CAIT Asks Government to Ban WhatsApp and Facebook over New Privacy Policy

In a message to Prasad, CAIT demanded that “the government immediately ban WhatsApp from implementing the new policy or impose a ban on WhatsApp and its parent company Facebook, “the traders’ organization said.

 

 

In New Delhi: On Sunday, the traders ‘ organization CAIT wrote to Information and Technology Minister Ravi Shankar Prasad demanding that the government restrict WhatsApp in implementing its new privacy policy or impose a ban on the messaging app and its parent company Facebook.

 

The Confederation of All Traders of India (CAIT) said that thanks to the new privacy policy, “all kinds of personal data, payment transactions, contacts, location and other important information of the person using WhatsApp will be obtained and can be used for any purpose using WhatsApp.”

 

In a message to Prasad, CAIT demanded that “the government immediately ban WhatsApp from implementing the new policy or impose a ban on WhatsApp and its parent company Facebook, “the traders’ organization said.

CAIT said that Facebook has more than 200 million users in India, and giving it access to each user’s data could pose a serious threat not only to the economy, but even to the country’s security.

 

From the representatives of Whatsapp, the following was heard: “To further increase transparency, we have updated our privacy policy to describe that in the future, businesses may choose to receive secure hosting services from our parent company Facebook to help manage their communication with their customers on WhatsApp. Although, of course, the user is left to the user whether they want to communicate with the company via WhatsApp.”

 

The spokesperson also said the update does not change WhatsApp’s data sharing practices with Facebook and does not affect how people communicate privately with friends or family, wherever they are.

 

“WhatsApp remains deeply committed to protecting people’s privacy. We are communicating directly with users via WhatsApp about these changes so that they have time to familiarize themselves with the new policy over the next month,” the representative added.

 

An email sent to Facebook asking for comment on the issue did not elicit a response.

 

CAIT General Secretary Pravin Khandelwal said: “WhatsApp’s amended privacy policy is an infringement on an individual’s privacy and is contrary to the basic principles of the Constitution of India, and therefore CAIT has demanded immediate government intervention.”

The US Department of Justice has also been a victim of the SolarWinds Orion compromise

The US Department of Justice has joined the list of federal agencies that have fallen victim to a vulnerability in the SolarWinds Orion network management platform.

 

“On December 24, 2020, the Office of the Chief Information Officer (OCIO) of the Department of Justice became aware of previously unknown malicious activity related to the global SolarWinds incident, which affected, among others, several federal agencies and technology contractors.” the ministry said in a statement. “This activity provided access to the Department’s Microsoft O365 email environment.

“Upon learning of the malicious activity, OCIO eliminated the identified method by which the attacker gained access to the O365 email environment. At the moment, the number of potentially accessible O365 mailboxes is limited to about three percent, and we have no evidence that any secret systems have been affected.”

According to the federal law for state systems, this is considered a “serious incident,” the statement said.

In addition, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also warned on Wednesday that it is considering the possibility that an attacker linked to recent incidents not only used Orion as an entry point, but also abused Security Claims Markup Language (SAML) tokens. “CISA continues to work to confirm the initial access vectors and identify any changes in tactics, methods and procedures (DTS),” the statement said.

There are cases where initial access was obtained by password guessing, password spraying, and improperly protected administrator credentials accessed through external remote access services.

Since its use in cyberattacks became known in December, investigators have discovered two vulnerabilities in Orion. It is unclear whether the same attacker is responsible for both. Earlier this week, four U.S. law enforcement and intelligence agencies said that an elevated persistent threat (APT) entity, “likely of Russian origin,” is responsible for most or all of the recently discovered and ongoing cyber compromises of both government and non-government networks.

U.S. federal agencies that have publicly acknowledged being exposed to Orion’s vulnerabilities include Treasury, Commerce, Health, Homeland Security, Energy, Cybersecurity and Infrastructure Agency, State Administration, and the National Nuclear Safety Administration. According to ZDNet, the governments of three states were also affected, as well as the city of Austin, Texas, and a number of technology companies, including Microsoft and Cisco Systems.

Log in to JetBrains

An investigation is also underway following several news reports that software from a Czech Republic-based technology company called JetBrains, which makes a widely used software development tool called TeamCity, could have been used to infiltrate SolarWinds ‘ infrastructure or used separately to attack organizations. An article in the New York Times notes that JetBrains has a research laboratory in Russia. One of its clients is SolarWinds.

In a statement, JetBrains CEO Maxim Shafirov said his company “did not participate or participate in this attack in any way. SolarWinds is one of our clients and uses TeamCity, a continuous integration and deployment system used as part of software development. SolarWinds has not contacted us or provided any details regarding the breach, and the only information we have is what has become publicly available. It is important to emphasize that TeamCity is a complex product that requires proper configuration. If TeamCity was somehow used in this process, it may well have been due to a misconfiguration rather than a specific vulnerability.”

He added that JetBrains has not been contacted by any government or security agency about recent cyber attacks.

China Telecom launches Quantum-encrypted phone Calls

Using a special SIM card and app, some China Telecom smartphone users in Anhui Province can make phone calls protected by quantum encryption. And the race to develop quantum technology could threaten traditional encryption and lead to new, more secure forms of cryptography.

 

 

China Telecom, one of the country’s three state-owned telecommunications giants, has announced a new pilot program allowing smartphone users to make phone calls protected by quantum encryption. Last week, the company announced that some users of China Telecom, one of the country’s three state-owned telecommunications companies, can now make quantum-encrypted phone calls using a special SIM card and a smartphone app.

 

This is the latest move by China, demonstrating the country’s commitment to all aspects of quantum computing – an area that, like artificial intelligence and 5G, is also very important.,

 

The service was launched as a pilot program in Anhui Province, where China Telecom said it was gaining “friendly customers.”

 

To get the new feature, users must visit a regular China Telecom store and change their SIM card. According to a statement from China Telecom last Friday, it also requires the company’s “Quantum Secure Call” app, which is currently only available for Android. The company did not disclose pricing for the new feature.

 

Unlike traditional encryption methods, which rely solely on algorithms, quantum encryption is protected by the laws of quantum physics. In theory, all information encrypted with traditional encryption algorithms can be hacked by a computer in enough time. Quantum cryptography differs in that any attempt to intercept data will cause a physical change in the message, alerting the sender and recipient of possible eavesdropping.

For users of China Telecom’s new service, launching a quantum phone call will generate two secret keys using quantum information technology. They are used to verify the caller’s identity and call information, providing end-to-end encryption.

 

According to Gao Chengshi, a cryptography expert and founding partner of blockchain developer Shanghai Hashvalue Information Technology, the current technology that uses asymmetric cryptography to verify identity is easier to develop than quantum encryption, and it is secure enough to meet current market demand. However, ultra-fast quantum computers that can easily crack such encryption schemes could threaten current technologies.

 

“The development of quantum technology will violate the privacy of asymmetric cryptography,” Gao said. “When quantum computing reaches a higher and more practical level, quantum computing should be used for encryption.”

 

China Telecom said the new service will first be available to users from certain sectors that need “absolute security,” such as the government, military and financial institutions. The company added that it will be expanded to civilian use in the future.

 

The service was developed by a joint venture created last November by China Telecom and quantum telecommunications company quantumctek Group. Liu Guiqing, chief executive of China Telecom, said at the time that the company aims to provide quantum call security to more than 10 million mobile users within five years.

 

The companies also said they will release special phones with quantum encryption features that are already being developed, according to a January 1 report by Chinese media outlet Jiemian, citing a company representative who did not provide additional details.

 

Although quantum cryptography has been around for many years, there are practical limitations, such as transmission distance. In recent years, China has become a leader in increasing data transmission distance using quantum key distribution.

 

Other countries are also seeking to take the lead in quantum science and technology, with the US, European Union and UK publishing their own plans in recent years. Companies in other countries are also already using quantum technologies in phones and telecommunications. Last May, Samsung released a 5G smartphone that includes a chipset that generates quantum random numbers as an additional layer of security. British-based BT Group and European-based Toshiba also announced last October the deployment of a 6-kilometer quantum secure network between two local research institutes.

 

According to the domestic think tank Qianzhan Industry Research Institute, China’s quantum telecommunications market size in 2019 was 32.5 billion yuan (US $ 5 billion), up almost 20 percent from a year earlier.

Modular data centers from Microsoft Azure: why do we need “special clouds”?

Microsoft’s “Azure in a transport container” offering could play a prominent role in its cyber-sovereignty and “special cloud” efforts in the coming year. Announced last fall, the Azure Modular Data Center, or MDC, is an Azure data center in a transport container that is delivered to remote locations on a truck platform. It runs under the Azure Stack Hub (at the moment) and can work without a connection or via satellite. In addition to the data center device itself, Azure MDC is interesting for a number of reasons.

 

 

 

When Microsoft announced MDC last October, many readers and commenters wondered why Microsoft had once again hit out at the idea of Azure in a container. After all, Microsoft has been experimenting with Azure in transport containers since 2008 – a couple of years after other tech companies like Sun Microsystems (with “Project Blackbox,” back in 2006) – promoted the concept of a data center in a container.

 

Bill Karagounis of Microsoft, who is currently the general manager of Azure Global Industry Sovereign Solutions, gave the following answer to this question: “In the past, container solutions required operators, and they were individualized when implemented. Azure MDC adds value by running the Azure OS. with familiar APIs, resource management, and cloud portal; these are very different from previous container solutions. Azure MDC modules are already used in defense and private sector organizations.”

According to Karagounis, this, combined with advances in computing and networking, heating / cooling systems and other related technologies, made the time right for the transition to a container-based approach. Companies that are in the process of migrating to the cloud may want to take advantage of prefabricated data centers, where they can continue to work locally while increasing capacity. Users can be attracted by the pay-as-you-go business model offered for MDC.

 

“The company is committed to building back-up infrastructure to support 5G, smart cities and edge computing, going far beyond the content delivery network that previously required “edge” needs, and radically improving the quality of service. Fast deployable and small data centers fill this gap well with the ability to run highly optimized edge scenarios with a public cloud application model when the data center is unavailable or takes a long time to configure, ” added Karagounis.

 

However, there are several other reasons why Microsoft decided to go the container route with MDC: Azure MDC is by definition a peripheral computing device, and Microsoft has slowly and steadily built a stable line of intelligent peripherals. Microsoft’s alleged lack of tactical peripherals, which AWS refers to in an unpublished complaint about Microsoft’s JEDI victory, is one of the key areas in which AWS has said it has a clear advantage over Azure.

 

These devices are the “tactical edge” that were part of the JEDI RFP; these are the ones that are suitable for operating environments with the ability to connect limited connections and storage availability. These devices included both high-strength portable devices, such as Microsoft Azure Stack Edge Pro computers, and modular, fast-deployable data centers. In October, Microsoft officials said that Azure MDC modules were “initially used by defense and private sector organizations.”

 

Microsoft seems to use the terms “sovereign” and “special cloud” mostly interchangeable on their website. A product like Azure MDC is specifically designed for this sovereign / dedicated cloud / government space. Right now, Azure MDC is running Microsoft’s hybrid computing offering, the Azure Stack Hub. But it looks like it won’t always be that way – or just that – based on the information Microsoft shared with me last year. As Azure’s presence continues to grow globally, the installed base of Azure MDC may also increase.

Big Tech in 2021: Washington is ready to issue a law

From antitrust lawsuits to a potential privacy law and restrictions on protecting free speech, Silicon Valley will face calls for increased regulation next year.

 

 

Lawmakers on Capitol Hill want to curb the rampant power of big tech.

 

For more than a decade, lawmakers and regulators have ignored Silicon Valley. But all of that is likely to change for big tech companies like Amazon, Apple, Google, Facebook and Twitter as the people in charge in Washington seek to rein in their power and influence.

 

Politicians and senior officials on both sides of the aisle are increasingly concerned about the power these companies wield – how it can harm consumers by allowing firms to stifle competition from smaller players, use personal data for profit, and distort what is shared in the media and consumed online.

 

Some on Capitol Hill are calling for a full-scale reset. In October, the House Judiciary Committee released a scathing 449-page report that concluded that Amazon, Apple, Facebook and Google had become centers of monopoly.

 

“Companies that were once ragtag failed startups that challenged the status quo have turned into monopolies that we last saw in the era of oil barons and railroad tycoons,” the report says.

 

Many Democrats in Congress support legislation to break up technology monopolies. And in the past two months, Google and Facebook have been sued from dozens of states across the country. Meanwhile, President Donald Trump’s Justice Department is pursuing Google, and the Republican-led Federal Trade Commission has filed a lawsuit against Facebook.

 

President-elect Joe Biden is gearing up to take office in January, and as the new Congress gets underway, the days of rampant power of big tech seem numbered.

 

“Everyone agrees that there is a serious problem that needs to be addressed,” Rep. David Chichillin, a Rhode Island Democrat and chairman of the House Antitrust Committee (who wrote the October report), told the New York Times earlier in the debate. “The era of self-regulation is over, and Congressional action is needed,” he said.

Major challenges Big Tech will face in the coming year: the antitrust goals set by some of the world’s largest tech companies are getting bigger. Google and Facebook are already facing numerous lawsuits from federal and state law enforcement agencies, as well as regulators.

 

And it will be even worse. Here’s a rundown:

 

In October, the Justice Department filed a lawsuit alleging that Google used anti-competitive tactics to preserve its search engine business. On December 17, 38 states filed an antitrust lawsuit against the company, accusing it of illegally monopolizing digital advertising and engaging Facebook to rig advertising auctions. These states also allege that Google manipulated digital advertising markets in violation of antitrust laws. Another group of state attorneys general, led by Colorado, is also expected to file an antitrust case against Google.

 

The social media giant is facing legal action from the Federal Trade Commission and a coalition of more than 40 states and territories. The lawsuit accuses the company of illegally suppressing innovation and competition by buying and suppressing small startups. Instagram Facebook’s acquisition of WhatsApp and Instagram is being challenged by the lawsuit, which calls for Facebook to stop acquiring WhatsApp and Instagram.

 

So far, neither Apple nor Amazon are suing either the U.S. government or the states, but the trial Chamber report also singled them out for their behavior. The report accuses Amazon of having monopoly power over third-party sellers on its site. And it accuses Apple of monopolizing its App Store.

 

While the lawsuits are being litigated, there is a growing desire among lawmakers on both sides to pass antitrust legislation that could go far beyond the technology industry and affect all concentrated industries.

 

Privacy policy

Who owns your personal data, and how should companies protect the information they collect about you? This is a big question that many people hope Congress will answer in 2021.

In December, there were signs that Democrats and Republicans on the Senate Commerce Committee were beginning to find common ground for legislation. Earlier this month, the committee held a hearing that included testimony from a bipartisan group of former FTC commissioners, including three former chairmen. Major differences between Democrats and Republicans over the proposed law remain, but it seems that the federal privacy law is likely to be one of the top items on the agenda of the next Congress.

The FTC is also putting some pressure on companies, asking several, including Amazon, Facebook, Google, Twitter and ByteDance, owner of TikTok, for information on how they collect and use their users ‘ personal information. The FTC also wants to know how these companies sell this information to advertisers and how this practice affects children and teens.

“These digital products may have been launched for the simple purpose of bringing people together or fostering creativity,” FTC commissioners Rohit Chopra, Rebecca Kelly Slaughter and Kristin Wilson wrote in a statement confirming the requests. “But over the past decades, the industry model has shifted from supporting user actions to monetizing them.”

The statement said: “Never before has there been an industry capable of tracking and monetizing so much of our personal lives. Social media and video streaming companies are now following users everywhere through apps on their ever-present mobile devices. This ongoing access allows these companies to track where users go, the people they interact with, and what they do.”

According to members of the Commission, the fact that these companies are doing with data, “remains worryingly opaque”.

What is the quantum Internet? Everything You Need to Know about the Strange Future of Quantum Networks

All this may sound like a science fiction concept, but the creation of quantum networks is a key goal of many countries around the world. The U.S. Department of Defense (doe) recently released a first-of-its-kind plan outlining a step-by-step strategy that will make the dream of a quantum Internet come true, at least in very preliminary form, over the next few years.

 

 

 

The US has joined the EU and China in showing great interest in the concept of quantum communication. But what is the quantum Internet, how does it work, and what wonders can it do?

 

WHAT IS THE QUANTUM INTERNET?

 

The quantum Internet is a network that will allow quantum devices to exchange some information in an environment that obeys the strange laws of quantum mechanics. In theory, this would provide the quantum Internet with unprecedented capabilities that cannot be realized with modern web applications.

 

In the quantum world, data can be encoded as qubits, which can be created in quantum devices such as a quantum computer or a quantum processor. simply put, the quantum internet will involve sending qubits over a network of multiple quantum devices that are physically separated. most importantly, all of this would be due to strange properties unique to quantum states.

 

This may sound like a standard Internet connection. But sending qubits through a quantum channel, rather than a classical one, essentially means exploiting the behavior of particles at their smallest scale – the so-called “quantum states” that have caused excitement and alarm among scientists for decades. And the laws of quantum physics that underlie how information will be transmitted on the quantum Internet are nothing but unfamiliar. In fact, they are strange, illogical, and at times even seem supernatural.

So, to understand how the Internet 2.0 quantum ecosystem works, you can forget everything you know about classical computing. Because little of the quantum Internet will remind you of your favorite web browser. in short, not much that most users are used to. So, at least for the next few decades, you shouldn’t expect to ever be able to switch to quantum Zoom meetings.

 

Central to quantum communication is the fact that qubits that use the fundamental laws of quantum mechanics behave very differently from classical bits. when encoding data, the classical bit can actually be in only one of two states. Just like a light switch must be on or off, and just like a cat must be dead or alive, the bit must be either 0 or 1.

 

Not so much… Instead, qubits overlap: they can be 0 and 1 at the same time, in a special quantum state that does not exist in the classical world. It’s a bit like being able to be both to the left and right of the sofa at the same time. The paradox is that a simple measurement of a qubit means that it is assigned a state. The measured qubit automatically exits the double state and is converted to 0 or 1, like a classic bit. This whole phenomenon is called superposition and is the basis of quantum mechanics.

 

Unsurprisingly, qubits can’t be used to send familiar data, such as emails and WhatsApp messages. But the strange behavior of qubits opens up huge opportunities for other, more niche applications.

 

QUANTUM SECURITY

One of the most exciting areas that researchers armed with qubits are exploring is security. when it comes to classical communication, most of the data is protected by distributing a shared key between the sender and receiver, and then using that shared key to encrypt the message. the receiver can then use its key to decode the data on its side.

The security of most classical communications today is based on an algorithm for creating keys that are difficult for hackers to crack, but not impossible. That’s why researchers are trying to make this communication process “quantum”. this concept is at the heart of an emerging field of cybersecurity called quantum key distribution (qkd). qkd works when one of the two parties encrypts part of the classical data by encoding the cryptography key into qubits. the sender then passes these qubits to another person who measures the qubits to get the key values.

 

The measurement results in the collapse of the qubit state; but the value that is read during the measurement is important. A qubit, in a sense, is only needed to transmit a key value. More importantly, QKD means that it is easy to know if a third party has intercepted qubits during transmission, as an attacker could cause the key to be destroyed just by looking at it.

 

If a hacker looked at the qubits at any point during their sending, it would automatically change the state of the qubits. a spy will inevitably leave a trail of eavesdropping – which is why cryptographers claim that qkd is “provably” secure.

 

QKD technology is at a very early stage. The “normal” way to create a QKD at the moment is to send qubits unidirectionally to the receiver over fiber-optic cables; but this significantly limits the efficiency of the protocol. Qubits can easily get lost or scattered over a fiber-optic cable, which means that quantum signals are very error-prone and have difficulty traveling long distances. In fact, current experiments are limited to a range of hundreds of kilometers.

 

There is another solution, and it lies at the heart of the quantum Internet: to use another property of the quantum, called entanglement, to communicate between two devices: when two qubits interact and become entangled, they have certain properties that depend on each other. As Long as the qubits are in an entangled state, any change in one particle in the pair will lead to changes in the other, even if they are physically separated.

 

Thus, the state of the first qubit can be “read” by looking at the behavior of its entangled counterpart. That’s right: even Albert Einstein called it all ” creepy action at a distance.”

And in the context of quantum communication, entanglement can actually teleport some information from one qubit to the entangled other half without the need for a physical channel connecting the two qubits during transmission.

 

HOW DOES ENTANGLEMENT WORK?

 

The very concept of teleportation entails, by definition, the absence of a physical network bridge between interacting devices. But what remains is that entanglement must first be created and then maintained. To perform QKD using entanglement, you need to create the appropriate infrastructure to first create pairs of entangled qubits, and then distribute them between the sender and receiver. This creates a “teleportation” channel through which cryptography keys can be exchanged.

In particular, after the entangled qubits have been generated, you must send half of the pair to the key recipient. An entangled qubit can travel, for example, over fiber-optic networks; but they can’t maintain cohesion after about 60 miles. Qubits can also be kept entangled over long distances via satellite, but covering the planet with cosmic quantum devices is expensive.

 

Thus, there are still huge engineering challenges to create large-scale “teleportation networks” that could efficiently link qubits around the world. When the entanglement network is created, the magic begins: bound qubits no longer need to pass through any physical infrastructure to deliver their message.

 

Thus, during transmission, the quantum key will be virtually invisible to third parties, impossible to intercept and reliably “teleport” from one endpoint to another. This idea will resonate in industries that deal with sensitive data, such as banking, medical services, or air travel. And it is likely that governments with top-secret information will also be the first to adopt this technology.

 

WHAT ELSE CAN QUANTUM INTERNET DO?

 

“Why bother with obfuscation?” you might ask. In the end, the researchers could simply find ways to improve the “normal” connection… Quantum repeaters, for example, could significantly increase the communication range in fiber-optic cables without going so far as to entangle qubits. And that’s without considering the huge potential that entanglement can have for other applications. qkd is the most frequently discussed example of what the quantum internet can achieve, because that this is the most accessible application of this technology. But security is far from the only area causing a stir among researchers.

 

The entanglement network used for QKD can also be used, for example, to provide a reliable way to create quantum clusters from entangled qubits located in various quantum devices. Researchers won’t need particularly powerful quantum hardware to connect to the quantum Internet – in fact, even a single-qubit processor can handle the task. But by combining quantum devices, which in their current form have limited capabilities, scientists expect that they will be able to create a quantum supercomputer that will surpass them all.

 

Thus, by connecting many smaller quantum devices together, the quantum Internet can begin to solve problems that are currently impossible to solve with a single quantum computer. This includes accelerating the exchange of huge amounts of data and conducting large-scale sounding experiments in astronomy, material discovery, and life sciences.

 

For this reason, scientists are convinced that we could take advantage of the quantum Internet before tech giants like Google and IBM even reach quantum supremacy – the point where a single quantum computer solves a problem that is unsolvable for a classical computer.

 

Google and IBM’s most advanced quantum computers currently contain about 50 qubits, which in itself is far less than necessary to perform the phenomenal calculations needed to solve the problems that quantum research hopes to solve.

On the other hand, connecting such devices through quantum entanglement can lead to the formation of clusters worth several thousand qubits. For many scientists, creating such computing power is actually the ultimate goal of a quantum Internet project.

 

What can’t quantum internet do?

 

In the foreseeable future, the quantum Internet will not be used to exchange data in the way we currently do on our laptops. Imagining a generalized, mass-scale quantum Internet would require anticipating several decades (or more) of technological advances. no matter how much scientists dream about the future of the quantum internet, it is impossible to draw parallels between the project in its current form and the way we browse the internet every day.

Today, many studies of quantum communication are devoted to finding ways to best encode, compress, and transmit information using quantum states. Quantum states, of course, are known for their extraordinary density, and scientists are confident that a single node can teleport a large amount of data.

But the type of information that scientists are going to send over the quantum internet has little to do with opening a mailbox and looking at emails. and in fact, replacing the classic internet is not what the technology intended to do.

Rather, the researchers hope that the quantum internet will be next to the classical internet and will be used for more specialized applications. the quantum internet will perform tasks that can be performed on a quantum computer faster than on classical computers, or that are too difficult to perform even on the best supercomputers available today.

And what are we waiting for?

Scientists already know how to create coupling between qubits, and they’ve even successfully used coupling for QKD.

China, a longtime investor in quantum networks, has broken records for entanglement caused by satellites. Chinese scientists recently established entanglement and reached QKD at a record 745 miles.

However, the next step is scaling the infrastructure. All experiments so far were linked only to the two endpoints. Now that point-to-point communication has been achieved, scientists are working to create a network where multiple senders and multiple recipients can exchange data over the quantum Internet on a global scale.

Basically, the idea is to find the best ways to produce on-demand lots of entangled qubits over large distances and between lots of different points at the same time. This is much easier said than done: for example, to maintain communication between a device in China and a device in the US, you will probably need an intermediate node on top of the new routing protocols.

And countries choose different technologies when it comes to establishing entanglement in the first place. While China is opting for satellite technology, fiber is the method favored by the U.S. Department of Energy, which is now trying to build a network of quantum repeaters that can increase the distance separating entangled qubits.

In the US, particles remain entangled through an optical fiber on a 52-mile “quantum loop” in the suburbs of Chicago, without the need for quantum repeaters. The network will soon be connected to one of the Department of Energy’s laboratories to create an 80-mile quantum test bed.

 

In the EU, the Quantum Internet Alliance was formed in 2018 to develop a quantum Internet strategy, which last year demonstrated entanglement at a distance of more than 31 miles.

 

For quantum researchers, the goal is to first scale networks to the national level, and one day even to the international level. the vast majority of scientists agree that this is unlikely to happen before a couple of decades. the quantum internet is without a doubt a very long-term project, and many technical obstacles still remain in its path. but the unexpected results that the technology will inevitably bring will be an invaluable scientific journey with many outlandish quantum applications that at the moment are even impossible to predict.

Google promises to expand its data centers, not shrink

As demand for online services grows, Google’s presence in data centers in Europe is rapidly expanding. But instead of increasing carbon emissions, the company says these new buildings reinforce the EU’s commitment to fighting climate change.

 

In Hamina, Finland, work is underway to build Google’s sixth data center in Europe, following the opening last week of a new building in Fredericia, Denmark. This week, Google’s second data center in the Netherlands will also start operating in Middenmeer.

 

 

 

The search giant’s investment in new European infrastructure is a direct result of a surge in consumer demand for services ranging from YouTube videos to Google Maps, which has been driven by the coronavirus pandemic and the accompanying shift to remote work and online learning.

 

Demand will only grow in the next few years, and with it the need for more data centers to support and deliver cloud services. However, Google will have to make a commitment to the EU to fight climate change: just last week, the EU announced a goal of reducing CO2 emissions by 55% by 2030, in addition to the renewable energy target of 32%.

 

data centers are known to consume a lot of electricity, and last year they accounted for 0.8% of global electricity demand. however, matt brittin, google’s president of europe, said the company will be the engine of europe’s transition to a green economy.

 

“Google is helping accelerate this transition,” Brittin wrote in a new blog post. “We are proud to invest in Europe’s digital infrastructure, contribute to the local communities in which we operate, and support Europe’s transition to environmental safety. This will be a crucial decade, and we are committed to being an example.”

 

Since 2017, Google has been combining the company’s energy consumption with 100% renewable energy. This means that for every megawatt-hour of electricity consumed annually by the search giant worldwide, it buys the equivalent amount of wind or solar power in the same year.

 

Google is currently the largest corporate buyer of renewable energy in the world and the second largest in Europe. According to Brittin, the company has now supported about 1,700 megawatts of renewable energy projects in Belgium, Sweden, Denmark, Finland and the Netherlands. Google has also pledged to invest 2 billion euros in new carbon-free energy generation projects and green infrastructure in Europe over the next five years.

Last year, a study by the European Commission on Google’s contribution to the fight against climate change highlighted the value of the tech giant’s contracts for renewable energy projects in the European countries where it operates.

 

“In Europe, Google is playing a leading role in accelerating the transition to clean energy in the private sector,” the report said. “The company’s experience may encourage other European companies to benefit from the purchase of renewable energy and support the EU in achieving the 2030 target.”

 

The study also highlighted the energy efficiency of Google’s facilities and reported that if all data centers in Europe were as efficient as Google’s, electricity consumption could be reduced by about 26 TWh annually.

 

according to brittin, google’s data centers are twice as energy efficient as conventional corporate facilities. together with deepmind, the company effectively developed an artificial intelligence tool to manage and optimize the energy used to cool buildings, which helped reduce power consumption in data centers by 30%.

 

Brittin also reiterated Google’s recent promise to take another step in reducing carbon emissions over the next decade. According to the company, matching electricity consumption with the purchase of renewable energy is not enough; Google is currently working to provide carbon-free energy around the clock in all its data centers.

 

Although Google buys enough renewable energy to offset the company’s annual electricity consumption, this does not mean that there is enough renewable energy to meet demand for any particular data center and at any time of the day. If the sun does not shine or the wind is not enough, buildings effectively resort to alternative sources of electricity, which are not always renewable.

 

The search giant is banking on new technologies, such as AI, as well as battery innovations, to instead achieve a new goal – a round-the-clock carbon-free energy supply by 2030.” This is much more complicated than the traditional approach. We are working on the alignment of energy use with renewable energy sources, but we are working on this in the next nine years, ” Brittin said.

 

In line with this goal, Google is already testing carbon-smart platforms in its European data centers. Last year, at the company’s facilities in Hamina, Finland, 97% of the building’s electricity was consumed from carbon-free sources on an hourly basis.

Credit card thief hiding in CSS files of hacked online stores

Сredit card theft Scripts are evolving and becoming harder to detect due to new concealment tactics. The latest example is a web skimmer that uses CSS code to mix with the pages of a hacked store and to steal customers ‘ personal and billing information.

 

By hiding their payment information theft script in the CSS code, the creators of this skimmer successfully bypassed detection by automatic security scanners and avoided raising any flags even when checking during a manual security code audit.

 

 

This is because scanners don’t usually scan CSS files for malicious code, and anyone looking at a skimmer trigger script reading a custom property (variable) from a CSS page won’t take a second look at it. CSS files (cascading style sheets) allow websites to add style (such as fonts, colors, and spacing) to web documents using a set of rules.

This credit card skimmer (also known as the Magecart script) was discovered by researchers at the Dutch cybersecurity company Sansec on Tuesday in three different online stores. The web skimmer was still active in at least one store, as sansec told BleepingComputer today, but the company did not provide additional information due to the confidential nature of the data.

 

Since it was discovered, a CSS-based web skimmer has been used by the Magecart group, which has begun “experimenting” with increasingly advanced technologies to implement its malicious scripts and extract customer payment card information. This Magecart scenario will only run when customers of hacked e-Commerce sites start entering payment or personal information.

When customers click the checkout button on the order form, they are redirected to a new page that loads and analyzes malicious CSS code from attackers. The JavaScript parser / trigger script on the checkout page of the hacked online store will then load and execute the skimmer from the URL saved by the CSS code in the –script variable, which points to the Magecart script in cloud-iq.net a server controlled by hackers.

 

This tactic allows the Magecart group to hide their credit card theft in plain sight on any hacked e-Commerce website, as it will not be detected by any conventional methods. In the best case it will trigger the alarm only occasionally, as it happened, when Sansec first noticed it this week.

 

Online stores “should track all their data, not just executable files,” according to BleepingComputer. “This is a huge headache for e-Commerce managers. Today it’s CSS, tomorrow it will be static data somewhere else.”

Online shoppers have very little protection against Magecart attacks, where JavaScript-based scripts known as credit card skimmers are injected into the pages of compromised e-Commerce sites to extract their customers ‘ payment and personal data: “Consumers should choose a Bank that applies 2FA to every transaction” …

Phishing: MetaMask steals data from users ‘ cryptocurrency wallets

Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds due to phishing scams that attracted potential victims through Google search ads.

 

MetaMask has a community of over a million users. The site offers a wallet for the Ethereum cryptocurrency in the browser via a browser extension that allows distributed applications to read data from the blockchain.

 

When installing a legitimate extension, you can either import an existing wallet or create a new one along with a secret initial phrase that allows access to the wallet.

 

While it’s unclear how many MetaMask users fell for the Scam, some say they were left with empty wallets after clicking on a fraudulent search ad promoted as a MetaMask site.

 

The phishing / advertising Scam is still active, and the new domain is constantly being promoted through Google search ads. On Wednesday, MetaMask warned its community about fraud and recommended using direct links to a legitimate URL metamask.io and stay away from sponsored ads.

However, for some users, the warning came too late, as some users reported losses in the tens of thousands of US dollars. This week, complaints started coming in, all stories describing the same scenario: money was lost after trying to install the MetaMask browser extension.

It was found that users went to the fake phishing page MetaMask through Google ads. Once on the page, they are asked to install an extension that will allow them to either import an existing wallet or create a new one.

If they click the “Create wallet” button, they will be taken to the real site MetaMask.io because there is no cryptocurrency that can be stolen. However, if they click on the “Import wallet” option, they will be prompted to enter the keyword of their existing wallet, which will then be sent to the attacker.

 

As soon as the fraudster received the initial phrase, they proceeded to empty the victims ‘ wallets. In response to MetaMask’s warning on Twitter, one user said that almost $ 30,000 had been stolen from Him.

 

Scammers bought Google ads to target users who search for MetaMask in the Google search engine. These ads led to the appearance of a fraudulent domain posing as a cryptocurrency service. They have registered several domains for the Scam, which is currently ongoing, as shown in the screenshot below taken by BleepingComputer:

Domain maskmefa.io currently promoted in search advertising when searching for MetaMask on Google. The spelling of the service in the ad title should be a red flag, but most users will probably miss this (note the Russian letter ” K ” and the space before the top-level domain). A Whois search on DomainTools shows that it was registered only yesterday.

 

Users who end up on fraudulent sites will find it difficult to detect fraud because it looks almost identical to a legitimate MetaMask page. Even if they check the domain in the address bar, there is a high probability of falling for the trick. The only difference between the original MetaMask site and the fake One is invisible to most users (the label on the button for getting an extension).

 

Fraud and malware attacks are more frequent during the holiday season, when consumers spend more on discounts or special offers and are more easily distracted.

 

It was also discovered that malicious ads were also placed on Microsoft Bing and Yahoo…

Expert opinion on the coming 2021: it will be the ” year of extortion»

An analyst at Acronis has published a report on cyber threats for 2020. According to their research, the main targets for cybercriminals will be managed service providers, as well as employees of companies that use a remote method of work. In addition, an increased level of information leakage is predicted, which will exceed the speed of development and development of systems and the level of encryption.

 

 

In their opinion, ransomware will remain the most likely and widespread cyber threat , since almost 50% of attacks took place with the participation of such a software product as Maze: to maximize the impact of hacking, criminals demand not only the ransom of the encryption key to the blocked data, but also steal confidential data, including those that can compromise the source of information before encryption for further blackmail of victims…

 

In 2020, more than a thousand companies around the world became such victims when ransomware was used. Analysts believe that this trend will not only continue, but also give a significant increase, especially in the context of various quarantine measures. Cybercriminals, unlike corporate structures, instantly navigate the rapidly changing IT environment, changing and adapting their activities to the changing technological landscape.

During 2020, an anti-record was reached: about 31% of international companies reported daily attempts at cyber attacks, and the logic of events in this direction only suggests that the situation is only getting worse: all forecasts indicate that hacking of remote employees will be a trend in the coming year due to the relative ease of hacking a computer taken out of a relatively secure corporate environment…

 

Another disturbing trend is that standard antivirus solutions can no longer cope properly, can no longer provide protection against the rapidly changing structure of constantly improving threats: the number of malicious applications that appear daily has grown so much that it has clearly outstripped the pace of release of antivirus databases and the ability of cloud-based antivirus systems to recognize them.

 

Standard simple methods do not work in such conditions, because not only are corporate structures automated to optimize costs: cybercriminals have also learned to automate their actions.

 

Thus, instead of conducting attacks in the direction of broad coverage, they conduct targeted actions that give very serious profits. And the introduction of a holding company or group of companies into the corporate network is much more interesting for criminals, as it makes it possible to completely block the work of a commercial structure, threaten more and demand more…

 

Therefore, it is expected to reduce the level of attacks on small businesses, most likely, the main target will be large and medium.