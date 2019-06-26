Security: FUD, Package Hardening, Excel and OpenPGP
Silexbot Bricks Nearly 4,000 IoT Devices [Ed: The problem is the password, not the system]
Cashdollar explained: “Silexbot is using known default credentials for IoT devices to login and kill the system. The bot does this by writing random data from /dev/random to any mounted storage it finds. Examining binary samples collected from my honeypot, I see Silexbot calling fdisk -l which will list all disk partitions. Using that list, Silexbot then writes random data from /dev/random to any of the partitions it discovers.”
package hardening asymptote
In the long-term view the measurements have a distinctly asymptotic appearance and the graphs are maybe only good for their historical curves now. But then I wonder, what’s next? What new compiler feature adoption could be measured? I think there are still a few good candidates…
New Exploit for Microsoft Excel Power Query
Proof-of-concept, which allows remote code execution, is latest to exploit Dynamic Data Exchange (DDE) and is another reminder why organizations must ensure Office settings are secure.
OpenPGP Certificate Flooding
My public cryptographic identity has been spammed to the point where it is unusable in standard workflows. This blogpost talks about what happened, what I'm doing about it, and what it means for the broader ecosystem.
