Send Link mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.anu.edu.au/mailman/listinfo/link
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Link digest..."
Today's Topics:
1. Global financial services blockchain plan (Stephen Loosley)
2. O/t: "The U.S. might lose a war with China, congressional
commission says" (Stephen Loosley)
3. 'Kaspersky's observations..' (Stephen Loosley)
4. SteamOS maybe General Distribution Release (Stephen Loosley)
----------------------------------------------------------------------
Message: 1
Date: Mon, 12 Aug 2024 15:43:42 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] Global financial services blockchain plan
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
`
Singapore's central bank debuts global financial services blockchain plan
The Monetary Authority of Singapore (MAS) has detailed [PDF] its exploration of
a multi-purpose shared ledger infrastructure it envisions will be jointly
developed by regulated financial institutions, and used to oversee their
affairs.
https://www.mas.gov.sg/-/media/mas-media-library/development/fintech/guardian/gl1---whitepaper.pdf
"The legacy infrastructure underpinning global financial markets was developed
decades ago, resulting in siloed databases, disparate communication protocols,
and significant cost incurred maintaining proprietary systems and bespoke
integrations," explained MAS. "While global financial markets have remained
robust and resilient, the needs of the industry have grown in sophistication
and scale."
Due to this fragmentation, the central bank reckons all would be served best by
an entirely new interoperable system, and aims to foster the development of a
shared layer infrastructure for hosting tokenized financial assets and
applications.
The planned system has the lofty assignment of standardizing the way digital
assets, smart contracts, and digital identities are managed, while unlocking
funds that are currently stuck in separate systems and also reducing costs.
Financial institutions are expected to use this shared platform to issue,
trade, settle, and manage digital assets, while also streamlining cross-border
transactions.
"By tapping into the capabilities in the broader financial ecosystem, financial
institutions can provide a richer and wider suite of services to end users and
get to market faster," explained the central bank.
`
------------------------------
Message: 2
Date: Mon, 12 Aug 2024 15:45:38 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] O/t: "The U.S. might lose a war with China,
congressional commission says"
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
https://www.defenseone.com/threats/2024/07/the-d-brief-july-30-2024/398423/
New: The U.S. might lose a war with China, congressional commission says.
This is because the U.S. military ?lacks both the capabilities and the capacity
required to be confident it can deter and prevail in combat,? in the judgment
of the Commission on the National Defense Strategy, a group of former lawmakers
and military leaders, and policy experts.
See: "RAND: Commission on the National Defense Strategy"
https://www.rand.org/nsrd/projects/NDS-commission.html
"Congress established the Commission on the National Defense Strategy by
statute to examine and make recommendations with respect to the National
Defense Strategy"
Among its findings, per the RAND Corp., which supported the effort:
?The United States faces the most challenging global environment... since the
end of the Cold War. The trends are getting worse, not better.
?DoD cannot, and should not, provide for the national defense by itself... A
truly ?all elements of national power? approach is required to coordinate and
leverage resources across DoD, the rest of the executive branch, the private
sector, civil society, and U.S. allies and partners.
?DoD is operating at the speed of bureaucracy when the threat is approaching
wartime urgency.
?The NDS force-sizing construct is inadequate for today?s needs and tomorrow?s
challenges. We propose a Multiple Theater Force Construct?with the Joint Force,
in conjunction with U.S. allies and partners?sized to defend the homeland and
tackle simultaneous threats in the Indo-Pacific, Europe, and the Middle East."
?U.S. industrial production is grossly inadequate...
?The Joint Force is at the breaking point of maintaining readiness today.
Adding more burden without adding resources to rebuild readiness will cause it
to break.
?The United States must spend more effectively and more efficiently to build
the future force, not perpetuate the existing one.
Additional resources will be necessary. Congress should pass a supplemental
appropriation to begin a multiyear investment in the national security
innovation and industrial base.?
Congressional reax: ?The American public must be educated on the threats we
face, and encouraged to engage in national service, whether through the
military or civil service. I support the Commission?s urgent call to engage
more in this area,? said Senate Armed Services Committee Chairman Jack Reed
from Rhode Island in his opening statement for Tuesday?s hearing.
?In light of the wide-ranging global security challenges presented by Chinese
aggression in the Indo-Pacific region, Russia?s invasion of Ukraine, and the
persistent terrorist threat posed by extremist groups and rogue regimes, the
committee would appreciate the Commission?s assessment of the resources
necessary to prevail in strategic competition, as well as its recommendations
for strengthening U.S. global engagement and alliances,? said Reed.
New: Five firms will compete to make brains for USAF robot wingmen. One or more
will eventually be chosen to produce autonomous control systems to be
integrated onto collaborative combat aircraft built by General Atomics and
Anduril, the Air Force?s program executive officer for fighters and advanced
aircraft said Monday. Which firms? Defense One?s Audrey Decker reports, here.
https://www.defenseone.com/threats/2024/07/five-firms-will-vie-make-brains-usaf-robot-wingmen/398416/
And lastly: Can Donald Trump really build an Iron Dome over America? ?
In a word, no. The president-turned-candidate is still selling the same old
missile-defense snake oil,? writes national-security analyst Joe Cirincione in
an op-ed that doubles as a quick summary of what kinds of systems can shoot
down what kind of missiles, and why Trump, the GOP?s 2024 platform, and Project
2025 seem to all get it wrong.
Read that, here.
https://www.defenseone.com/ideas/2024/07/can-donald-trump-really-build-iron-dome-over-america/398394/
--
------------------------------
Message: 3
Date: Mon, 12 Aug 2024 16:54:19 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] 'Kaspersky's observations..'
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
`
Chinese hacking groups target Russian government, IT firms
By Bill Toulas August 11, 2024 12:16 PM
https://www.bleepingcomputer.com/news/security/chinese-hacking-groups-target-russian-government-it-firms/
A series of targeted cyberattacks that started at the end of July 2024,
targeting dozens of systems used in Russian government organizations and IT
companies, are linked to Chinese hackers of the APT31 and APT 27 groups.
Kaspersky, who discovered the activity, dubbed the campaign "EastWind,"
reporting that it employs an updated version of the CloudSorcerer backdoor
spotted in a similar cyberespionage campaign from May 2024, also targeting
Russian government entities.
It should be noted that the CloudSorcerer activity isn't bound to Russia, as
Proofpoint recorded an attack targeting a U.S.-based think tank in May 2024.
EastWind toolkit
The initial infection relies on phishing emails carrying RAR archive
attachments named after the target, which employ DLL side loading to drop a
backdoor on the system from Dropbox while opening a document for deception.
The backdoor can navigate the filesystem, execute commands, exfiltrate data, or
introduce additional payloads on the compromised machine.
Kaspersky's observations reveal that the attackers used the backdoor to
introduce a trojan named 'GrewApacha,' which has been associated with APT31.
The most recent variant of GrewApacha features some improvements compared to
the last analyzed version from 2023, including using two command servers
instead of one, storing their address in a base64-encoded string on GitHub
profiles from where the malware reads it.
Another malware loaded by the backdoor is a refreshed version of CloudSorcerer
packed with VMProtect for evasion.
CloudSorcerer uses an encryption protection mechanism designed to prevent its
execution on non-targeted systems by employing a unique key generation process
tied to the victim's machine.
Upon execution, a utility (GetKey.exe) generates a unique four-byte number from
the system's current state and encrypts it using the Windows CryptProtectData
function to derive a unique, system-bound ciphertext.
If execution of the malware is attempted on any other machine, the generated
key will differ, so the CloudSorcerer payload decryption will fail.
The new version of CloudSorcerer also uses public profile pages to get its
initial C2 address but has now switched from GitHub to using Quora and the
Russian social media network LiveJournal for this purpose.
The third implant seen in the EastWind attacks, introduced through
CloudSorcered, is PlugY, a previously unknown backdoor.
PlugY features high versatility in its C2 communications and the ability to
execute commands for file operations, shell command execution, screen
capturing, key-logging, and clipboard monitoring.
Kaspersky's analysis indicates that the code used in PlugY has been previously
seen in attacks by the APT27 threat group.
Also, a library used for C2 communications through the UDP protocol is found
only in DRBControl and PlugX, which are malware tools extensively used by
Chinese threat actors.
Kaspersky comments that, as the backdoors used in the EastWind attacks are
notably different, detecting them all on a compromised machine is challenging.
Some things to look out for are:
* DLL files larger than 5MB in size in the 'C:\Users\Public' directory
* Unsigned 'msedgeupdate.dll' files in the file system
* A running process named 'msiexec.exe' for each logged-in user
The Russian cybersecurity firm concludes that APT27 and APT31 are likely
working together in EastWind.
This case highlights the complex interplay between allied countries with strong
diplomatic ties and common strategic goals yet active cyberespionage operations
against each other.
Collaboration in economic, security, and military fields does not exclude
intelligence agencies operating in the shadows from launching sophisticated and
narrow-targeted espionage operations to collect valuable intelligence.
Related Articles:
Hackers breach ISP to poison software updates with malware
Chinese hackers deploy new Macma macOS backdoor version
CloudSorcerer hackers abuse cloud services to steal Russian govt data
Hackers use F5 BIG-IP malware to stealthily steal data for years
UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs
APT27 APT31 China CloudSorcerer Cyber-espionage Russia
By Bill Toulas: Bill Toulas is a tech writer and infosec news reporter with
over a decade of experience working on various online publications, covering
open-source, Linux, malware, data breach incidents, and hacks.
------------------------------
Message: 4
Date: Mon, 12 Aug 2024 17:27:45 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] SteamOS maybe General Distribution Release
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
`
SteamOS could see a general distribution release, work with other handheld
gaming PCs soon
A firmware update mentions the Asus ROG Ally, but could also make it to your
Linux desktop PC if you wanted
By Daniel Sims August 10, 2024 at 2:28 PM 11 comments
https://www.techspot.com/news/104205-steamos-could-see-general-distribution-release-work-other.html
SteamOS could see a general distribution release, work with other handheld
gaming PCs soon
In brief: One of the Steam Deck's primary advantages over more powerful
handheld gaming PCs is its operating system, which is designed to mimic a game
console interface within a Linux PC environment. Valve has long planned to
bring the OS to other devices, but a recent Steam Deck software update includes
the first mention of a rival handheld.
[Photo caption: A mention in this week's Steam Deck firmware patch notes has
some observers speculating that Valve is preparing to release its well-regarded
Linux build for third-party hardware]
The move could significantly impact the emerging PC handheld space.
The notes for the SteamOS 3.6.9 beta mostly consist of bug fixes and support
for additional external controllers.
However, a line toward the end confirms that the firmware now supports "extra
ROG Ally keys," possibly referring to the buttons on Asus's ROG Ally handheld
PC.
The mention aligns with Valve's prior comments on its plans to make SteamOS
compatible with a broader range of systems. Late last year, the company told PC
Gamer that it considers a general SteamOS release a high priority.
The OS would first appear on other handhelds and PCs that use gamepads, then
become available for installation on any PC.
Rival handhelds like the ROG Ally, MSI Claw, Lenovo Legion Go, Ayaneo, and GPD
Win all use Windows, which supports more software than SteamOS.
However, being designed for large screens and keyboards, Windows can feel
cumbersome on small devices that only use gamepad buttons.
The option to install SteamOS on numerous portable PCs might dramatically
improve the user experience.
Valve's Lawrence Yang explained that work on the Steam Deck OLED diverted
resources from the project (let's not forget Valve's teams and employee count
are not that big), and that driver optimization is the main challenge.
Many games likely perform well on Steam deck because Valve can optimize SteamOS
graphics drivers and shaders for a known, static hardware configuration.
Bringing devices from other manufacturers into the equation would likely
complicate the process.
Hobbyists have released SteamOS clones like Bazzite and HoloISO that support
arbitrary hardware, but the complex process of installing them might run
counter to a handheld PC's pick-up-and-play design goals.
Furthermore, HoloISO doesn't officially support Nvidia GPUs. Allowing OEMs like
Asus to ship devices with SteamOS out of the box would likely accelerate the
spread of Valve's software.
11 comments
358 likes and shares
Share this article:
User Comments: 11
Got something to say? Post a comment ..
loki1944Aug 10, 2024, 2:46 PM
No thanks; big reason for me refunding the steam deck was what an utter mess
steam os is; in terms of desktop experience linux is a massivve PITA still more
akin to old command line interfance than an OS useable by the average person.
Window XP and W98SE ard still more reliable and user friendly. Linux is a
disorganized mess. Linux like the FARDC vs the 1945 US Army.
4 people liked thisReply
seeprime seeprimeAug 10, 2024, 3:58 PM
I hope "later" becomes "sooner". I'd love to try it out on a PC.
3 people liked thisReply
Burty117 Burty117Aug 10, 2024, 6:00 PM
I?d love to see a SteamOS release, it?s been the easiest Linux distribution to
get games working.
The other day I wanted to see if I could get WoW to run, it?s not officially
supported at all, but it only took a few minutes of playing around and had WoW
working in no time. Took longer to get the game controller mods to play nice.
After having the SteamDeck since launch, I wouldn?t ever get a Handheld that?s
Windows based, it just sucks too much.
4 people liked thisReply
Dimitriid DimitriidAug 10, 2024, 8:24 PM
Honestly there is a little bit of Valve time already in play: Steam OS would
have been an unquestionable upgrade to the launch experience of Windows 11 on
say, the Legion Go.
However both Lenovo and Asus have been updating: for example right now even if
a tad slower than the Steam Deck, both suspend and hibernate work just like on
the Steam deck on the Legion Go: I can suspend or hibernate right in the middle
of a game, turn it back on and pick up right there no problem.
It's not ideal but it's far more usable now and Valve its still not out with
Steam OS: they might be better served by focusing on moving ahead with a
version 2 of the Steam Deck itself given how nice the latest Ryzen Strix Haven
APUs are looking now that they bumped to 16 compute units instead of 12.
4 people liked thisReply
Fanboiism101Aug 10, 2024, 9:27 PM
This isn't good news. Microsoft needs to do something about their OS for the
handheld system, or Linux will take over such a huge market from their hands.
And, I don't want to see that. I mean, who in this world wants to use a free OS
where you can tell it to do whatever you want?
Reply
WatzupkenAug 11, 2024, 12:15 AM
loki1944 said
No thanks; big reason for me refunding the steam deck was what an utter mess
steam os is; in terms of desktop experience linux is a massivve PITA still more
akin to old command line interfance than an OS useable by the average person.
Window XP and W98SE ard still more reliable and user friendly. Linux is a
disorganized mess. Linux like the FARDC vs the 1945 US Army.
Expand quote
But the unfortunate reality is that both XP and Win 98 are no more supported by
Microsoft. So rather than being held hostage by Microsoft because of the "ease
of use" or basically not coming out of our comfort zone, I rather give other OS
a go. You can clearly tell over the past few years that Windows is being a
buggy and intrusive mess that keeps tab on what you are doing and spamming you
with ads.
I do feel that Valve took too long to bring Steam OS to other devices.
Previously their focus was on their own Steam Deck, but I think the Deck is
pretty stable for sometime. I suspect they are turning their attention outside
of Steam Deck is because of other competing Linux based OS such as Bazzite that
is quickly gaining popularity because it looks and feels the same.
2 people liked this
Reply
Burty117 said
The other day I wanted to see if I could get WoW to run, it?s not officially
supported at all, but it only took a few minutes of playing around and had WoW
working in no time. Took longer to get the game controller mods to play nice.
Expand quote
That has also been my experience on Ubuntu, Got WoW running in Lutris very
easily, Getting my gaming keypad setup took longer and was clunky. I also found
everything in my (admittedly small) Steam library works perfectly.
Reply
yRaz yRazAug 11, 2024, 3:00 AM
This is exciting news! If compatibility layers are the way of the future than I
can't wait to de-microsoft my life. Windows 10 started out great but turned
into a dumpster fire and I don't even know what windows 11 is.
2 people liked thisReply
loki1944Aug 11, 2024, 5:10 AM
Fanboiism101 said
This isn't good news. Microsoft needs to do something about their OS for the
handheld system, or Linux will take over such a huge market from their hands.
And, I don't want to see that. I mean, who in this world wants to use a free OS
where you can tell it to do whatever you want?
Expand quote
lol; linux will never touch MS; linux is not for the average user
Reply
ScottSoapboxAug 11, 2024, 7:27 AM
Boot ROG Ally X.
Tap Steam icon.
or Tap Epic icon.
I don't see what I?m missing with SteamOS except certain games.
Reply
ATI Ruby ATI RubyToday 11:13 PM
ScottSoapbox said
Boot ROG Ally X.
Tap Steam icon.
or Tap Epic icon.
I don't see what I?m missing with SteamOS except certain games.
Expand quote
Transparent per-game automatic HDR, for one.
That being said, no one is forcing anyone's hand; people should be free to game
on whatever platform they want.
Reply
dangh dangh21 minutes ago
loki1944 said
lol; linux will never touch MS; linux is not for the average user
I think you're stuck in 2004Wink ;)
Steam Deck proves very well that it is, as it facilitates many consoles gamers
who never touched a pc. If that is not an average user then nothing is.
Reply
Discuss:
Recently commented stories Jump to forum mode
Add your comment to this article
Create your free account to leave a comment.
Join thousands of tech enthusiasts and participate.
------------------------------
Subject: Digest Footer
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
------------------------------
End of Link Digest, Vol 381, Issue 10
*************************************
