Eliana Willis

Written by

Eileen Yu, Contributor

Eileen Yu
Contributor

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently an independent business technology journalist and content specialist based in Singapore, she has over 20 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Full Bio

China has lashed out at a trade initiative led by the US, which aims to establish mutually agreed standards in four key areas including the digital economy and supply chains. Beijing has described the move as the Biden administration’s attempts to “contain” China and create divisions. The Indo-Pacific Economic Framework (IPEF) was launched on Monday with 12 participating nations from the region, including Singapore, Australia, India, Indonesia and Japan. This group accounted for 40% of global GDP and 60% of the world’s population. It is expected to the largest contributor of global growth over the next three decades, according to the US government. It touted the benefits of the new framework for America, adding that trade with the Indo-Pacific supports more than 3 million American jobs. Brunei, South Korea, Malaysia, New Zealand, the Philippines, Thailand, and Vietnam also are part of the trade framework.  

The IPEF aimed to address 21st century economic issues with various arrangements that spanned establishing rules for the digital economy, ensuring secure and resilient supply chains, driving investments in clean energy infrastructure, and improving standards for transparency and fair taxation. Noting that past models did not address challenges across these areas, the Biden administration said a new model was necessary to resolve them. It added that businesses increasingly were looking for alternatives to China and countries participating in the Indo-Pacific Framework would be “more reliable partners” for US businesses. The IPEF, however, will not lay out plans for tariffs or easier market access, which are common objectives of traditional free trade agreements. Rather, the Indo-Pacific framework will pull its partners together through agreed standards across the four key areas.  Singapore Prime Minister Lee Hsien Loong said he welcomed an “open, inclusive, and rules-based order” and stressed the need for the framework to remain so. He added that members should be able to work with other partners in other overlapping agreements.Lee said: “IPEF is of both strategic and economic significance. It can be a valuable platform for the US to exercise economic diplomacy in the region, and it clearly signals the US’ continued commitment to engage with its partners in Asia, and deepen ties across the Pacific.”Strategy to dominate in digital technology standards headed failure The IPEF launch, though, has ruffled feathers in China, where government officials describe the move as the US’ attempts to create division and fuel confrontation. Chinese State Councillor and Foreign Minister Wang Yi said the US-led strategy was bound for failure, according to a report by state-owned media agency Xinhua.  Wang said the IPEF was the US government’s strategy to create division, incite geopolitical confrontation, and undermine peace. Its objective was to “contain” China, he added. Rather than drive free trade, he said the IPEF attempted to pursue protectionism. Noting that the US had pulled out from the Trans-Pacific Partnership (TPP), he added that the US was choosing to undermine existing regional cooperation infrastructures instead of following free-trade rules. Wang said: “Is the US trying to speed up the recovery of the global economy or is it trying to create economic decoupling, technological blockade and industrial disruption, and aggravate the supply chain crisis? The US should learn from the trade war it launched against China a few years ago, which brought severe consequences to the world and US itself.”He said it would be wrong for the US to use the IPEF as a political tool to safeguard its regional economic hegemony and deliberately exclude specific countries. He further questioned the Biden administration’s intent to force governments in this region to choose sides between China and the US. Chinese daily tabloid Global Times, which is owned by state-run People’s Daily, published a commentary highlighting the lack of market access and tariff provisions as a significant problem with the IPEF, giving no practical trade incentives for participating members. It added that the framework had not been approved by the US congress and lacked political sustainability. Global Times also accused the US of using the trade framework to “dominate” rules and standards in digital technologies, such as artificial intelligence and 5G. “IPEF, which excludes China, is driven more by geopolitical considerations rather than economic factors,” the paper said. “Countries in the region do not want to be trapped in the predicament of taking sides between Beijing and Washington, as China is their largest trading partner. China should have confidence in facing the US’ strategic containment. As long as Chinese government keeps the right direction concerning domestic and foreign policies and continues opening up, the US will be unable to stop China’s continuous rise.”In an interview with Nikkei, Singapore’s Lee said the IPEF as an alternative to an FTA arrangement between Asian nations and the US, which failed to materialise under the TPP. He added that the framework reflected the intent to cooperate on economic issues that were relevant to the region, including digital economies, supply chains, and green energy. He noted that details under the IPEF had not been negotiated, though, “broad areas” had been identified. “So we will go in and we will try to work out something as substantive and mutually beneficial as we can,” Lee said, pointing to carbon trading rules, digital economy, and sustainable finance as areas Singapore was keen to discuss as part of the IPEF.RELATED COVERAGE More

US President Joe Biden has launched a new economic framework geared towards countering Chinese influence in Asia and announced the 12 regional partners who will cooperate on shared standards in areas such as clean energy and 5G network advancements.Biden, in his first visit to Japan as president, presented the Indo-Pacific Economic Framework for Prosperity in a speech on Monday, citing four essential pillars — trade, supply chains, sustainable energy, and infrastructure — as well as tax and anti-corruption. Meanwhile, the White House claimed that the framework — as based on these pillars — will ensure that supply chains in the region develop greater resilience to protect against higher prices for consumers.”We’re here today for one simple purpose: the future of the 21st Century economy is going to be largely written in the Indo-Pacific,” Biden said in Tokyo. “[The framework is a commitment to] improving security and trust in the digital economy, protecting workers, strengthening supply chains, and tackling corruption that robs nations of their ability to serve their citizens.Biden added the framework would work towards eliminating critical supply chain bottlenecks, carbon from the economy, and work towards clean energy and developing “early warning systems” to identify problems before they happen.”Let’s start with new rules governing trade in digital goods and services so companies don’t have to hand over the proprietary technology to do business in a country,” Biden said.The 12 regional partners include Australia, Brunei, India, Indonesia, Japan, South Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand, and Vietnam. All of these partners, excluding Australia and India, were also signatories to China’s Belt and Road Initiative.The framework marks Biden’s latest attempt to shore up US support in the Asia-Pacific region after former President Donald Trump withdrew from the Trans-Pacific Partnership in 2017.Read: China, India, Russia missing from future of internet pledge by US, EU, and 33 othersFurther to this, South Korean President Yoon Suk Yeol pledged his country’s support for the framework, and also announced that South Korea will now become a signatory of the Declaration for the Future of the Internet. Meanwhile, Google said from the announcement that it expects a greater commitment to cybersecurity collaboration in the region, as well as a commitment to the free flow of data between countries and businesses.”This is the moment for Indo-Pacific countries to chart a bold, inclusive and sustainable path forward to address common challenges and seize the tremendous opportunities the digital economy can bring,” Google said.Related Coverage More

Written by

Aimee Chanthadavong, Senior Journalist

Aimee Chanthadavong
Senior Journalist

Since completing a degree in journalism, Aimee has had her fair share of covering various topics, including business, retail, manufacturing, and travel. She continues to expand her repertoire as a tech journalist with ZDNet.

Full Bio

Image: Shutterstock / Ascannio
The Information Commissioner’s Office (ICO) has fined controversial facial recognition company Clearview AI £7.5 million ($9.4 million) for breaching UK data protection laws and has issued an enforcement notice ordering the company to stop obtaining and using data of UK residents, and to delete the data from its systems.In its finding, the ICO detailed how Clearview AI failed to inform people in the UK that it was collecting their images from the web and social media to create a global online database that could be used for facial recognition; failed to have a lawful reason for collecting people’s information; failed to have a process in place to stop the data being retained indefinitely; and failed to meet data protection standards required for biometric data under the General Data Protection Regulation. The ICO also found the company asked for additional personal information, including photos, when asked by members of the public if they were on their database.The privacy watchdog also concluded that given the higher number of UK internet and social media users, Clearview AI’s database is “likely to include a substantial amount of data” from UK residents, and while the company no longer offers services to UK organisations, it continues to do so in other countries, and this may include using personal data of UK residents. Read more: ‘Booyaaa’: Australian Federal Police use of Clearview AI detailed”Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images,” UK Information Commissioner John Edwards said.”The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement.”The enforcement action follows a joint investigation the ICO carried out with the Office of Australian Information Commissioner (OAIC). The investigation into Clearview AI by both privacy watchdogs has been underway since 2020, and was conducted in accordance with the Australian Privacy Act and the UK Data Protection Act. The pair investigated how the company used people’s images, data scraping from the internet, and biometric data for facial recognition. “This international cooperation is essential to protect people’s privacy rights in 2022. That means working with regulators in other countries, as we did in this case with our Australian colleagues,” Edwards said.Earlier this month, in a landmark settlement, Clearview AI agreed to cease sales to private companies and individuals in the United States, and also agreed to stop making to database available to Illinois state government and local police departments for five years. The New York-based company, however, continue to offer its services to other law enforcement and federal agencies, and government contractors outside of Illinois. Related Coverage More

When I first started using Linux, back in ’97, working with the built-in firewall was not something just anyone could do. In fact, it was quite complicated. Starting around 1998, if you want to manage the security of a system, you had to learn iptables (which is a suite of commands for manipulating the Netfilter packet filtering system). For example, if you want to allow all incoming secure shell (SSH) traffic, you might have to issue commands like this:sudo iptables -A INPUT -p tcp –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp –sport 22 -m conntrack –ctstate ESTABLISHED -j ACCEPT

That’s all fine and good if you have time to not only master the Linux operating system, but also know the finer points of managing a complicated security system. To be fair, I did spend the time and was eventually able to manage the security of my systems with iptables. However, the busier I got, the harder it became to continue the level of mastery needed to keep up with iptables. Over time, things started getting more accessible and some Linux distribution developers began to realize an easier system was necessary. One of those more accessible Linux firewalls came into being with the Ubuntu distribution (around version 12.04). That firewall is aptly named Uncomplicated Firewall.Uncomplicated Firewall (UFW) is a frontend for iptables, which focuses on simplicity. Compared to iptables, UFW is a leisurely stroll through the park that anyone can handle.Let’s take a walk down UFW lane and see just how simple it makes managing your Linux system firewall.There are two things you should know about UFW: It’s a command-line tool.There are GUI tools available to make it even easier.The UFW command-line basicsThe UFW command is actually pretty simple. Let’s stick with our SSH idea from above. Let’s say you want to allow other systems to access your machine by way of SSH (which listens on port 22). First, you’ll want to see if UFW is even enabled. Guess what…it’s not by default. Test that out by opening a terminal window and issuing the command:sudo ufw status
You’ll probably see the following:Status: inactive
How do you activate it? Issue the command:sudo ufw enable
The output of the command should be:Firewall is active and enabled on system startupCongratulations, your firewall is now active. As to the basic usage of UFW, it looks something like this:sudo ufw ARGUMENT SERVICE
Where ARGUMENT is either allow, deny, reject, limit, status, show, reset, reload, enable, disable and SERVICE is the service you want to work with (such as SSH or HTTP).Next, we need to allow SSH traffic into the system. Believe it or not, that’s as simple as:sudo ufw allow ssh
You could also run the command using the port number, like this:sudo ufw allow 22
Or, if you run SSH on port 2022, that command would be:sudo ufw allow 2022
If you’re working on a server and you need to allow HTTP traffic through, that command would be:sudo ufw allow http
Let’s get a bit more advancedone of the nice things about UFW is that even using more advanced features doesn’t require advanced knowledge. Let’s say, for example, you want to allow SSH traffic in, but only from a specific IP address on your network.If you’ve already allowed incoming SSH traffic, you’ll first need to delete that rule with:sudo ufw delete allow ssh
Now, if you try to SSH into the machine, the firewall will block the attempt. So, let’s allow SSH connections from IP address 192.168.1.152. For that, we’d issue the command:sudo ufw allow from 192.168.1.152 to any port ssh
After running the above command, you should be able to log into the machine, via SSH, only from the remote system at IP address 192.168.1.152.What about the GUI?If the command line isn’t your jam, there’s always a handy GUI tool to make it even easier. One such tool is GUFW, which allows you to point and click your way to UFW firewall rules. If UFW isn’t installed on your Linux distribution by default, you’ll find it in your app store. Once installed, open the app and click on the Rules tab (Figure 1).The GUFW tool makes configuring your firewall even easier.
Image: Jack Wallen
As you can see, I already have a few UFW rules added. One thing to keep in mind is that you cannot edit rules that were added via the UFW command line. Let’s add the same rule via the GUI that we just did from the command line. Click + and then (from the Preconfigured tab), select the following:Policy – AllowDirection – InCategory – AllSubcategory – AllApplication – SSHThat alone will create the rule allowing all SSH traffic into your system. If, however, you want to only allow traffic from a single IP address, you must click the Advanced tab and fill out the following (Figure 2):Name – any name you wantPolicy – AllowDirection – InInterface – All InterfacesFrom – 192.168.1.152Adding a rule to UFW to only allow SSH traffic from IP address 192.168.1.62
Image: Jack Wallen
Click Add and your rule is inserted into the firewall.And that, my friends, is your uncomplicated introduction to the Uncomplicated Firewall. But don’t think UFW is nothing more than a very basic firewall system. You can actually get considerably more complicated but for the basics, UFW is easy enough for anyone to use. More

Attackers using the Snake keylogger malware for Windows are emailing malicious PDFs with embedded Word documents to infect victims’ PCs and steal information. Malicious PDFs are an unusual tool to use today because attackers prefer Office formats like Word and Excel which are more familiar to PC users, according to threat analysts at HP’s Wolf Security who recently discovered the PDF malware campaign. The malicious PDF was used to infect PCs with Snake, a keylogger and credential stealer which was first spotted in late November 2020, according to HP. The attackers sent email with an attached PDF document named “REMMITANCE INVOICE.pdf” with an embedded Word document named “has been verified. However PDF, Jpeg, xlsx, .docs”. The reason for choosing this odd and actually rather sneaky file name for the Word document becomes clear when viewing the prompt that Adobe Reader displays when checking whether the user approves opening this file. The prompt reads: “The file ‘has been verified. However PDF, Jpeg, xlsx, .docs’ may contain programs, macros, or viruses that could potentially harm your computer.”An employee who hastily reads the notice could mistakenly understand that the file in question has been verified and is safe to open. Should the recipient then select “Open this file”, Microsoft Word opens. As HP notes, if Protected View is disable, Word downloads a Rich Text Format (.rtf) file from a web server, which is then run in the context of the open document. (It should be noted that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default.)Upon analyzing the Word document, HP’s analysts found an illegitimate URL from which an external object linking and embedding (OLE) object was loaded. The OLE object also contains shellcode that exploits the CVE-2017-11882, an old remote code execution vulnerability in Microsoft Office Equation Editor that’s still popular with hackers. .  The shellcode downloads an executable called fresh.exe that is in fact the Snake keylogger, which has historically been distributed via malicious RFT documents or archive files attached to emails.  “While Office formats remain popular, this campaign shows how attackers are also using weaponized PDF documents to infect systems. Embedding files, loading remotely-hosted exploits and encrypting shellcode are just three techniques attackers use to run malware under the radar. The exploited vulnerability in this campaign (CVE-2017-11882) is over four years old, yet continues being used, suggesting the exploit remains effective for attackers,” HP notes.  More

After almost 40 years in technology, it finally happened. I had one of my accounts hacked. Blast it. The target was my Instagram account. While I’m very active on social networks, Instagram was the one I used the least. Here’s what happened. 

It all started when I got a plausible Instagram message from a friend. His message asked for my help and included a reset link for their account. Rather than asking me to click the link, which I’d never do in a million years, it simply asked me to send him back a screenshot of the message including the link. I thought, “How can I be hacked by sending a PNG image?” After all, it wasn’t a reset link for my account. So I replied with the image. Oh foolish, foolish me.It turns out the combination of the URL on the image and my reply gave them enough information to take over my account. Now, even when I saw trouble brewing — an Instagram e-mail came asking me if I wanted to change my phone number to one in Nigeria — I wasn’t too worried. I’d protected my account with two-factor authentication (2FA). While 2FA isn’t perfect, it’s better than anything else out there for basic security.But, here’s where things went awry. Instagram should have sent me an e-mail with a link asking me to “revert this change.” Instagram didn’t send such a message. Instead, I received e-mails from security@mail.instagram.com that provided a link about how to “secure your account.” This dropped me into Instagram’s pages for a hacked account, which wasn’t any help.In the meantime, I got another Instagram message telling me that my account was now associated with a  new e-mail account–a garbage Gmail account. Once more Instagram didn’t give me a chance to refuse this change and the message sent me back to the Instagram hacked account page.Argh!I followed up with Instagram’s suggestions on how to bring my account back. I asked for a login link from my Android Instagram app. I got one, which didn’t work. Next, I requested a security code. I got one. That didn’t work either, no doubt because — by that time — the account was now responding to its “new” e-mail address and phone number. Next up, I verified my identity by providing the email address and phone number I signed up with and the type of device I used when I signed up. I had hoped for this message since I doubt very much there are that many people who sign up for Instagram do so from a Linux desktop! Well, it was a good idea, but nothing happened. Then since my account had photos of me, I took a video selfie of myself to confirm that I’m a real person to confirm my identity. Nada.I would have called the Instagram tech support number, except — surprise! — there’s no such thing. After some digging, I was able to send a message directly to Instagram tech support. Instagram doesn’t make it easy to find this. In fact, the Instagram support link is actually a Facebook page. Good going, Meta!But even after that, it didn’t do me any good. I didn’t hear a peep out of them. So, I decided it was time to bring out the big guns. I sent a message as Steven J. Vaughan-Nichols, top technology journalist, to Instagram public relations asking for help and/or an explanation.That didn’t work.I guess I’m not that special after all.So, while I made the first mistake by opening the door to the hack, Instagram gets a lot of the blame for its 2FA system, indeed its entire security support system.But, hey at least I’m not alone. More: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposedThe Bored Ape Yacht Club, a leading non-fungible tokens (NFT) collective, lost $3 million of NFTs to a hacker using a phishing attack.  Like yours truly, the Bored Ape Yacht Club said, “At the time of the hack, two-factor authentication was enabled and security surrounding the IG account followed best practices.” They also said they were working with Instagram security and they’d report on what happened. That was almost a month ago.There appears to be a spat of these attacks going on. I’ve seen many reports of small businesses having their Instagram accounts hijacked. Several of my friends have reported the same. They also tell me that Instagram has been useless. One of them who works in security public relations reports he reached out to some white hats for advice, but they couldn’t help. Instagram appears to be a security black hole, Users’ complaints go in and nothing comes out. He also had 2FA on and was bombarded by “all kinds of weird texts for confirmation about changing my password. Also got multiple emails from IG about resetting my password. I later got a letter from T-Mobile, my phone provider, about putting a SIM block on my account.” SIM blocks are used to keep your phone’s SIM card from being cloned, a popular way of getting around SMS-based 2FA. He also “filed a police report and had the police contact IG.” After all that, “IG support was useless” and he eventually lost his account. Personally, this has been really annoying, but it hasn’t really bothered me that much. I had less than 100 Instagram followers. My hacker appears to be using my former account to send cryptocurrency spam. Anyone who knows me knows I think cryptocurrency is a scam. I’ve spread the word that my account has been hacked, and people should report, unfriend, and block it. You’d think all those reports, well over two dozen people have told me they’ve reported it, Instagram might have put two and two together and realized my account had been hacked. Three weeks into this and Instagram still hasn’t bought a clue.But, it could be worse. Hackers are taking over corporate and influencer Instagram accounts and demanding ransomware payments of up to $40,000. But what’s irritating to me is a business killer for others. I’ll shed no tears for the Bored Ape Yacht Club. NFTs are scams too and if you think otherwise I’ll happily sell you an NFT of the Brooklyn Bridge. However, many design shops, videographers, photographers, and marketing people depend on it for their livelihood. If Instagram doesn’t step up its security game, it’s time to find another platform for your business. I made, at most, one minor mistake, and lost my account. Instagram, with its pathetic security defenses, could lose your far more valuable account and you’d have no way to restore your account or your followers.Related Stories: More