Pete Recommends – Weekly highlights on cyber security issues, December 31, 2022

Subject: Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme
Source: WIRED

Plus: An offensive US hacking operation, swatters hacking Ring cameras, a Netflix password-sharing crackdown, and more.

[several summaries … ]

We at WIRED are winding down for the year and gearing up for what is sure to be an eventful 2023. But 2022 isn’t going down without a fight.

This week, following a new surge in mayhem at Twitter, we dove into exactly why the public needs real-time flight tracking, even if Elon Musk claims it’s the equivalent of doxing. The crucial transparency this publicly available data provides far outweighs the limited privacy value that censoring would give to the world’s rich and powerful. Unfortunately, Musk’s threats of legal action against the developer of the @ElonJet tracker are having broader chilling effects.

Meanwhile, Iran’s internet blackouts—a response to widespread civil rights protests—are sabotaging the country’s economy, according to a new assessment from the US Department of State. Due to heavy sanctions on Iranian entities, the exact economic impact of Tehran’s internet blackouts is difficult to calculate. But experts agree it’s not good.

You may have encountered the Flipper Zero in a recent viral TikTok video—but don’t believe everything you see. WIRED’s Dhruv Mehrotra got his hands on the palm-size device, which packs an array of antennas that allow you to copy and broadcast signals from all types of devices, like RFID chips, NFC cards, and more. We found that while the Flipper Zero can’t, say, make an ATM spill out money, it allows you to do plenty of other things that could get you into trouble. But mostly, it allows you to see the radio-wave-filled world around you like never before.

But that’s not all. Each week, we round up the security stories we didn’t cover in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there.


Subject: Week in review: LastPass breach disaster, online tracking via UID smuggling, ransomware in 2023
Source: Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:[16 references to articles]


Subject: How to Use ChatGPT and Still Be a Good Person
Source: New York Times

The New York Times: [reg. req(*)] “The past few weeks have felt like a honeymoon phase for our relationship with tools powered by artificial intelligence. Many of us have prodded ChatGPT, a chatbot that can generate responses with startlingly natural language, with tasks like writing stories about our pets, composing business proposals and coding software programs. At the same time, many have uploaded selfies to Lensa AI, an app that uses algorithms to transform ordinary photos into artistic renderings. Both debuted a few weeks ago. Like smartphones and social networks when they first emerged, A.I. feels fun and exciting. Yet (and I’m sorry to be a buzzkill), as is always the case with new technology, there will be drawbacks, painful lessons and unintended consequences. People experimenting with ChatGPT were quick to realize that they could use the tool to win coding contests. Teachers have already caught …”NB: (*) sharable NYT article link

Abstracted from beSpacific
Copyright © 2022 beSpacific, All rights reserved.

Subject: psuPete: “Every year, WIRED assembles a …”
Source: Wired via Newsie Social

Every year, WIRED assembles a list of the most dangerous people on the #internet. For the first time since 2015, Donald Trump doesn’t top this list. But there’s no shortage of new sources of instability and disruption online. Here are our picks for 2022….

Subject: Arresting IT Administrators
Source: Schneier on Security

Arresting IT Administrators. This is one way of ensuring that IT keeps up with patches:

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers.

Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software.

Tags: antivirus, cyberattack, law enforcement, patching

RSS feed for patching:

Subject: The Worst Scams of 2022 – and How to Protect Yourself
Source: Tech.Co

Cybercriminals from all four corners of the globe have wasted no time targeting email inboxes, WhatsApp chats, Facebook’s marketplace, and Crypto wallets during the past twelve months, utilizing the latest social engineering techniques to dupe unsuspecting victims into parting ways with their private information and hard-earned cash.Being aware of the scams that took place in 2022 – and knowing what’s out there as we head into 2023 – is one of the best ways to protect yourself. In this article, we cover:



Subject: US House boots TikTok from government phones
Source: The Register

ByteDance ban for federal devices awaits Biden’s signature

And the US House of Representatives isn’t waiting until January 1 to get started. In an email to members and staff Tuesday, the Committee on House Administration (COA) banned the use of TikTok from House-managed mobile devices.

“The Office of Cybersecurity has been deemed the TikTok mobile application to be a high risk to users due to a number of security risks,” the email reads.

Late last week, ByteDance revealed that its employees had accessed the user data of journalists to find the source of leaked company information.

Moving forward, anyone working in the lower chamber who downloads or fails to remove the app will be contacted by the COA Office of Cybersecurity, according to the statement. However, the ban won’t be limited to the House for much longer.

A broader measure that would ban the app on all federally-managed devices was included in the $1.66 trillion omnibus spending bill passed last week. The bill now awaits President Joe Biden’s signature.

Subject: AI paper mills and image generation require a coordinated response from academic publishers
Source: LSE Impact Blog

LSE Impact Blog: “The role of AI in the production of research papers is rapidly moving from being a futuristic vision, towards an everyday reality; a situation with significant consequences for research integrity and the detection of fraudulent research. Rebecca Lawrence and Sabina Alam argue that for publishers, collaboration and open research workflows are key to ensuring the reliability of the scholarly record. The latest iteration of OpenAI’s Artificial Intelligence (AI) chatbot, ChatGPT, and the bot’s almost uncanny capability to write poetry and academic essays that are very difficult to distinguish from human-centric production has recently, and much like other companies linked to Elon Musk, caused a stir in the world of research. This is raising the spectre of AI in the service of research fraud and a race-to-the-bottom in research output and publication. As John Gapper warned in the Financial Times, “…if an unreliable linguistic mash-up is freely accessible, while original research is costly and laborious, the former will thrive”. Does a new age of research desk top paper mills that are in easy reach of everyone anywhere present a real and present danger to research integrity? In short, the risk is already with us. …

Abstracted from beSpacific
Copyright © 2022 beSpacific, All rights reserved.

Blog site:


Subject: Happy 12th Birthday, KrebsOnSecurity!
Source: Krebs on Security

Until recently, I was fairly active on Twitter, regularly tweeting to more than 350,000 followers about important security news and stories here. For a variety of reasons, I will no longer be sharing these updates on Twitter. I seem to be doing most of that activity now on Mastodon, which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. I will also continue to post on LinkedIn about new stories in 2023.

RSS feed:

Subject: How to Wipe a Computer Clean of Personal Data
Source: Consumer Reports

Before selling, donating, or recycling your outdated laptop or desktop, protect your privacy with this important step.

Short of removing the hard drive (which you could do, but then the next owner would have to install a new drive), the best solution is to perform what’s known as a factory reset, which technically wipes the drive clean of personal data.

Why can’t you simply delete your Downloads folder, log out of your accounts, and call it a day?

Posted in: AI, Congress, Criminal Law, Cryptocurrency, Cybercrime, Cybersecurity, Financial System, Privacy, Social Media