Table of Contents
Between a ransomware attack blocking an oil pipeline in the US, and new vulnerabilities found in the WiFi standard, plenty of things happened this week again in the cryptocurrencies, darknet, security, and privacy spaces. Find out more in our weekly news recap, in less than a thousand words.
Tesla Stopped Accepting Bitcoin (Twitter, Elon Musk)
Despite starting allowing Bitcoin as a payment method in February this year, Elon Musk, Tesla’s CEO, announced that Tesla suspended accepting the cryptocurrency amid alleged concerns about the rapid use increase of fossil fuels for Bitcoin mining. Nevertheless, Musk said he still believes cryptocurrencies have a promising future and that Tesla will not sell any Bitcoins, as it intends to “use it for transactions as soon as mining transitions to more sustainable energy”. Tesla is “looking at other cryptocurrencies that us <1% of Bitcoin’s energy/transaction”, he added. After this announcement, Bitcoin’s price fell by a few thousand dollars.
Tracking One Year of Malicious Tor Exit Relay Activities (Part II) (Medium - Nusenu)
A researcher tracked an entity attacking Tor users. Discovered in August 2020, the attackers controlled, on average more than 14% of the exit relays. The percentage reached 27% this February, and they even tried to add 1,000 exit relays to the network in early May.
Dreaming At Dusk (Tor Project Blog)
Dusk, the first onion service ever created, is now being auctioned. The winner will become the owner of a generative art piece derivated directly from Dusk’s private key, which he will also obtain.
General Security #
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized (Krebs on Security)
The DarkSide ransomware caused much uproar this week, as it was responsible for a six-day outrage at Colonial Pipeline, causing fuel shortages and price spikes across the US. After that, the group announced by Telegram that their servers were seized and their cryptocurrencies sent to an unknown account. Colonial Pipeline allegedly paid USD 5 million to get back access to their infrastructure.
DarkSide is a ransomware as a service with potential links to REvil Group, according to FlashPoint. After DarkSide was used on Colonial Pipeline, the group released a statement saying that they are apolitical, and just aim to make money rather than participate in geopolitics. From now, they would “introduce moderation and check each company that our partners wants to encrypt to avoid social consequences” (see this article).
FragAttacks: Presentation at USENIX Security ‘21 (YouTube, Mathy Vanhoef)
A security researcher found multiple designs and implementation flaws impacting the WiFi standard. According to his research, it is likely that every WiFi product is affected by at least one, if not multiple, vulnerabilities. Vanhoef also uploaded a proof of concept on WPA2/WPA3 showing how it is possible to make a victim use malicious DNS servers just by being sent a picture by email and how it is possible to turn on connected power sockets remotely. For more details, Malwarebytes wrote an article, and the paper is also available here.
KeyPass developers shipped a new version of its password database: KDBX 4.1. This update allows assigning tags to groups, disabling password quality estimations for individual entries, naming custom icons, and a couple of other features. For compatibility purposes, KeePass will keep using the old version of the database by default until the major KeePass ports support the new one. The software will use KDBX 4.1 if one of the new features is used.
Security keys are now supported for SSH Git operations (GitHub Blog)
GitHub announced that they shipped support for using security keys (such as the Yubikey) when using Git over SSH. Using this feature would allow having the sensitive part of your SSH key stored into the security key, therefore protecting it in the case of a compromised system. Once the key is generated and the setup completed, the only difference when using this feature would be to touch the key when doing Git remote operations.
WhatsApp to restrict features if you refuse Facebook data sharing (Bleeping Computer)
A few months earlier, WhatsApp announced that it would change its policy to allow sharing users’ data with Facebook. At that time, they announced that people would have to choose to either accept the conditions or have their account deleted. However, WhatsApp stated this week that your account would be restricted for a few weeks if you don’t accept the new policy. These restrictions would be to only have the ability to answer incoming calls, call back on missed ones, and reply to messages if you have notifications enabled. After that, you won’t be able to receive any notifications or do anything before accepting the new terms. Meanwhile, the German data protection agency issued an order banning Facebook from procesing WhatApp user data for the next three months ( Bleeping Computer).
Cloudflare announced that they are working on a way to replace traditional captcha. To do so, they are planning to take advantage of hardware security keys (such as Yubikey). Users would just be asked to press the key to clear the challenge instead of bothering with solving a traditional problem.