If you are using any major Linux distribution you should patch now. There’s a remotely exploitable condition in any Linux Kernel (such as Fedora, Debian, Ubuntu, and others) that is prior to 5.0.8. It’s got the potential for being exploitable, but thankfully it’s fairly difficult the gain code execution but not impossible.
Looks like Vodaphone considered having a telnet server running as a backdoor in the initial reporting by Bloomberg. All the same though, using Huawei devices as infrastructure of a 5G cellular network gives another nation state access to some potentially sensitive data and they would have the ability to remotely tamper with it. As more and more people rely on high speed cellular networks this is still a bad idea!
Someone posted this video on one of the Slack workspaces that I’m on. It was really informative on the techniques used and where the current state of the art quantum computers currently are. The good news is current quantum computers don’t have enough quantum memory to break large primes, however I wonder if there’s such a thing as Moore’s Law for quantum computing in which case the Internet will be in big trouble in just a few years.
While Huawei has made promises that they have removed all the backdoors found by Vodafone, how about firmware updates and security updates that Vodaphone and other major carriers need to keep the network up to date. Are they going to have a manual review process? Blindly assume the updates don’t re-introduce a backdoor? Seems like risky business!
I found this tutorial on using recon-ng, which is a tool used for pentesters for gathing open source intelligence (OSINT) about an individual or a company. It features a Metasploit-like interface and has the ability to crawl social networks, Google, WHOIS databases, etc to collect information about a company, it’s employees, it’s domains, etc.