April 25, 2022
David Redekop

This Week In Nerd News – April 25, 2022

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Let’s talk about VPNs. Specifically the retail VPN service providers that supposedly offer security, anonymity, privacy, etc. For between $5-12/mo you can typically have your traffic from your computer or mobile device re-routed through another city or country. The marketing for VPNs is almost always misleading because there’s only one technical feature to such a VPN, which is that the IP address your computer is coming from is masked. The value of changing your IP address is quite debatable, but the cost of doing so is quite another. Here’s an example of why:

YouTube video

New research reveals Surfshark, TurboVPN, VyprVPN are installing risky root certificates.

This is not good, and yet it is this widespread. There is a way to use retail VPNs safely, though. It boils down to an approach we’ve long advocated for. If you have an actual need to change your IP address, the way to do it is to make such a VPN connection from your router itself so that you can selectively re-route traffic. We will be discussing this more in upcoming blog articles.

Several well-known VPN providers – including Surfshark, TurboVPN and VyprVPN – are among six brands called out for a risky practice that potentially undermines user security.


Read More: New research reveals Surfshark, TurboVPN, VyprVPN are installing risky root certificates


Anomaly Six demo’s surveillance powers.

They claim to monitor the movements of billions of phones around the world and unmask spies with the press of a button. We cannot get calloused about this, especially in light of this next story.

Resource: Anomaly Six demo’s surveillance powers. 


How Democracies Spy on Their Citizens. With power comes corruption.

It is too opportunistic for governments of all kinds now to conduct surveillance. While it cannot likely be stopped as a whole, we can and must individually adopt all sorts of non-defaults to keep a degree of privacy and security for those we care about.

The parliament of Catalonia, the autonomous region in Spain, sits on the edge of Barcelona’s Old City, in the remains of a fortified citadel constructed by King Philip V to monitor the restive local population. The citadel was built with forced labor from hundreds of Catalans, and its remaining structures and gardens are for many a reminder of oppression. Today, a majority of Catalan parliamentarians support independence for the region, which the Spanish government has deemed unconstitutional. In 2017, as Catalonia prepared for a referendum on independence, Spanish police arrested at least twelve separatist politicians. On the day of the referendum, which received the support of ninety per cent of voters despite low turnout, police raids of polling stations injured hundreds of civilians. Leaders of the independence movement, some of whom live in exile across Europe, now meet in private and communicate through encrypted messaging platforms.


Read More: How Democracies Spy on Their Citizens


Google, Mandiant Share Data on Record Pace of Zero-Day Discoveries.

“As an industry we’re not making 0-day hard” says Maddie Stone. Organized crime knows this, of course, and therefore is able to continue to conduct as they are.

Google and Mandiant separately called attention to a dramatic surge in the discovery of in-the-wild zero-day attacks and warned that nation-state APT actors, ransomware gangs and private mercenary exploit firms are burning through zero-days at record pace.


Read More: Google, Mandiant Share Data on Record Pace of Zero-Day Discoveries


FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide.

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November.


Read More: FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide


Did you know?

The difference between a first-party ad and a third party ad is simply who does the serving. First party ads don’t serve malware, third parties often do. You’ll notice in my video recordings of my TWINNs that some publications’ ads show while others don’t. I do not run a browser-based ad-blocker, only the security gateway blocks third party ads.

Need an IT professional? Request service today.