Hi, y’all! Another Tuesday is upon us, and I can’t help but feel adrift in a sea of scary cyber security stories and sibilant “s”s. What? There’s a lot of stories to cover this week, but we’re not going to talk about Ukraine vs. Russia, so that should free up a ton of space. Here’s a couple of good ones:
FBI urges temporary phones for Olympic athletes
Well...yeah. Look, there’s really no way to talk about China and cybersecurity and/or the Olympics without it turning political. In lieu of that, let’s focus on the tech: everyone attending the Olympics in China will be required to download the Olympics app for COVID tracking, apparently among other things. You can imagine the security risks of running that app on your device, but don’t worry, because “China dismissed the concerns.”
277,000 routers exposed to Eternal Silence attacks via UPnP
Dang, y’all! If you’re not familiar with Universal Plug and Play, you’re better off: “UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically. This allows remote devices to access a particular software feature or device as necessary, with little configuration required by a user.” While enabling UPnP on your router can make some services work better (on my old next-gen firewall, UPnP was required for things like Xbox Live), it does come at a cost. If you don’t explicitly need it, just don’t use it.