April 25, 2022
David Redekop

TWINN Security News April 25

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Let’s talk about VPNs. Specifically the retail VPN service providers that supposedly offer security, anonymity, privacy, etc. For between $5-12/mo you can typically have your traffic from your computer or mobile device re-routed through another city or country. The marketing for VPNs is almost always misleading because there’s only one technical feature to such a VPN, which is that the IP address your computer is coming from is masked. The value of changing your IP address is quite debatable, but the cost of doing so is quite another. Here’s an example of why:

New research reveals Surfshark, TurboVPN, VyprVPN are installing risky root certificates. This is not good, and yet it is this widespread. There is a way to use retail VPNs safely, though. It boils down to an approach we’ve long advocated for. If you have an actual need to change your IP address, the way to do it is to make such a VPN connection from your router itself so that you can selectively re-route traffic. We will be discussing this more in upcoming blog articles.

Anomaly Six demo’s surveillance powers. They claim to monitor the movements of billions of phones around the world and unmask spies with the press of a button. We cannot get calloused about this, especially in light of this next story.

How Democracies Spy on Their Citizens. With power comes corruption. It is too opportunistic for governments of all kinds now to conduct surveillance. While it cannot likely be stopped as a whole, we can and must individually adopt all sorts of non-defaults to keep a degree of privacy and security for those we care about.

Google, Mandiant Share Data on Record Pace of Zero-Day Discoveries. “As an industry we’re not making 0-day hard” says Maddie Stone. Organized crime knows this, of course, and therefore is able to continue to conduct as they are.

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

Did you know? 

The difference between a first-party ad and a third party ad is simply who does the serving. First party ads don’t serve malware, third parties often do. You’ll notice in my video recordings of my TWINNs that some publications’ ads show while others don’t. I do not run a browser-based ad-blocker, only the security gateway blocks third party ads.

For a video version of this, see https://youtu.be/6swg1is94OM