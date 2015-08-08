Security Leftovers
Can You Get a Virus on Your Smart TV?
While getting a virus on your smart TV may seem like a cause for concern, it shouldn’t be. They’re not common because it’s not easy to create viruses that work on TVs. Many TVs come with some native features that make it hard for developers to create malware and similar threats that can successfully infect a TV for several reasons.
Certain conditions must be met before a hacker can attack your TV. For example, if your TV’s ADB bugging feature is enabled, the hacker is on the same network as yours and can hijack your DNS resolution or access the network path.
Git Releases Security Update With Newline Character Creating Possible Credential Leak
Git 2.26.1 along with new point releases going back to Git 2.17 were issued today as a result of a security issue.
A member of Google's Project Zero team discovered that a specially crafted URL could trick the Git client into sending credential information for an alternative host to an attacker's host.
Making testing IPFire easier
With the latest release - IPFire 2.25 - Core Update 142, we have added an easy way how to join developers testing IPFire. This is incredibly important for us in order to deliver the best releases of IPFire again and again without any regressions.
The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots
The United States federal government isn't known for robust cybersecurity. Even the Department of Defense has its share of known vulnerabilities. Now a new report from the Government Accountability Office is highlighting systemic shortcomings in the Pentagon's efforts to prioritize cybersecurity at every level and making seven recommendations for shoring up DoD's digital defenses.
The report isn't a checklist of what DoD should be doing to improve cybersecurity awareness in the abstract. Instead, GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. The status of various efforts is simply unknown because no one has tracked their progress. While an assessment of "cybersecurity hygiene" like this doesn't directly analyze a network's hardware and software vulnerabilities, it does underscore the need for people who use digital systems to interact with them in secure ways. Especially when those people work on national defense.
Signal Speaks Out About The Evils Of The EARN IT Act
Signal, the end-to-end encrypted app maker, doesn't really need Section 230 of the Communications Decency Act. It can't see what everyone's saying via its offering anyway, so there's little in the way of moderation to do. But, still, it's good to see it come out with a strong condemnation of the EARN IT Act, which as been put forth by Senators Lindsey Graham, Richard Blumenthal, Dianne Feinstein, and Josh Hawley as a way to undermine both Section 230 of the CDA and end-to-end encryption in the same bill. The idea is to effectively use one as a wedge against the other. Under the bill, companies will have to "earn" their 230 protections, by putting in place a bunch of recommended "best practices" which can be effectively put in place by the US Attorney General -- the current holder of which, Bill Barr, has made clear that he hates end-to-end encryption and thinks its a shame the DOJ can't spy on everyone. And this isn't just this administration. Law enforcement officials, such as James Comey under Obama, were pushing this ridiculous line of thinking as well.
