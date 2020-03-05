Security Leftovers
The Internet Avoided a Minor Disaster Last Week
Let's Encrypt's work is technical and happens in the background. But in a few short years it has helped make the internet much more secure on a fundamental level. Plenty of companies offer security certificates; Let’s Encrypt just took the audacious step of making them free. A week ago, it issued its billionth certificate.
But that ubiquity also means that when a pebble drops in the middle of Let’s Encrypt’s pond, the ripples can travel a long way. On February 28, the pebble was a bug that threatened to effectively render 3 million sites nonfunctional in a matter of days.
Intel Chip Flaw Proves Unfixable Despite Patches
"With the chipset key, attackers can decrypt data stored on a target computer and even forge its Enhanced Privacy ID (EPID) attestation, or in other words, pass off an attacker computer as the victim's computer," wrote Positive Technology in the report.
Positive Technologies: Unfixable vulnerability in Intel chipsets threatens users and content rightsholders
By exploiting vulnerability CVE-2019-0090, a local attacker could extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. Worse still, it is impossible to detect such a key breach. With the chipset key, attackers can decrypt data stored on a target computer and even forge its Enhanced Privacy ID (EPID) attestation, or in other words, pass off an attacker computer as the victim's computer. EPID is used in DRM, financial transactions, and attestation of IoT devices.
Universities ‘need joint security teams to counter cyber threat’
Universities must create joint cybersecurity teams to protect themselves against ever more sophisticated hacking attempts, according to the vice-president of a Dutch university hit by a ransomware attack over Christmas that forced the institution to pay the equivalent of about £175,000 to criminals.
Many New Voting Systems Aren’t Ready for Prime Time
Put aside, for now, foreign meddling in U.S. elections, social media propaganda and partisan voter suppression. The newest emerging threat to elections in 2020 is new voting systems that have been insufficiently tested and phased in, but have been debuting in many of 2020’s presidential primaries and caucuses.
today's howtos
Games: Creepy Tale, HyperRogue, Snake Core, Avorion, GOL and GOverlay
Today in Techrights
Open Source Initiative bans co-founder, Eric S Raymond
Last week, Eric S Raymond (often known as ESR, author of The Cathedral and the Bazaar, and co-founder of the Open Source Intiative) was banned from the Open Source Intiative (the “OSI”). Specifically, Raymond was banned from the mailing lists used to organize and communicate with the OSI. For an organization to ban their founder from communicating with the group (such as via a mailing list) is a noteworthy move.
