Dramatically constructed based on a true story: as civil war rages in Mogadishu, rival North and South Korean diplomats are left trapped. With no aid from either government, their only shot at survival may require uniting with bitter adversaries to escape.
An obvious way people are made happier is when they have the trust to build connections and be more social (even misery enjoys company). That’s the underlying wisdom of this true story.
I found it particularly interesting the North Koreans are depicted as competent, professional and coldly rational or calculating. The South Koreans are depicted as the opposite being incompetent, unprofessional and mostly emotional or moral feelings. I’ve reflected on this before given another movie from South Korea.
It’s also completely different to how Americans typically portray the two sides (trying to frame North Koreans as incompetent and emotional), which also reminds me of a presentation I gave called “Dar-win or Lose“: the Cuban Missile Crisis gives critical insight into why Big Data Platforms are doomed (led by coldly rational management instead of moral feelings).
In 2019, WhatsApp patched CVE-2019-3568, a vulnerability exploited by NSO Group to hack Android phones around the world…. […] The spouse, key staff members, and close associates of Carles Puigdemont (MEP, JUNTS) were all targeted…. We count up to eleven individuals that fit this category. For example, Marcela Topor, his spouse, was infected at least twice (on or around October 7, 2019 and July 4, 2020).
…Gallagher’s concerns were being aired just as FBI wiretaps and bugs targeting Martin Luther King were believed to have violated the privacy rights of over 6,000 people by 1968.
In addition to spying to everyone around a person of interest, the method used by Spain is technically interesting because software patching usually diminishes with degrees of separation from a target.
Does everyone in your circle of family and friends update regularly? They should.
The WhatsApp CVE-2019-3568 cited above was a particularly critical buffer overflow — rated by some as CVSS 9.8 out of 10 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It led to unauthenticated remote access.
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
What do I mean by update regularly? This official vulnerability notice for WhatsApp was published 14 May 2019. I tried my best to warn at that time…
Facebook’s “secure” messaging app has been found vulnerable to compromise by a simple call.
That makes timing of the above October 2019 and July 2020 infections even more noteworthy because exploits happened many months late.
Could a simple patch within a month of notice (customary turnaround given the CVSS 9.8 rating) blocked the attacks on a politician’s spouse? And more importantly perhaps would a politician’s spouse have updated quickly?
In other words, here’s the real twist to this otherwise routine story, which should be reported far more widely. On April 11, 2019 a disgraced and fired former CSO of Facebook went on tour to promote WhatsApp as “the most privacy enhancing” product of all time.
Source: Twitter
And here’s a pro-tip about encryption: It doesn’t do anything to protect privacy when its application opens up a giant vulnerability giving open access to the system it runs on. Facebook (e.g. WhatsApp) thus may be recorded as the most privacy-destroying software in history because of its deceptive claims about safety.
Their ex-CSO could have been warning about the litany of security vulnerabilities in software that makes it an inherently untrustworthy communication channel, requiring careful management and maintenance — WhatsApp being no exception. That’s normal security professional advice (again, as I warned in May 2019).
Instead it seems overconfidence and bluster went unchallenged until far too late, a story all too familiar for those who know what’s going on behind the scenes in Silicon Valley.
For nearly a decade now and certainly since 2015 I’ve warned Spanish-speaking officials (among others) to ignore encryption puffery — not to trust WhatsApp for communication.
Given these technical details the political part of the story that seems to get lost in the news is that Facebook has strong ties with Russia, Catalan separatists had strong ties with Russia, and so… Catalans using Facebook were spied on by Western intelligence because Facebook (like Russia) is so awful at real security.
The BBC has just published an excellent article called “Confronting my family’s slave-owning past”
As I grappled with the philosophical question of whether personally I owed anything, I sought the advice of Sir Hilary Beckles, the historian and vice-chancellor of the University of the West Indies who is the chair of the Caricom Reparations Commission.
“Slavery is not in the past,” said Sir Hilary. “Our grandparents remember their great-grandparents who were slaves. Slavery is part of our domestic present. Slavery denies you access to your ancestry. It leaves you in this empty void.”
Indeed. Slavery is not only part of our domestic present, I regularly present it as fundamental to understanding the near future of AI and robotics.
Reading this “digital protest” story at face value makes a justice process sound rather… disproportionate.
Christopher Doyon, also known as “Commander X,” will be sentenced June 28 in U.S. District Court California Northern District. On Tuesday, Doyon appeared before District Judge Beth Labson Freeman to reverse his earlier plea of “not guilty.” The change of course came as part of a plea agreement in which the U.S. Attorney’s Office will recommend a 15-year prison sentence for Doyon, according to court documents. […] Santa Cruz County officials estimated damages to the computer network as a result of the conspiracy at approximately $4,060.
Denial of service isn’t exactly hacking into county services, since it’s more like sleeping on the court steps than walking into court. A fifteen year sentence for damage of less than $5K sure sounds extreme, given how his crimes are being reported.
a blog about the poetry of information security, since 1995
