, as some of Kyiv’s Western partners have growing doubts over its ability to reconquer all its territory.

Ukraine’s President Volodymir Zelenskyy always has been willing to engage in peace talks with the barbarian invader, and his criteria for entering into those negotiations have been clearly stated all along. That Vladimir Putin refuses to meet those criteria—his insistence, in fact, that Ukraine isn’t even a real nation—are on the barbarian chieftain, not on Zelenskyy. Rishi Sunak, Emmanuel Macron, and Olaf Scholz, the British Prime Minister, French President, and German Chancellor, respectively, know this full well. I’ll have more on that growing doubt of Ukraine’s recovering its territory (not reconquering, as those three put it) below.

There’s this from a carefully anonymous French…official:

We keep repeating that Russia mustn’t win, but what does that mean? If the war goes on for long enough with this intensity, Ukraine’s losses will become unbearable. And no one believes they will be able to retrieve Crimea.

None of these wondrous national leaders—or the Biden administration, come to that—believed Ukraine would be able to defeat the barbarian’s initial invasion, either; they expected Ukraine to fall in a matter of days. That was their rationalization for withholding weapons Ukraine—the folks actually doing the fighting, bleeding, and dying—said they needed to drive the barbarian back out. And so here we are, a year later, and the Ukrainians are still fighting, bleeding, and dying, and they have recovered much of the territory the barbarian took (and devastated and inflicted atrocities on the captured populations during the occupations, on the way back out, and still from afar. But these wonders continue to avert their eyes from that).

If these august personages, including our own President Joe Biden (D) were serious about Russia mustn’t win, or whether the war goes on for [too] long, they’d get out of the way of arms transfers to Ukraine, they’d rapidly supply the weapons Ukraine says they need, in the numbers and at the pace Ukraine says they need them, so Ukraine could avoid an attritional war, recover all of their lost territory—including Crimea—and win quickly.

Finally, there’s this most blatant bit of hypocrisy, and outright dishonesty, from Macron himself as he told Mr Zelensky that (as paraphrased by the WSJ)

even mortal enemies like France and Germany had to make peace after World War II.

Of course. But not until after Germany had been driven back completely out of France—and all other Nazi German-occupied territories. Peace talks were not even allowed until then; the Allies demanded Germany’s unconditional surrender before peace talks could begin. Zelenskyy is not holding out for the barbarian’s unconditional surrender, only that he leave Ukraine.