Top | |
Newsletter 01/01/2023 |
Back to Contents |
The First Annual (and possibly only) Dispatches From the Front, 2022
Year in Review:
Whoop-Di-Do
Drawing, Father Time; Winslow
Homer (American, 1836–1910); USA; The year 2022 began with New Year's Ringing in the same cyber crisis that 2021 ended with. The Log4J debacle continued to rage as the old year fell away and the new calendars came out. December 9, 2021, The Dispatches first posted on this seemingly universal vulnerability in a logging function in Oracle's Java Framework. Patch after Patch failed. Almost one month to the day, January 9, 2022, the Dispatches was still reporting on the serious vulnerabilities exposed by Log4J. December 9, 2022, Axios reported how Log4J remains a very threatening vulnerability one year later that places much critical infrastructure at risk. The ongoing Log4J debacle has sparked earnest discussions within and without the Digerati about the efficacy of so much necessary digital infrastructure still being built on Open Source software, such as Log4J. On May 1, 2022, The Dispatches dove into the coming reexamination of Open Source software. Prompting this from our inhouse digital plagiarist — er, artist — extraordinaire.
Another cyber event that has spanned the twelve months we reviewed here is
the Hacking of Password Manager application, LastPass.
January 9, 2022,
The Dispatches reported that LastPass had indeed been hacked.
Of course, the degree and depth of the data breach of millions of
unsuspecting computer users' passwords depended very much on whom you
asked. The Hemming and Hawing on the part of LastPass about the
true extent of the breach went on for most of 2022. Then, on
December 22, 2022, LastPass admitted that its vaults had once again been hacked.
This time, however, the Digerati showed no mercy in its commendation of LastPass.
With this most recent breach event, there was no denying the obvious
facts, and "LastPass
says hackers stole customers’ password vaults,"
reported TechCrunch. Wired Magazine bluntly declared, "Yes,
It’s Time to Ditch LastPass."
[ed. note] I have never supported
the use of so-called password vaults, and have never recommended their
use.
2022 was also the year when the rest of American Industry caught up with what security experts have warned about for a decade now. The Industrial Controls upon which all of our cities depend on for clean water, power, refuse removal and control, and all other amenities that we citizens of our Modern Free Market Economy democratic republics (called States) have come to take for granted are now targets of cyberattacks with various degrees of success. On June 28, 2022, The Dispatches introduced readers to a new term in cybersecurity: Industrial Control Systems/Operational Technology (ICS/OT). Along with the acronym, came a new vulnerability targeting ICS/OT installations. ICEFALL, so dubbed by Vedere Labs, refers to "the name of the second stop on the Everest route, after Base Camp, and given the rising number of OT vulnerability disclosures, we know we have a mountain to climb to secure these devices and protocols." Specifically, ICEFALL represents 56 distinct vulnerabilities in OT technology by some of the biggest names in the industrial controls industry. Emerson, Honeywell, Motorola are all shown to have critical vulnerabilities in their current industrial control products. Another term concerning the defense of our ICS/OT was introduced to Readers of The Dispatches. In April 2022, CISA reported on a "a ‘Swiss Army Knife’ for Hacking Industrial Control Systems." On November 14, 2022, the Dispatches discussed SCADA and the nature of the vulnerabilities of these systems and the very real possibility of those vulnerabilities being weaponized. A Supervisory Control And Data Acquisition (SCADA) device is a very specific piece of networking hardware that acts as a controller between a set of industrial controls and the computers that manage those controls. The CISA press release explained the malware in question can exploit the vulnerabilities of SCADA devices to perform attacks on Windows based systems within the targeted network
Further along this theme, The Dispatches reported on numerous attacks on
water treatment systems that endanger us all. Indeed,
July 19, 2022, The Dispatches asked the one simple
question.
The Dispatches has strived since its inception, some 20 plus years ago, to offer its readers the benefit of my years toiling in the fields of Cyberdelic Culture, as the late Dr. Timothy Leary phrased it. Obfuscation has always been the tool of first choice by online miscreants. To counter such frauds in cyberspace, a discussion called "The Anatomy of an address," was posted, July 7, 2022. The emphasis here was on knowing how domain architecture is presented may prevent many cyberattacks. Other useful tools available to all users for free to counter confusing domain names and email addresses were discussed. On November 5, 2022, readers were introduced to Domain Lookup and Email Verification tools free to use on the Internet. Lastly concerning personal addresses, The Dispatches reported on the growing trends of ISPs no longer offering email accounts, free or otherwise. And, how it might be best to secure your own email address and domain name while the one you want is still available.
If I ever listened to my endless stream of critics, I would never get
out of bed in the morning. So I don't listen. Blow it out your arse. I do listen and take into account, however, positive
feedback. And the one area of The Dispatches I do get feedback
concerns the CheatSheets. When it comes to diagnosing and
solving everyday Windows computing problems, I will match my skills and
experience to anyone and be the last one standing. Like Old
Will Sonnet would have said, "No brag. Just fact."
It is in this spirit that I created the
CheatSheets.
It wasn't all doom and gloom in The Dispatches; although any reporting
on the ebb and flow of the events happening in cyberspace will often be
all gloom and doom. My position about we humans and our use of
computers and the Internet has always mirrored that of the esteemed Dr.
Leary. Our computers have become extensions of ourselves, and the
Internet is a reflection and amalgamation of any such
anthropomorphic tendencies. As such, the
Internet has become the greatest tool ever invented for low to no cost
self enrichment. Like much human behavior itself, the Internet
experience is now equal to all that is good in human behavior
and most of what just plain sucks!
The one story that dominated all reporting among all the Digerati in
2022 was ransomware, and the coordinated attacks on healthcare and
educational institutions, not only nationwide, but
globally. Throughout 2022, The Dispatches made reference to its own
reporting on
the death of Baby Nikko Silar, whose entirely
avoidable death was the result of ignorance, evasion, and plain
malfeasance on the part of the hospital management in the wake of a
ransomware attack.
Happy New Year from Gerry and all
the Staff(wtf) here at |
|
Gerald Reiff |
Back to Top | ← previous post | next post TBA → |