Internet Security – PJ Magic http://pjmagic.net/ Thu, 23 Sep 2021 02:12:25 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 https://pjmagic.net/wp-content/uploads/2021/06/icon-1-150x150.png Internet Security – PJ Magic http://pjmagic.net/ 32 32 Apple deprecates TLS 1.0 and 1.1 with iOS 15, macOS 12, etc. https://pjmagic.net/apple-deprecates-tls-1-0-and-1-1-with-ios-15-macos-12-etc/ https://pjmagic.net/apple-deprecates-tls-1-0-and-1-1-with-ios-15-macos-12-etc/#respond Wed, 22 Sep 2021 23:32:30 +0000 https://pjmagic.net/apple-deprecates-tls-1-0-and-1-1-with-ios-15-macos-12-etc/ This week, Apple continued its work to deprecate Transport Layer Security 1.0 and 1.1 from its various operating systems, replacing long-standing security protocols with more modern versions. The company first announced its intention to move away from early versions of TLS in 2018, indicating that Safari would be upgrading to TLS 1.2 and 1.3 in […]]]>

This week, Apple continued its work to deprecate Transport Layer Security 1.0 and 1.1 from its various operating systems, replacing long-standing security protocols with more modern versions.

The company first announced its intention to move away from early versions of TLS in 2018, indicating that Safari would be upgrading to TLS 1.2 and 1.3 in 2020. These changes were implemented in the initial beta versions of iOS 13.4. and macOS 10.15.4.

Explaining the change in 2018, Apple software engineer Christopher Wood described TLS as an essential internet security protocol to protect web traffic as it travels between clients and servers. Despite the processing of sensitive data, the legacy versions date back to 1999.

As reported by Apple today, the Internet Engineering Task Force (IETF) deprecated TLS 1.0 and 1.1 effective March 25, 2021. The IETF approved the next iteration of TLS, version 1.3, in 2018.

Apple urges developers to integrate support for TLS 1.3, calling it “faster and more secure.” Applications that currently use TLS 1.0 or 1.1 are encouraged to upgrade to TLS 1.2 or later. Developers who have App Transport Security (ATS) enabled on all connections do not need to make any additional changes to their application, as the feature requires secure connections with modern TLS certificates.


Source link

]]>
https://pjmagic.net/apple-deprecates-tls-1-0-and-1-1-with-ios-15-macos-12-etc/feed/ 0
China’s cyber warfare grew thanks to civilian recruits https://pjmagic.net/chinas-cyber-warfare-grew-thanks-to-civilian-recruits/ https://pjmagic.net/chinas-cyber-warfare-grew-thanks-to-civilian-recruits/#respond Wed, 22 Sep 2021 05:13:50 +0000 https://pjmagic.net/chinas-cyber-warfare-grew-thanks-to-civilian-recruits/ Representative image | Cybercrime | Pexels Text size: A- A + VSYber operations have become China’s tool of choice for securing exclusive intellectual property and collecting personal data around the world. In February 2021, malware from China was found in an Indian power grid. Experts have suggested that the malware may have turned off Mumbai […]]]>
Representative image | Cybercrime | Pexels

Text size:

VSYber operations have become China’s tool of choice for securing exclusive intellectual property and collecting personal data around the world.

In February 2021, malware from China was found in an Indian power grid. Experts have suggested that the malware may have turned off Mumbai city lights at the height of the Ladakh border standoff.

The Ministry of State Security and the People’s Liberation Army (PLA) Strategic Support Force primarily manage China’s cyber operations.

The Strategic Support Force was born out of the reorganization of the PLA in 2015. With the creation of this new integrated force, China combined electronic warfare, information warfare and cyber operations. Under President Xi Jinping, however, it was the State Security Ministry that gained the power to conduct cyber operations with the help of an army of civilian recruits.

The Department of State Security has in the past used open source data research for zero-day exploits, which can provide access to a device from a remote location. Zero-day exploits are vulnerabilities in software code and exist on various electronic devices.


Read also : Cyber ​​security breaches are on the rise. What can we do to become more resilient?


China’s deep dive into cyber warfare

In 1999, two Chinese Air Force colonels identified the coming era of electronic warfare and cyberspace after the United States’ war in Iraq. Qiao Liang and Wang Xiangsui Unrestricted war emphasized the ability to wage war below a certain conflict threshold. “The first rule of unrestricted warfare is that there are no rules, nothing forbidden,” Qiao said in an interview.

But since the publication of Unrestricted war, China’s military strategy has evolved. China’s 2015 military strategy paper called cyberspace “a new pillar of economic and social development and a new area of ​​national security.”

The pursuit of cyber warfare is not unique to the United States or China, as all major powers have invested in offensive and defensive cyber capabilities. But China’s rapid improvement in capabilities has caught the attention of experts around the world.

The Microsoft Exchange Server hack – attributed to Chinese hackers – revealed capabilities that the State Security Ministry and the PLA have improved since the early 2000s.

“China’s appetite for US private data has been one of the greatest secrets of modern intelligence. Intelligence officials estimate that China has now stolen all personally identifiable information from around 80% of Americans, and has a good start in collecting information on the remaining 20%, ”wrote US journalist Dina Temple. -Raston following his investigation into the Microsoft hack. for National public radio (NPR).

The UK, US and EU accused the Hafnium group – linked to the Chinese state – of hacking into the Microsoft Exchange server, which provided access to a vast mine of data.


Read also : Cyber ​​threats now rub shoulders with nuclear threats – India needs a formal national strategy


Hacking on the backs of civilian recruits

The United States remains ahead of China in conducting cyber operations, but China has slowly caught up with its model of civilian integration. The Institute of International and Strategic Studies called China a “level 2” cyberpower in its 2021 assessment of cyber capacity and national power. The United States remains the number one cyber power.

According to the report of The New York Times and other publications, China’s State Security Ministry has established a sophisticated network of private entities that hire and train hackers to work for the Xi Jinping government. The hacker community has collected information on US citizens from hacks such as the Marriott Hotel Guest Database. The cyber espionage network attempted to steal Ebola vaccine data and covert technology from a self-driving car company.

The office of the Ministry of State Security in Hainan established a private entity called Hainan Xiandun Technology Development Ltd, to recruit new graduates from top Chinese universities with technological and language skills. The United States Federal Bureau of Investigation (FBI) has indicted three agents from the Hainan State Security Department in connection with Hainan Xiandun’s technology development operations.

A 2013 recruitment ad posted by Hainan Xiandun said, “Since its establishment, the company has worked in the information security industry and has a large customer base in government, military, public security, telecommunications and finance ”. The ad called for “information security technicians and interns” and suggested a salary range of 4,000 to 1,000 yuan per month ($ 618 to $ 1,546) during the three-month probation period. Recruits could be paid up to 15,000 yuan ($ 2,319) per month after their probationary period. NYT reported salaries for some technical roles between $ 1,200 and $ 3,000.

According to documents from 2016, Hainan Xiandun had registered capital of 2 million RMB and the location of the company was the Hainan University Library. The FBI believes the company has since been disbanded, but continued to recruit until 2019.

Hainan Xiandun’s recruits have targeted aviation, defense, education, government, healthcare, biopharmaceutical and maritime companies in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, United Kingdom and United States. .


Read also : Don’t rush to kick China hard. Mumbai’s power grid failure is a strong warning


A new protocol

The estimated annual cost of China’s intellectual property theft to the US economy is between $ 300 billion and $ 600 billion per year.

Cyber ​​threat assessment firm Recorded Future has linked the new push to hide cyber operations behind civilian entities to China’s Digital Silk Road initiative. China wants to export its own global Internet regulations by setting standards with the “New Internet Protocol” plan. So far, only a few countries, including Saudi Arabia, Iran, and Russia, have shown interest in China’s Internet Protocol. But China continues to push for the adoption of the new standards in various international technology forums.

Xi Jinping’s recent decisions to establish personal data protection regimes, including regulatory actions against Didi Chuxing, are part of the strategy to reduce U.S. operations’ access to Chinese data.

The conflict at our physical borders has shaped 20e geopolitics of the century. China’s advanced cyber capabilities have added another area of ​​conflict, which should be part of the public discourse.

The author is a freelance columnist and journalist. He was previously a Chinese media reporter for the BBC World Service. He tweets @aadilbrar. Opinions are personal.

(Edited by Prashant)

Subscribe to our channels on YouTube and Telegram

Why the news media is in crisis and how to fix it

India is all the more in need of free, fair, uninhibited and questioning journalism as it is facing multiple crises.

But the news media are in a crisis of their own. There have been brutal layoffs and pay cuts. The best of journalism is shrinking, giving in to crass spectacle in prime time.

ThePrint employs the best young reporters, columnists and editors. Supporting journalism of this quality requires smart, thoughtful people like you to pay the price. Whether you live in India or abroad, you can do it here.

Support our journalism