Dithering Digest 20 - Weekly Tech News Roundup

Posted by Colin on Fri, Mar 29, 2024

Welcome to issue #20 of the Dithering Digest Weekly Tech News Roundup.

It has been a pretty terrible week or so for Apple. EU rulings, major companies ganging up to support Epic against Apple, the US DoJ starting an anti-trust case against them and password reset attacks against Apple ID users.

And plenty more scary cyber-security news to wash it down with.

Enjoy the links and the holiday weekend if you celebrate it!

This week on Intelligent Dithering

This week I managed to get 2 posts out! One on the excellent free app TLS Inspector for iOS and one on how I built a cheap DIY home energy monitor using £20 of parts and the excellent Home Assistant.

Apple Processors found to have major cryptographic flaw

Researchers have found a flaw in the architecture of Apple’s M-series chips (which they have named GoFetch) used in their modern Macs. It allows the researchers to collect secret encryption keys from the device. As this flaw is in hardware it will be very hard for Apple to fix without adding serious bottlenecks in software.

GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs)," the researchers explain. “We show that DMPs are present in many Apple CPUs and pose a real threat to multiple cryptographic implementations, allowing us to extract keys from OpenSSL Diffie-Hellman, Go RSA, as well as CRYSTALS Kyber and Dilithium.”

Two links to read up on for this one.

🔗 Hackster.io

🔗 Six Colors

DoJ launch antitrust case against Apple

The US Department of Justice has launched an anti-trust / monopoly case against Apple. This is similar to the case brought against Microsoft back in the 90s and could be a real problem for Apple.

In the last month or so Apple have been forced to make a lot of changes in the US, but mainly in the EU after the DMA act came into effect. This could force even more changes although cases like this tend to rumble on for months or years, so it may be a while before we see concrete results.

The link is to an article by John Voorhees from MacStories who used to be a lawyer and forms a fantastic breakdown of the charges against Apple.

🔗 MacStories

More companies join Epic Games in Apple pile-on

Meta, Microsoft, X (formerly Twitter) and Match Group have requested permission to file an amicus brief in support of Epic’s motion to enforce an injunction that could have major ramifications for Apple.

The complaint is mostly around Apple’s anti-steering rules that prevent developers from informing users that they could buy direct to save money by avoiding Apple’s 30% fee.

🔗 The Register

EC investigation DMA Compliance

Apple and Google are being investigated again by the European Commission as it appears they are not in fact fully compliant with the new Digital Markets Act. Apple have made changes but the EC aren’t impressed and might step in again to push Apple further in the right direction.

🔗 Six Colors

Apple ID users targeted with barrage of password reset prompts

In an attack know as MFA-fatigue, attackers will keep sending Multi Factor Authenication requests or password reset prompts to a user. When a user gets too many, some will just reset it in an attempt to stop the barrage. This will sometimes be followed up with a fake call from “Apple Support” which then feels more legit in conjunction with the requests.

Have a read and educate yourself on how to stay safe.

🔗 Ars Technica

macOS Sonoma 14.4.1 release to fix issues

You might remember from last week’s roundup that the 14.4 update caused several issues with Java apps, printers and USB Hubs.

Apple have just released a fix that should solve many of these problems. Finally some good news from Apple!

🔗 9 to 5 Mac

SWIFT embraces central bank digital currencies after sandbox success

Many countries are investigating digital currencies to increase efficiency and track spending. Central Bank Digital Currencies (CBDCs) would be digital versions of your existing currency (dollars, pounds, euros etc). Most banks use SWIFT for international money transfers but it is slow and clunky. However, after a recent internal test, SWIFT have announced that they will integrate with these new CBDCs to allow banks to operate as they currently do but gain the advantages of the new systems.

🔗 The Register

Justice Dept indicts 7 in 14-year Chinese government hacking campaign

Seven men have been charged with being part of a 14-year campaign to commit economic espionage and intelligence gathering on behalf of the Chinese government.

More and more attacks have been linked to the Chinese government and their hacking team Typhoon Volt and there are fears that critical infrastructure like water treatment, power stations and logistics will be targeted to cause mass panic and debilitate a country.

🔗 Ars Technica

Google research suggests 56% increase in zero-day attacks

Search giant Google’s Threat Analysis Group have released a report suggesting that zero-day vulnerabilities have been used 56% more last year than in previous years. More and more cybercriminals are realising the lucrative opportunities presented by finding these in enterprise hardware and software.

🔗 Google Threat Analysis Report

Computer Joke of the Week

We’ll we’ll we’ll…if it isn’t autocorrect.

If you have any cool projects or tinkering you are doing, let us know and we will feature it in future issues of the digest. I would love to hear what you are all dithering on!

Until next week, happy dithering!



comments powered by Disqus