Security: Updates, Let’s Encrypt, Back Doors, Windows Incidents and Pseudo-Security
Security updates for Monday
FreeBSD wget cannot verify certificate, issued by Let’s Encrypt
I don't think it's going to end well: Bruce Schneier on encryption law
Australian law enforcement agencies have pushed for the encryption law which passed on 6 December because they don't know that there is no need for access to encrypted content in order to solve crimes, world-renowned security technologist Bruce Schneier says.
[Older] Warnings As Destructive 'Shamoon' Cyber Attacks Hit Middle East Energy Industry
Though the malware has already been named as a version of Shamoon, sources in the cybersecurity industry have cautioned against attributing it to Iran. It’s unclear whether it’s the original creators of Shamoon or some other nation state trying to implicate Iran as part of a flase flagging operation, said one source who’d been actively responding to the incident. (Multiple sources were granted anonymity for this story as they weren’t permitted to go on record by their employers.)
The Iran [Cracks] Cybewrsecurity Experts Feared May Be Here
Researchers who have tracked Shamoon for years say that the new variant has similarities to its predecessors, which were attributed to Iranian state-sponsored hackers. This doesn't definitively mean that this new malware was created by the same actor, but so far analysts say that the new Shamoon attacks recall past assaults.
Yet Another NASA Computer Break In. Employee Data May Be Affected
"On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised. Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents."
We Broke Into A Bunch Of Android Phones With A 3D-Printed Head
Anyone worried about anyone having their device compromised with a fake head, either through our method or others', should perhaps consider not using facial recognition at all. Instead, use a strong alphanumeric passcode, recommended Matt Lewis, research director at cybersecurity contractor NCC Group.
Android facial recognition can be [cracked] with a 3D-printed model head
As the world still tries to find a really good alternative to passwords, there's bad news for those that thought that facial recognition was the key, after a journalist from Forbes was able to fool most phones with a 3D printed head.
Android Leftovers
Qualcomm’s second-gen drone board has Snapdragon 820 and four cameras
Qualcomm and Intrinsyc opened pre-orders on a 75 x 36mm “Qualcomm Flight Pro” reference platform for drones and robotics that runs Linux on a Snapdragon 820 with WiFi, BT, GNSS, IMUs, 4x cameras, and optional motor board. The Qualcomm Flight Pro reference platform for consumer drones and robotics applications is a follow-on to the Qualcomm Flight platform, which was previously launched under the name Snapdragon Flight. Intrinsyc is distributing the Qualcomm Flight Pro for Qualcomm Technologies, Inc., and has opened pre-orders at $949, with shipments due in early January.
Linux 4.19.11
I'm announcing the release of the 4.19.11 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st...
Ubuntu-based Linux Mint 19.1 'Tessa' finally available with Cinnamon, MATE, or Xfce
The mainstreaming of Linux is accelerating every day. Many servers use Linux distributions, while Android remains the undisputed king of mobile. True, adoption of operating systems based on the open source kernel are still virtually nonexistent on the desktop, but as Windows 10 gets worse and worse, more and more home users may turn to Ubuntu, Google Chrome OS, and others. Just yesterday, Dell updated two of its mobile workstations to the latest Ubuntu LTS version.
