This being the week before defcon, we discuss what we expect at the virtual defcon:
Teens charged with the twitter hack: https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles-twitter-hack
Garmin paid the ransomware for their user’s data: https://www.theverge.com/2020/7/27/21339910/garmin-back-online-recovery-ransomeware
Defcon discord: https://discord.gg/defcon
We try to describe what happened on twitter that lead to the account takeovers: https://www.schneier.com/blog/archives/2020/07/on_the_twitter_.html
Cloudflare takes the internet down: https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
VPN may have logs: https://nakedsecurity.sophos.com/2020/07/20/7-vpns-that-leaked-their-logs-the-logs-that-didnt-exist/
Show notes: These are the show notes we wrote before talking about the topic. I tried to take out the inaccuracies, but some may remain.
CISC – Complete Instruction Set Computing
RISC – Reduced Instruction Set Computing Instructions are the abilities of the silicone.
CISC is Intel/AMD/PowerPC
RISC is ARM and their variants.
Windows uses CISC, specifically the intel chipset to run. That is why we couldn’t boot windows until 2005 when Apple went intel.
ARM on mobile came about because of power requirements, really. ARM is better for battery life. Simply put, 30% (don’t ask for a citation) of an intel chip is keeping legacy instructions around.
Imagine what it could do if it could do something else with that power.
The issue is the windows codebase still relies on it. Microsoft tried with Surface RT, but failed, miserably.
So take an app like office or skype. It is written for x86. The work around is that they written it for the corresponding app stores. This is why skype on chromebooks didn’t work until they got apps working on ChromeOS.
Since apple controls everything, they can make this move. However they NEED the big players. W
e spoke about how awesome Office 365 is. They made the apps working on ARM. Now they can just port over some desktop features and call it a day.
I feel like we discussed this topic before, but yes, we talk about coffee. Since security news is sparse right now, we take a sidebar on a topic that is near and dear to our heart.
Zoom adds E2EE for everyone: https://blog.zoom.us/wordpress/2020/06/17/end-to-end-encryption-update/
IOT Vulnerabilities: https://www.zdnet.com/article/ripple20-vulnerabilities-will-haunt-the-iot-landscape-for-years-to-come/
Coffee links:
Grinder: https://amzn.to/2Ndg3JM
Aeropress: https://amzn.to/3hFJJgI
FrenchPress: https://amzn.to/2UYdjUU
Mr. Coffee: https://amzn.to/3dfArEX
Cold Brew: https://amzn.to/2CnfwD1
We talk about Google’s and Apple’s Contact Tracing endeavors. While I’m okay with it, Tom rips it to shreds, based on the obvious privacy issues and false positives.
I know I messed up the intro.