Previous Page
PCLinuxOS Magazine
Article List
Next Page

As Another Year Ends, The Cyberthreats Continue

by phorneker

Another year just past, and we have survived a years worth of cyber threats, starting with the Meltdown and Spectre vulnerabilities found in Intel chips produced since 1998, resulting in a mass scale updates to operating systems everywhere, ranging from the kernel updates to Linux (PCLinuxOS included), the BSD series (including TrueOS), and even ArcaOS (the OS/2 successor), to Microsoft and Apple scrambling to patch security updates to mitigate the problem.

But what really happened as far as PCLinuxOS is concerned? This forced us to update the kernel(s) installed in our PCLinuxOS installations, and reminded us of the importance of keeping software up to date.

One thing is clear as far as the technology scene in the consumer market goes, while Microsoft still dominates the desktop, it is no longer the threat it once was to our freedoms we have enjoyed for the past two decades. This can be attributed to the following:

  • Desktops and laptops with Apple's Mac OS-X installed as well as laptops with Google Chrome OS installed (better known as Chromebooks) continue to be offered in retail outlets such as Best Buy and OfficeMax. (PCLinuxOS can be installed on these machines as well.)

  • Microsoft's contributions to the Linux kernel.

  • The massive patent releases by Microsoft to the open source community. Enough said here.

  • Applications such as Visual Studio Editor and PowerShell available for Linux (the latter a standard part of Windows 10).

  • The growing popularity and use of smartphones as a primary device for Internet access.

That brings us to the next topic: the current state of cyber threats.

Cyber threats have been around throughout the history of computing. Remember the Milwaukee 414s? Back in the early 1980s, a group of teenagers broke into some high profile computers, not to cause havoc, but for the thrill of challenging the security of computers at that time. During that period, a movie called WarGames and starring Matthew Broderick, was released showing the vulnerabilities of the technology we had at the time. That movie is now being remade to reflect the current state of cybersecurity.

Richard Stallman describes the real meaning of the term "hacker" as follows (from his personal website):

In June 2000, while visiting Korea, I did a fun hack that clearly illustrates the original and true meaning of the word "hacker".

I went to lunch with some GNU fans, and was sitting down to eat some tteokbokki , when a waitress set down six chopsticks right in front of me. It occurred to me that perhaps these were meant for three people, but it was more amusing to imagine that I was supposed to use all six. I did not know any way to do that, so I realized that if I could come up with a way, it would be a hack. I started thinking. After a few seconds I had an idea.

First I used my left hand to put three chopsticks into my right hand. That was not so hard, though I had to figure out where to put them so that I could control them individually. Then I used my right hand to put the other three chopsticks into my left hand. That was hard, since I had to keep the three chopsticks already in my right hand from falling out. After a couple of tries I got it done.

Then I had to figure out how to use the six chopsticks. That was harder. I did not manage well with the left hand, but I succeeded in manipulating all three in the right hand. After a couple of minutes of practice and adjustment, I managed to pick up a piece of food using three sticks converging on it from three different directions, and put it in my mouth.

It didn't become easy--for practical purposes, using two chopsticks is completely superior. But precisely because using three in one hand is hard and ordinarily never thought of, it has "hack value", as my lunch companions immediately recognized. Playfully doing something difficult, whether useful or not, that is hacking.

I later told the Korea story to a friend in Boston, who proceeded to put four chopsticks in one hand and use them as two pairs--picking up two different pieces of food at once, one with each pair. He had topped my hack. Was his action, too, a hack? I think so. Is he therefore a hacker? That depends on how much he likes to hack.

As we can see, the term "hacker" is used to describe a person who likes to explore ideas (not just technology) and build upon or improve those ideas. This is definitely not the definition of "hacker" as presented by mainstream media and its propaganda.

Today, we have a new class of cyber criminals, and they are not there to challenge the security mechanisms for the thrill of it. They are there to steal your money and (worse) your identity.

But who are these people? That is unknown at this time, and these people would prefer it stay that way.

One thing we do know, these cyberattacks have come in the form of data breaches (apparently at least one a week) and malware (including so-called "fake applications"), but more recently, the attacks are targeted less on desktops and laptops, and more on smartphones, mainly Android devices, though Apple's iOS has its vulnerabilities, too.

Some of these attacks come in the form of stealth installations of malware, especially with fake applications being submitted to Google Play. Fortunately, the latter is being mitigated by Google at this time.

So how has this affected PCLinuxOS? Not much. The decision to not support systemd was one of the best decisions ever made. As Android is based on Linux, and that Android is now the preferred platform for cyberattacks, it makes sense that systemd would also be targeted.

I will make one important point that should be addressed in the tech sector.

At some point, we need to find out who these cyber criminals are, if it isn't already too late. While much has been done to warn the public about these vulnerabilities, what exactly is being done to find these people? As far as we know, not much if anything.

Also, while it is a very good idea to change your password, it will not stop cyber criminals from doing what they do. Remember the data breach involving Target a few years back? This was done by intercepting credit card and debit transactions in real time by breaking into Target's internal network of POS terminals and credit card readers without using a password, but instead using an open TCP port!

Google Play and Apple's App Store are two examples of online application stores that have been doing what they can to keep malware from infiltrating their product offerings. When it gets to the point where it is very difficult to accomplish this, there will be no choice but to shut the stores down.

I replaced my aging flip phone with a Kyocera Cadence (also a flip phone), and despite being a Android device will not allow installation of applications from Google Play. Yet, the phone will update itself. How? Kyocera provides updates to the system software in the form of system images not unlike virtual machines we make with VirtualBox. These images are stored on an internal server at Kyocera, and are accessed only through Kyocera phones (such as the Cadence).

Now, for my first prediction. A major change in the smartphone market took place.over the last two years as cellular service providers announced the elimination of 3G service. For those who use smartphones for their cellular service, this is of no concern. However, for those of us who use a feature phone, or a flip phone, this meant at one time a requirement to switch to a smartphone for continued service. Tracfone (and its other branded services such as Straight Talk and SafeLink) customers who use these types of phones were the most affected by the elimination of 3G service as Tracfone utilizes the towers of AT&T and Verizon for their branded service.

As a result, new flip phones are being developed that use the 4G LTE service. The first new flip phone to come out was ZTE's Cymbal, available on Verizon Wireless and on Tracfone. This flip phone is the first phone that is a cross between a smartphone and a flip phone. As with most any smartphone, you can install applications from Google Play. However, not all applications are compatible with this phone because of the hardware design.

My new phone is actually the first flip phone to be powered by Android, but the second on the consumer market. The Kyocera Cadence was introduced last January as a flip phone designed for enterprise users of Verizon Wireless services.

Verizon made the decision to market the Cadence to consumers as the result of the success of the ZTE Cymbal. The Cadence is marketed as a back to basics flip phone that brings the flip phone user to the world of 4G LTE service without having to buy a smartphone.

Where security and privacy is a concern, the Cadence provides a reliable and affordable solution. The fact that Android applications cannot be installed on this phone is a good thing, and hence could well present a precedence for other phone manufacturers (got that Samsung) to do likewise.

Hence, my first prediction for 2019 is there will be more cellular phones in the consumer market that cannot have external applications installed, ensuring that your data and personal assets are kept personal and confidential, the way it should be.

Verizon Wireless now allows tethering on its prepaid as well as postpaid service plans (featuring plans that have 3G or more of 4G LTE data, including their Unlimited plans).

This means that phones that use Verizon Wireless service (including my Cadence) can be used as 4G LTE modems on PCLinuxOS! (This will really help out in a pinch if you lose your home Internet service to unforeseen circumstances.)

My next prediction makes reference to the 1983 film WarGames. In the movie, Matthew Broderick's character used his ISMAI computer (which recently sold at auction for $25,000) to break in to various computers, to find out what new video games were being developed at a Sunnyvale, California software company (presumably Atari, which was a major developer of video games in that era). Among computers he broke into were the school district's mainframe (to change his grades, and that of his girlfriend at the time), and an airline's network (to book a flight to Paris), before he managed to break into NORAD (the supercomputer built during the Cold War as our missile defense system). He only found out about the impact of what he had done was after a newscast story about the NORAD breakin was broadcast, and after the FBI came to arrest him.

So how do today's cyber criminals stay undetected? They do not brag about such activities in public. That is how some of the earlier cyber criminals got caught.

For my second prediction, I state this. No matter how careful or how much stealth these people practice in their activities, at some point, someone is going to make a mistake (even a small but critical one) that could blow the whole operation out of the water.

Hint, it will not happen in Russia (or the Ukraine for that matter) or China.

Why do I say this? Look no further than the recent headlines regarding social media.

Over the past two years, there has been one scandal after another regarding Facebook, with the most recent (as of this writing) being the enabling of 150 plus companies being able to access private messages from Facebook users. As far as I am concerned, Facebook cannot and should not ever be trusted. Period.

Even if the US Congress does not legislate new privacy laws, the European Union has already sanctioned the social media services for violations of their data privacy laws.

My next prediction, the US Congress (both House and Senate) will legislate so-called data privacy and security laws, which would effectively do nothing new as they would be a rewrite of existing laws regarding privacy.

If you really want a look at what could happen, simply watch the James Bond thriller "Tomorrow Never Dies" (on DVD or whatever streaming service has that film).

Previous Page              Top              Next Page