Notices tagged with security, page 2
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Sunday, 01-Nov-2020 17:06:34 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} @geniusmusing See https://hackers.town/@devrandom/105136083240782878
#security -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Saturday, 31-Oct-2020 16:32:38 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} #Google discloses #Microsoft #Windows 10 #zero-day vulnerability that is currently being exploited in the wild. Also patched a #Chrome zero-day. https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/ [www zdnet com]
#Win10 #security
Patch incoming 2020-11-10, #Patch_Tuesday. -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Monday, 28-Sep-2020 02:43:43 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} FastCompany: Don't share #passwords with your GF or BF until you read this https://www.fastcompany.com/90556503/dont-share-passwords-with-your-gf-or-bf-until-you-read-this [www fastcompany com]
I didn't know people still did this.
#security #relationships -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Wednesday, 23-Sep-2020 01:57:14 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} Chinese antivirus firm part of malware / ransomware group https://krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/ #security -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Friday, 21-Aug-2020 21:05:22 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} #ISC's #BIND continues to have security holes one after another. I do sometimes wonder why we (the world as a whole) haven't migrated to something descended from DJBDNS.
#DNS #security -
GeniusMusing (geniusmusing)'s status on Thursday, 30-Jul-2020 15:21:28 UTC GeniusMusing VU174059 GRUB2 bootloader is vulnerable to buffer overflow
https://www.kb.cert.org/vuls/id/174059
>Overview
>
>The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled.
I cannot say this is related but I updated grub last night on my backup server and it no longer boots.
#security #buffer #overflow #grub2 -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Friday, 12-Jun-2020 20:18:23 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://finance.yahoo.com/news/nintendo-now-says-300-000-165803999.html [finance yahoo com]
#Nintendo now estimates almost twice as many accounts were breached as its previous estimate. 300K online accounts were compromised, exposing PII. According to the company, this is still less than 1% of its userbase.
#security #breach #accounts #crack #compromise #repassword -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Wednesday, 13-May-2020 05:20:56 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://www.zdnet.com/article/huawei-denies-involvement-in-buggy-linux-kernel-patch-proposal/ [www zdnet com]
#Huawei says the #HKSP project and its recently-submitted security patch for the #Linux kernel is not an official company project, but an employee's personal project. "Trivially exploitable" flaws found in patch.
#security #patch #Linux_kernel #GRSecurity -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Tuesday, 07-Apr-2020 23:30:12 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://www.theregister.co.uk/2020/04/03/dont_use_zoom_if_privacy/ [www theregister co uk]
Yet another reason to wonder whether #Zoom’s management is just ignorant about #privacy and #security, or actively malicious. “End to end” encryption has a specific meaning, namely that messages sent from your device are encrypted until they arrive at your recipients’ devices, so that no one in between, including any service providers, can read the message payload. If that is not the case, it is not #E2EE. -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Monday, 06-Apr-2020 23:29:08 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} US schools banning #Zoom and switching to #MSTeams https://betanews.com/2020/04/05/us-schools-ban-zoom/ [betanews com] due to widespread #harassment (“Zoombombing”) and #security and #privacy issues. -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Monday, 23-Mar-2020 22:34:00 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} Oh, wonderful. A #Zero-day with #RCE on #Windows ... currently unpatched.
See: https://freeradical.zone/@tek/103874683857159931
#security #infosec -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Tuesday, 14-Jan-2020 19:38:54 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html Emergency #security patch for #Win10. Update #Windows today! -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Saturday, 13-Oct-2018 13:01:03 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} https://nu.federati.net/url/178899
Scary account. It sounds like they may have used cellular network employees to obtain info necessary to hijack SIM and telephone numbers, which were then used to take over e-mail accounts and every other account the victims had. #security #2FA
Seen on #Libertree -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Saturday, 03-Feb-2018 12:54:48 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} Planning to rotate my #gpg and #ssh keys in a couple of weeks.
I'll have to bug any #security / #infosec folks to find out the currently recommended incantations. -
Mike Gerwitz (mikegerwitz)'s status on Saturday, 06-Jan-2018 02:53:08 UTC Mike Gerwitz Just got word that I'll be speaking again at this year's #LibrePlanet! I was going to attend regardless, but I'm very excited to be able to continue to build off of last year's talk.
The title of this year's talk is The Ethics Void. Here's a rough abstract:
Medicine, legal, finance, journalism, scientific research—each of these fields and many others have widely adopted codes of ethics governing the lives of their professionals. Some of these codes may even be enshrined in law. And this is for good reason: these are fields that have enormous consequences.
Software and technology pervade not only through these fields, but through virtually every aspect of our lives. Yet, when compared to other fields, our community leaders and educators have produced an ethics void. Last year, I introduced numerous topics concerning #privacy, #security, and #freedom that raise serious ethical concerns. Join me this year as we consider some of those examples and others in an attempt to derive a code of ethics that compares to each of these other fields, and to consider how leaders and educators should approach ethics within education and guidance.
My previous talks can be found here:
https://mikegerwitz.com/talks
---
For this talk, I want to solicit the community at various points. I know what _I_ want to talk about, but what are some of the most important ethical issues to _you_? Unfortunately there's far too much to fit into a 40m talk! Also feel free to e-mail me at mtg@gnu.org. -
Yale Privacy Lab (privacylab)'s status on Friday, 05-Jan-2018 00:53:47 UTC Yale Privacy Lab shout out to all our Fediverse and Federation followers! ? we'll make it through the #privacy and #security disaster that is 2018 together https://mastodon.social/media/hJzA4816MynxBS615qk
-
☠️ Grumpy Oldman (grmpyoldman)'s status on Thursday, 21-Dec-2017 22:42:22 UTC ☠️ Grumpy Oldman #Security: Update #Thunderbird & #Enigmail asap! (german/english hint via #Posteo) https://1n.pm/Df5bX -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Friday, 17-Nov-2017 16:37:48 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} #Oops! Drone maker #DJI posts privkey for wildcard cert on Github.
https://www.theregister.co.uk/2017/11/16/dji_private_keys_left_github/ #security -
anonymiss (anonymiss)'s status on Monday, 16-Oct-2017 09:43:32 UTC anonymiss #WiFi #problem: #KRACK
Source: https://papers.mathyvanhoef.com/ccs2017.pdf
Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks.
Notably, our attack is exceptionally devastating against #Android 6.0: it forces the client into using a predictable all-zero #encryption key.