Newsletter from Kushal

Containing random links to read about privacy, security, programming and FOSS in general. Sometimes about life.

In the last week's newsletter, I mentioned the book This Is How They Tell Me the World Ends: The Cyberweapons Arms Race. I hope a few of you already started reading it. This week we have new information about one of the major stories from the book. Apparently, the Chinese teams managed to get the same exploits from Equation Group 3 years earlier (2013) before the Shadow Broker leak. They were happily using the offensive tools against the USA, where the original exploits were found by the US folks only. This story warns us once again about why we should make responsible disclosures. All of the computer exploits can be used against the creator. You can read the wired story with details, or the Checkpoint report for technical details on how did they identify the exploits.

Special read

A story on Gabriel Weinberg and Duckduckgo

Podcast for the week

You should listen to Michael Foord talking to Brian from Test & Code on testing, TDD, and many things more.

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

At the end of September and the beginning of October, Telegram fixed a couple of vulnerabilities on its client applications. The actual flaws could enable any serious attacker to gain access to secret chats, photos or videos by just sending animated stickers. You can read the detailed story.

Another very exciting news came in the Python world, with the acceptance of PEP 634, aka “Pattern Matching”. Read the tutorial from Guido to see how it will look like. I love pattern matching in Rust, and now in the future, I will use the same in Python.

Must read book for the week

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth. You can read an excerpt from the book here.

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

This week I will just pass on the links I think you all should read. Hopefully this will help me to break out of the no newsletter state of mind. Last few months, I kept taking notes, but never managed to sit down and write this.

Must read

Video for the week

This video is different, it is in Hindi language, with English subtitles. It is for the generation of folks who grew up with Internet. Please watch till the end. And if you don't know the person, then search about him after you watched the video.

Book for the week

We Are Bellingcat.

Bellingcat is an independent international collective of researchers, investigators and citizen journalists using open source and social media investigation to probe a variety of subjects

I hope you will enjoy the book.

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

For the last few months, there were no letters from me. My wife, Anwesha is showing COVID symptoms, and the tests came negative. But, her trouble is still continuing for around 3 months now. So, I tried to focus on minimal things.

As I am trying to get back into a routine, I will most probably write much shorter notes here.

On the major news, a 6600 words memo from former Facebook data engineer, Sophie Zhang is giving us how Facebook ignored fake accounts. These accounts mostly represented governments across the world and cause misinterpretation and changed political stories in elections around the world.

Must read

A story on the recent lawsuite against The Internet Archive.

Service to try this week

If you have a Twitter account and want to delete old tweets/dms, you must try Semiphemeral from Micah F Lee.

Book for this week

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

This week a small Indian company made a name for themselves when Citizen Lab reported how they hacked too many people as “hackers for hire”. Nicknamed as “Dark Basin” is the company BellTroX InfoTech Services based out of Delhi. They attacked people from different backgrounds, journalists, NGOs, EU parliament members. You should also read the excellent story from Reuters on the same topic.

Must read

Many of the young readers never read the Hacker Manifesto published in the Phrack back in 1986.

Book for the week

I discovered Practical Typography and enjoyed a lot reading this. The book is filled with various practical tips and details, which we don't think much on a typical day. But, I feel this is something everyone should read at least once.

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

Two weeks ago I did a full week Advanced Programming training under David Beazley. I wanted to do a full training under him for over a decade, and I finally managed to do so. In this training we talked about different programming ideas, and used Python to solve in a few things. But, it was not about using Python, but more on how to think about a problem. The course had a lot to digest.

During the training I remembered a question from a non computer science person, they wanted to read/view something to know and understand the basic terms related to Computer Science. This is an almost 8 hours long 41 video course on that topic from Carrie Anne Philbin . It contains the history and many important details.

This week we also had the Tor Browser 9.5 release, which includes many user focused features. I wrote about a few in my blog.

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

Facebook buying Gify is one of the biggest stories of this week. This purchase provides Facebook access to many forums or internal chat rooms or Slack channels, which was not possible for them before. People, who care about their privacy, now have to think twice before using any GIFs from them. Signal also allows using GIFs in their messaging system, but they made sure that it does not break people's privacy. Many users asked this question on Twitter this week and Signal was ready :)

On another big news, US Santa Cruz police used surveillance devices from the military on students. This story should remind you that things don't only happen in Hollywood spy movies. The problem is real, and all of our privacy is at risk.

Meanwhile, NSO changed their product's name, and tried to sell it to local US police departments. Another amazing story from Joseph Cox.

Before you close the email (or the tab on the browser), I want you to read this excellent story on Marcus Hutchins by AndyGreenberg. I found the story very detailed with many previously unknown facts about Marcus, but super personal at the same time.

Sandworm is one of the best book I read in 2019 (from the same) author. If you never read yet, please get a copy and read it through. You will not only enjoy the book, and also learn many new facts.

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

Last week there were many different big news. We had significant size data breaches to Zoom buying https://keybase.io. Though a few friends are not happy about this acquisition, most of the people just want to wait. To see how this goes. There is a big chance that the Keybase team will stay back and make Zoom better.

In my last newsletter, I pointed out an attack in the wild using Salt Stack. After I sent out the newsletter, there were other instances of the attack using the same vulnerability. Here is a detailed blog post on the Akamai site about the same.

Video for the week

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

This week I want to point you to this video about the Cobol programming language by Professor Mar Hicks. It is 13 minutes long. This means you can learn a bit about history very quickly.

There is also an interview with Ali Gharavi published a few weeks ago. Here he talks about his arrest, detention, and about the court case.

Video for the week

  • Static Typing in Python by Dustin Ingram

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

In the last few weeks, video conferencing became the primary way to stay in touch. Zoom saw a raise in daily users, 10 million per day, to 300 million per day. The company preferred to focus on usability than security aspects. But this is also when you have security researchers worldwide sitting at home in locked down condition. Becoming the most visible product in the market at this hour has a downside :) People found all sorts of issues in Zoom.

If you are still trying to understand the difference between various video conferencing tools, my friend and colleague Martin Shelton wrote this detailed article listing many of the major tools.

Video for the week

If you want to discuss any of these topics, hop on to the Freenode server (IRC), and come to the #learnandteach channel. Or you can find me on fediverse https://toots.dgplug.org/@kushal.

Kushal

Enter your email to subscribe to updates.