Scar•dip•dap

noun: skills in many areas. a little of this and that.

PSA Newsletter 27: Privacy, Security, Automation!

Airport Facial Recognition Scans Can be Declined, Defending Against Deepfakes, An Asus Router advisory, and more...

Privacy

In the United States, airport facial scans are optional and can be opted out of without much fanfare. Tried this twice on a recent trip and was pleasantly surprised that the agent did not make an issue of opting out. They even went so far as to thank me for opting out before stepping in front of the camera. If you prefer to opt out of a facial recognition scan, be polite but firm and remember to request your opt out before stepping in front of the camera. [1]

Security

AI development contimnues at breakneck speed, despite many calling for safeguards built into the most popular models. Deepfakes in particular continue to be a point of concern. In an increasingly digital world where technology can't be trusted, sometimes analog tactics are required. One tactic for guarding against impersonation via deepfake is to create a passphrase or group of passphrases that are shared in person and never transmitted or stored electronically. [2]

Heads Up

Asus routers have become the target of an advanced persistent hacking campaign for months. The installed backdoor persists beyond firmware updates and patches. From the article:

GreyNoise recommends the following immediate actions for Asus router owners.

  • Check for SSH access on port TCP/53282.
  • Review the authorized_keys file for unknown entries.
  • Block the following IPs associated with the attack: 101.99.91.151, 101.99.94.173, 79.141.163.179, 111.90.146.237
  • If compromise is suspected, perform a full factory reset and reconfigure the device manually.

The article goes on to offer other helpful suggestions, like changing default passwords for WiFi access and router admin, updating router firmware often, and disabling remote management unless needed from outside your network. That last point is important and echoes a previous recommendation in this newsletter. Unless absolutely necessary, avoid or disable remote management features (including yes, AI ones) on your networking equipment to reduce your vulnerable surface. [3]

Sources:

  1. All opinions expressed are solely my own and do not reflect the views or opinions of my employer or anyone else.
  2. For support with any mentioned product, please reach out to the vendor first.
Buy Me A Coffee