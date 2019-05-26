Security Leftovers
EAP-pwd security issues – SAE (Simultaneous Authentication of Equals) WPA3-Personal – potential full password recovery with weak passwords – CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
it might sound strange… and even if it sucks, but if you are concerned about security, call me paranoid but:
your company’s critical infrastructure SHALL NOT BE REACHABLE BY WIFI! (especially not if you are running a nuclear power plant, just saying… nobody wants meltdown vulnerability of CPUs to actually be able to cause a meltdown)
RIP Fernando “Corby” Corbató, inventor of the password (1926-2019)
Last Friday, legendary MIT computer scientist Fernando “Corby” Corbató passed away at his home in Newton, Massachusetts. He was 93.
The Oakland-born researcher was responsible for several pivotal advances in the computer science space, most notably the password, which he invented during his pioneering work in computer time sharing.
GE Aviation Passwords, Source Code Exposed in Open Jenkins Server [Ed: 'Windows shop' GE needs to hire actual FOSS and GNU/Linux people who know how to properly set up and maintain things. This one is a shot in one's foot.]
A DNS misconfiguration resulted in an open Jenkins server being available to all.
A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure.
GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine suppliers, and offers various airplane components. The server also contained a ReadMe file, outlining all the files it contained and their sensitivity.
Open Source Genomic Analysis Software Flaw Patched
A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions. But the vulnerability was patched before hackers took advantage of it, researchers believe.
