Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Technology That Could End Humanity—and How to Stop It

    WIRED: What is the vulnerable world hypothesis?

    Nick Bostrom: It's the idea that we could picture the history of human creativity as the process of extracting balls from a giant urn. These balls represent different ideas, technologies, and methods that we have discovered throughout history. By now we have extracted a great many of these and for the most part they have been beneficial. They are white balls. Some have been mixed blessings, gray balls of various shades. But what we haven't seen is a black ball, some technology that by default devastates the civilization that discovers it. The vulnerable world hypothesis is that there is some black ball in the urn, that there is some level of technology at which civilization gets decimated by default.

  • Huawei banned from using US components without approval

    The US has placed Chinese telecommunications equipment vendor Huawei Technologies and some 70 of its affiliates on a list that means it will have to obtain government approval in order to buy American-made components.

  • Trump declares national emergency over IT threats

    He signed an executive order which effectively bars US companies from using foreign telecoms believed to pose national security risks.

  • Huawei offers 'no-spy' contracts and promises to 'shutdown' if China forces backdoors

    Despite emphatic denials from the Chinese tech giant, there are still significant suspicions around the world about how close Huawei is to the Chinese government and whether, if expected to, it would plant back doors in its equipment to allow remote access.

  • The radio navigation planes use to land safely is insecure and can be [cracked]

    Now, researchers have devised a low-cost hack that raises questions about the security of ILS, which is used at virtually every civilian airport throughout the industrialized world. Using a $600 software defined radio, the researchers can spoof airport signals in a way that causes a pilot’s navigation instruments to falsely indicate a plane is off course. Normal training will call for the pilot to adjust the plane’s descent rate or alignment accordingly and create a potential accident as a result.

  • Why I've started using NoScript

    For one, NoScript's user interface has become much better: Now, if a page isn't working right, you simply click the NoScript icon and whitelist any domains you trust, or temporarily whitelist any domains you trust less. You can set it to automatically whitelist domains you directly visit (thereby only blocking third-party scripts).

    A more pressing change is that I'm now much less comfortable letting arbitrary third parties run code on my computer. I used to believe that my browser was fundamentally capable of keeping me safe from the scripts that it ran. Sure, tracking cookies and other tricks allowed web sites to correlate data about me, but I thought that my browser could, at least in principle, prevent scripts from reading arbitrary data on my computer. With the advent of CPU-architecture-based side channel attacks (Meltdown and Spectre are the most publicized, but it seems like new ones come out every month or so), this belief now seems quite naïve.

  • It’s Almost Impossible to Tell if Your iPhone Has Been [Cracked]

    “The simple reality is there are so many 0-day exploits for iOS,” Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”

  • Google recalls its Bluetooth Titan Security Keys because of a security bug

    To exploit the bug, an attacker would have to within Bluetooth range (about 30 feet) and act swiftly as you press the button on the key to activate it. The attackers can then use the misconfigured protocol to connect their own device to the key before your own device connects. With that — and assuming that they already have your username and password — they could sign into your account.

    Google also notes that before you can use your key, it has to be paired to your device. An attacker could also potentially exploit this bug by using their own device and masquerading it as your security key to connect to your device when you press the button on the key. By doing this, the attackers can then change their device to look like a keyboard or mouse and remote control your laptop, for example.

  • Google offers free 2FA Bluetooth Titan Security Key swaps after security flaw discovered

    Make that most people. In a post on its security blog, Google divulged Wednesday that it has discovered a “misconfiguration” with the Bluetooth Low Energy version of its Titan Security Key that could allow a nearby attacker to “communicate with your security key, or communicate with the device to which your key is paired.”

  • Kubernetes security: 5 mistakes to avoid

    Modern applications and infrastructure no doubt require modern security practices, but the fundamentals still apply.

    “The majority of data breaches are easily preventable with basic cybersecurity hygiene,” says Tim Buntel, VP of application security at Threat Stack.

    That should be received as good news: Fundamental issues such as access and privilege remain fundamental, even as containers, microservices, orchestration, and other evolutionary developments continue to shake up IT. In fact, one of the biggest out-of-the-gate risks that can occur as organizations adopt new technologies is that they develop amnesia around best practices like enforcing the principle of least privilege.

    Consider the rise of Kubernetes in the enterprise: Like any tool or technology, it comes with security considerations. That’s not because Kubernetes is inherently risky or insecure – far from it. Rather, many of the risks occur because teams get caught up in the power and popularity of Kubernetes without properly considering what it will take to effectively run it in production, says Matt Wilson, chief information security advisor at BTB Security.

  • How to protect your devices against the ZombieLoad attack

More in Tux Machines

Samsung DeX is darn close to the “Chrome Phone” I'd like to see - About Chromebooks

One of the touted features of the Samsung Galaxy Note 10 Plus (as well as other Galaxy S and Note phones since 2017) is Samsung Dex. If you’re not familiar with it, DeX stands for “Desktop Experience”. Essentially, when connecting your DeX supported phone to an external monitor, the DeX environment appears. It’s essentially a custom Android desktop experience with resizable windows. Read more

Android Leftovers

Android Leftovers

5 ways Linux changed our lives and we didn't even know it

Aug. 25, 1991, a 21-year-old Finnish student named Linus Torvalds announced to the internet that he was working on a project he said was “just a hobby, won’t be big and professional.” Less than one month later, Torvalds released the Linux kernel to the public. The world hasn’t been the same since. From how we interact with one another on a daily basis to preparing for the future of the human race, Linux is integral to our technological development. To commemorate the nearly 30 years that Linux has been available, we compiled a shortlist of ways Linux has fundamentally changed our lives. Read more