Pete Recommends Weekly highlights on cyber security issues, March 12, 2022

Subject: 2022 Guide to Internet Privacy Resources and Tools
Source: LLRX

The implementation and maintenance of reliable applications in all sectors to secure and protect your work from cybercrime and security breaches is increasingly important as we move toward a return to an onsite work posture. This comprehensive guide by Marcus Zillman identifies a wide swath of privacy resources from which you can choose to apply to secure online and mobile activities in personal, academic, government or corporate environments. It includes best practices resources as well as online privacy applications, tools and strategies including: email, search and browsing, mobile phone calls, and enterprise-wide data security.

Subject: Decentralized identity using blockchain
Source: VentureBeat

This article addresses the following:

  • What is a decentralized identity?
  • How decentralized identity works with blockchain
  • How to authenticate using a decentralized identity
  • What happens when we fully adopt a decentralized identity procedure?
  • Benefits of using blockchain with decentralized identity

Conclusion – From all the above facts, it is evident that decentralized identity with blockchain can completely transform the digital identity landscape. It will make digital identity management decentralized and seamless, as no particular organization will govern the user data.

More importantly, users will be able to easily authenticate themselves without sharing their sensitive personal information with third parties.

Subject: Ukraine deserves an IT army. We have to live with the fallout
Source: VentureBeat

‘This is the blueprint’. Everyone in security should be paying attention to what’s happening with Ukraine’s IT army, because it’s a sign of things to come, Partridge said.

“This is the blueprint for future cyberwar,” he said. “It seems inevitable that future conflicts would try to replicate the passion from this.”

Still, Partridge said he recognizes there are potential risks that can’t be ignored — and many others agree.

“There’s no question that vigilante hacking wars can have unintended consequences,” said Chris Grove, cybersecurity strategist at Nozomi Networks.

“Aside from direct Russian retribution, a well-intentioned hacktivist in the state of Missouri, for example, is probably violating both state laws and federal laws by ‘helping out’ – even though the target is the socially accepted ‘bad guy’ in this equation,” he said.

In other words, a social call-to-arms doesn’t change local laws, Ellis said.

“I’ve been talking a number of enthusiastic rookies out of doing anything stupid over the past week — as well as trying to work with folks to minimize the potential harm of getting involved for participants,” he said.

At a certain point, though, launching cyberattacks that aren’t actually coordinated with broader military objectives can amount to little more than vandalism, said John Bambenek, principal threat hunter at Netenrich.

That being said, “the conflict is a fight of attrition,” Bambenek said. “Does Kiev fall first, or does the pressure on Putin get enough to get him to back off? In that sense, it’s all additive — and [the IT army] may help. Time will tell, really.”

Subject: Small cyberphysical watermarks could prevent huge headaches caused by fake meds (
Source: The RISKS Digest Volume 33 Issue 08, Phys, and AARP

Small cyberphysical watermarks could prevent huge headaches caused by fake meds (

“Richard Stein” <[email protected]>

“Counterfeit medications and pharmaceutical products are just a click away from being purchased from online pharmacies via smartphone.” The Pharmaceutical Security Institute summarizes grim statistics about arrests, drug categories, and the global geographic distribution for counterfeit medicines for incidents greater than US$ 100K in product value. No aggregated revenue information about the crimes are disclosed. See retrieved on 02MAR2022. The AARP, via (retrieved on 02MAR2022), estimates the phony drug market size @ ~US$ 200B in 2014. …

Subject: Facial recognition tech in public could yield perceptions of workplace fairness
Source: Penn State University Newswire

According to a new study led by Penn State and the University of Alabama, an organization’s decision to publicly deploy facial recognition technology — and whether or not stakeholders are involved and informed in that decision-making — could not only lead to users’ concerns of privacy, data security, mass surveillance and bias toward minority groups, but it could also reveal issues of organizational justice, or perceptions of fairness, within the organization itself.

“Technology is created by humans, and humans can be easily biased, so technology is never neutral,” said Yao Lyu, doctoral student at the Penn State College of Information Sciences and Technology. “The human-computer interaction community has been paying growing attention to justice issues in technology design and development. But as we highlight in our study, besides design and development, the implementation of technology could also engender justice issues, especially in an organizational setting where various stakeholders are involved.”

Ongoing debates have led U.S. cities and states including San Francisco, Boston and Maine to limit or ban the use of facial recognition technology in public spaces. Yet its deployment is on the rise in certain sectors — including public U.S. universities — where Yao and his team focused their study.



Subject: Dozens of COVID passport apps put user’s privacy at risk
Source: Bleeping Computer

Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users’ privacy at risk.The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.

Digital passport apps store proof of a person’s COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information (PII) encoded in a QR code or displayed directly in the app.

The users can then show this QR code or proof of vaccination when needed to enter areas considered high risk for viral transmission, required for travel, etc.

The issuers of these apps are typically the health and IT departments of governments, while the developers are often contracted experts in mobile software development.

Symantec’s team looked into 40 digital vaccine passport apps and ten validation (scanner) applications and found that 27 suffer from some of the following privacy and security risks.

The first type of problem highlighted in the Symantec report is that many of these tools generate QR codes that are not encrypted but merely encoded.

How to minimize the risks – If you’re obliged to use a digital vaccination passport app, avoid third-party wallets from obscure vendors and prefer those from firms that vet them more vigorously, like Apple Health and Google Wallet.

Subject: CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment
Source: CISA

CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022….

Subject: Twitter quietly launches Tor service in the face of Russian censorship
Source: Mashable via beSpacific

Mashable: “Twitter just struck a blow against government censorship, even if the tech giant won’t come out and say so directly. On Tuesday morning, Alec Muffett, a cybersecurity professional with a long history of working with the Tor network, announced he’d brought skills to bear at Twitter. Specifically, Muffett wrote that he’d helped the company launch a censorship-resistant way for users to access the social media platform — even if government officials in, say, a country like Russia, wanted to prevent that…”

Subject: Russia creates its own TLS certificate authority to bypass sanctions
Source: Bleeping Computer

Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals.The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates.

TLS certificates help the web browser confirm that a domain belongs to a verified entity and that the exchange of information between the user and the server is encrypted.

Signing authorities based on countries that have imposed sanctions on Russia can no longer accept payments for their services, leaving many sites with no practical means to renew expiring certificates.

After a certificate expires, web browsers such as Google Chrome, Safari, Microsoft Edge, and Mozilla Firefox will display full-page warnings that the pages are insecure, which can drive many users away from the site.

Posted in: Blockchain, Cybersecurity, Economy, Financial System, Health, Healthcare, Legal Research, Privacy, Social Media