Tag Archives: Cesium

The joke is on us (all)

Reuters gave light (again) to an article that I wrote earlier, 2 days ago (at https://lawlordtobe.com/2021/03/30/an-almost-funny-thing/) I wrote ‘An almost funny thing’, I got it from the BBC and I feel certain that some official people were already already on the ball, being a mere 2 years late. I reckon that some figured out that the growing cash flow these people ended up with will count against certain players, if not a lot more. Some people might have gotten additional considerations with “In the OSI model, we see layers 3-7 (layer 8 is the user). So as some have seen the issues from Cisco, Microsoft and optionally Zoom, we see a link of issues from layer 3 through to layer 7 ALL setting a dangerous stage. Individually there is no real blame and their lawyers will happily confirm that, but when we see security flaw upon security flaw, there is a larger stage of danger and we need to take notice” and that is the tip of the iceberg. So when Reuters gives us ‘Ransomware tops U.S. cyber priorities, Homeland secretary says’ this morning, we might not get the entire field in view and that is not on Reuters. And as Alejandro Mayorkas gives us “ransomware was “a particularly egregious type of malicious cyber activity” and listed it as the first of several top priorities that his department would tackle in the online sphere” we are not getting the entire story and we are happily giving the Department of Homeland Security that as they have other consideration as well. Yet I personally believe (speculatively) that some programmers working in specific places got handed libraries to make more, but also got a setting where they created software that opened a backdoor, so that all parties have an excuse and any investigation will end up going nowhere. You see there are plenty of real option givers that start as ‘Top 9 Python Frameworks For Game Development’, and that is where it starts. Consider the following scenario: as some developers become better they seemingly need shortcuts and would you believe it, some knows someone on the darkweb and they will hand the developer an option, two actually, one is free, the other one is $19.99, but is ‘presented’ as a lot more secure and it has documentation, that is all that they need and as the library is linked, the trap is set. The game maker does the right thing and enhances his program with either version (both have the flaw), and now, with a passive backdoor is passive (gaming is required), it passes through a whole range of systems and as the game is offered free with ‘in-app purchases’ the people behind the screens suddenly have 100K+ stations for all kinds of use. So whilst some are trivialising “No one really knows the size of the dark web, but most estimates put it at around 5% of the total internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name”, we see, ohh not all is illicit, but consider that this software would be in the open internet if it was all on the up and up. The indie developer (many companies of one) has that ‘special feeling’ as he was introduced and others were not, but they all were and some were offered similar links in the end all linking to the same package, and that is the game, so when we we see greed driven idiots like Epic games (and a few others) setting the stage to avoid the Google and Apple store, we will see a much larger shift, one that gives free reign to criminal minded people to infect a massive amount of systems. So when you think that players like DHS is ready for these assaults, the people will soon learn the hard way that they were not and from there it will go from bad to worse.

And this is not about Epic games, even as some will herald “Cesium will be available for free for all creators on the Unreal Engine Marketplace. It’s an open-source plugin for the engine that unlocks global 3D data and geospatial technology. This means that games that use it will be able to discover in real time the location of a player in a given 3D space, using accurate real-world 3D content captured from cameras, sensors, drones, and smart machines” (source: venture beat), we think it is all for the good of us, and it is not, it is good for the pockets of Epic Games, but what happens when other elements get a hold of the saved data linked to geospatial technology? What happens, when foundational advantages that were (for the most) in the hands of players like CIA and GCHQ; what happens when cyber criminals get THAT level of precise data and THOSE cluster data groups? Did you think of that? So whilst some laugh away “games that use it will be able to discover in real time the location of a player in a given 3D space, using accurate real-world 3D content captured from cameras, sensors, drones, and smart machines”, the data will go a lot further, it will optionally end up not merely showing those systems, but the locations of all systems they link to as well. It is a hidden version of what I called the ‘Hop+1’ intrusion malware (thought up by yours truly) that made much of the CIA counter software close to useless, someone took that idea and made a corporate version with some version of a backdoor, in that stage the internet will end up being as dangerous as walking the dog (not the ‘M’ word), in a minefield. Letting the dog have a shit will be the last thing you did that day for a very long time to come.

As such, some might applaud the DHS (they actually did nothing wrong) as we see “a DHS official said the reference was to underground forums that help cybercriminals franchise out their malicious campaigns.” Yet under these situations, finding blame is close to impossible and the mistrusting developers end up helping cyber criminals in the process, and that is if there is ever any prosecutable connection found. 4 stages not directly linked will make prosecution close to impossible. So how is that for size? And whilst we take notice of “He said the agency would “quarterback” the U.S. government’s digital defences and serve as a “trusted interlocutor” between business executives and public servants” we see that their heart is in the right place, but the people they are hunting are heartless, devious, better funded and technologically more up to speed. It is a race many politically governmental intelligence organisations cannot win, not now, and optionally not ever. What a fine mess some corporations got us into.

Leave a comment

Filed under Gaming, IT, Law, Military, Politics, Science