Sign up to save your podcasts
Or
Share EP 229.5 Deep Dive into Trashed; IT Privacy and Security Weekly Update for The Week Ending February 11th 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP 229.5 Deep Dive into Trashed; IT Privacy and Security Weekly Update for The Week Ending February 11th 2025
Frequently Asked Questions: Privacy, Security, and the State of Tech (Early 2025)
1. What is "SparkCat" and why is it significant?
SparkCat is malware discovered hiding in both the Apple App Store and Google Play. It uses optical character recognition (OCR) to scan users' photo galleries for cryptocurrency wallet recovery phrases and uploads them to attacker-controlled servers. Over 242,000 Android users downloaded infected apps. It highlights the evolving sophistication of malware and the need for increased vigilance, even with apps from reputable sources.
2. What is the UK government asking Apple to do, and what are the potential implications?
The UK government has reportedly ordered Apple to create a backdoor allowing access to encrypted cloud backups of users worldwide, through a technical capability notice under the Investigatory Powers Act. Apple is likely to discontinue its encrypted storage service in the UK rather than compromise user security globally. If Apple complies, it could set a dangerous precedent for other governments to demand similar access, undermining encryption and weakening security for everyone.
3. What is the story about the man trying to buy a landfill, and what does it illustrate?
A man is trying to buy a landfill to search for a hard drive containing his lost Bitcoin fortune. While seemingly absurd, it illustrates the very real consequences of poor digital asset management and data security. It highlights the permanence (and potential inaccessibility) of digital assets and the lengths people will go to recover them, even resorting to extreme measures.
4. Why is the US considering banning the DeepSeek AI app?
The US is considering banning the Chinese AI app DeepSeek due to concerns that it collects data for a foreign government (China). The app pumps data to China Mobile unencrypted, and there are close ties between the company and the Chinese military. This aligns with the US government's broader concerns about foreign-owned apps, especially those from China, posing national security risks due to data privacy and potential surveillance.
5. What is the massive brute-force attack targeting VPNs, and how can organizations protect themselves?
A large-scale brute-force attack is targeting VPN devices from companies like Palo Alto Networks, Ivanti, and SonicWall, utilizing nearly 2.8 million IP addresses. Attackers are attempting to guess usernames and passwords to gain unauthorized access. To protect edge devices, organizations should change default admin passwords to strong, unique ones, enforce multi-factor authentication (MFA), use allowlists of trusted IPs, and disable web admin interfaces if they are not needed, and also ensure VPN software is fully up to date.
6. Why is Google's removal of its pledge not to build AI for weapons or surveillance significant?
Google's removal of its pledge not to build AI for weapons or surveillance is a concerning development. It suggests a shift in the company's ethical stance and a willingness to potentially engage in activities that could have negative consequences for human rights and global security. It raises questions about the future direction of AI development and the role of tech companies in shaping its use.
7. What is "enshittification" and how does it relate to current tech trends?
"Enshittification" refers to the gradual decline of online services as they prioritize profits over user experience. This process involves platforms initially offering value to users, then shifting focus to business customers, and finally exploiting both for maximum profit. Examples include Twitter restricting API access, Facebook prioritizing sponsored content, smart TVs becoming data-hungry ad machines, and Google Assistant's diminishing functionality. It reflects a broader trend of tech companies sacrificing user experience for financial gain.
View all episodes
By R. Prescott Stearns Jr.
4.5
44 ratings
Frequently Asked Questions: Privacy, Security, and the State of Tech (Early 2025)
1. What is "SparkCat" and why is it significant?
SparkCat is malware discovered hiding in both the Apple App Store and Google Play. It uses optical character recognition (OCR) to scan users' photo galleries for cryptocurrency wallet recovery phrases and uploads them to attacker-controlled servers. Over 242,000 Android users downloaded infected apps. It highlights the evolving sophistication of malware and the need for increased vigilance, even with apps from reputable sources.
2. What is the UK government asking Apple to do, and what are the potential implications?
The UK government has reportedly ordered Apple to create a backdoor allowing access to encrypted cloud backups of users worldwide, through a technical capability notice under the Investigatory Powers Act. Apple is likely to discontinue its encrypted storage service in the UK rather than compromise user security globally. If Apple complies, it could set a dangerous precedent for other governments to demand similar access, undermining encryption and weakening security for everyone.
3. What is the story about the man trying to buy a landfill, and what does it illustrate?
A man is trying to buy a landfill to search for a hard drive containing his lost Bitcoin fortune. While seemingly absurd, it illustrates the very real consequences of poor digital asset management and data security. It highlights the permanence (and potential inaccessibility) of digital assets and the lengths people will go to recover them, even resorting to extreme measures.
4. Why is the US considering banning the DeepSeek AI app?
The US is considering banning the Chinese AI app DeepSeek due to concerns that it collects data for a foreign government (China). The app pumps data to China Mobile unencrypted, and there are close ties between the company and the Chinese military. This aligns with the US government's broader concerns about foreign-owned apps, especially those from China, posing national security risks due to data privacy and potential surveillance.
5. What is the massive brute-force attack targeting VPNs, and how can organizations protect themselves?
A large-scale brute-force attack is targeting VPN devices from companies like Palo Alto Networks, Ivanti, and SonicWall, utilizing nearly 2.8 million IP addresses. Attackers are attempting to guess usernames and passwords to gain unauthorized access. To protect edge devices, organizations should change default admin passwords to strong, unique ones, enforce multi-factor authentication (MFA), use allowlists of trusted IPs, and disable web admin interfaces if they are not needed, and also ensure VPN software is fully up to date.
6. Why is Google's removal of its pledge not to build AI for weapons or surveillance significant?
Google's removal of its pledge not to build AI for weapons or surveillance is a concerning development. It suggests a shift in the company's ethical stance and a willingness to potentially engage in activities that could have negative consequences for human rights and global security. It raises questions about the future direction of AI development and the role of tech companies in shaping its use.
7. What is "enshittification" and how does it relate to current tech trends?
"Enshittification" refers to the gradual decline of online services as they prioritize profits over user experience. This process involves platforms initially offering value to users, then shifting focus to business customers, and finally exploiting both for maximum profit. Examples include Twitter restricting API access, Facebook prioritizing sponsored content, smart TVs becoming data-hungry ad machines, and Google Assistant's diminishing functionality. It reflects a broader trend of tech companies sacrificing user experience for financial gain.