Security Leftovers and DRM
Why Web Browser Padlocks Shouldn’t Be Trusted
On Monday, the Anti-Phishing Working Group (APWG) released a study (PDF) that tracked a large uptick in phishing attacks in Q2 of 2020. The surge involves rogue sites using the cryptographic protocol Transport Layer Security or TLS, most commonly referred to by its legacy name Secure Sockets Layer, or SSL.
SSL padlocks indicate that a browser is using a secure and encrypted communication pipe to the server hosting the desired website. SSL warnings are also complemented by the additional “HTTPS” indication within a browser address bar, meaning the browser is transmitting information safely using Hypertext Transfer Protocol Secure.
According to the APWG report, 80 percent of phishing sites used SSL certificates in Q2. Attacks ranged from phishing lures pointing to bogus wire-transfer sites, to social-media platforms Facebook and WhatsApp being pelted with links to shady domains.
Security updates for Thursday
Security updates have been issued by Debian (ruby-json-jwt and ruby-rack-cors), Fedora (xen), SUSE (aspell and tar), and Ubuntu (ruby-gon, ruby-kramdown, and ruby-rack).
Who’s Behind Monday’s 14-State 911 Outage?
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States.
PowerShell Backdoor Launched from a ShellCode
Here is a practical example found in the wild. The initial PowerShell script has a VT score of 8/59 (SHA256:f4a4fffaa31c59309d7bba7823029cb211a16b3b187fcbb407705e7a5e9421d3). The script is not heavily obfuscated but the technique used is interesting. It uses the CSharpCodeProvider[1] class: [...]
Russian Who [Cracked] LinkedIn, Dropbox Gets 88-Month Prison Term
A Russian [attacker] was sentenced to more than seven years in a U.S. prison for stealing the logins of 117 million users of LinkedIn, Dropbox and the defunct social media site Formspring, according to federal prosecutors.
Yevgeniy Nikulin, 32, was convicted in July after a six-day jury trial in San Francisco in what was said to be one of the largest data breaches in U.S. history.
WhatsApp update lets you delete images and videos on other people's phones
A new WhatsApp update will allow users to delete an image, video or gif on someone else’s phone after sending it to them.
The Expiring Media feature, first spotted by the website WaBetaInfo, causes media to disappear after being viewed within a chat.
In order to enable the feature, the sender needs to select a “view once” button when sending the image, video or gif.
[...]
These features are developed in such a way that users are unable to take a screenshot of the media in order to save the image to their phone or device.
Purism Launches $99/m Librem AweSIM Cellular Service
The Librem AweSIM is the latest string in the social-purpose company’s bow. It costs $99 a month. For this price buyers get a new sim, a new phone number, and unlimited talk, texts, and data (including over 5G where available) that works with the Librem 5 phone. And since the cellular account is registered under Purism’s name rather than yours it could provide you with an additional later of privacy protection from nefarious carrier tactics. Purism say the plan can be cancelled at any time too, meaning you won’t be locked into a 12 or 24-month contract. Direct: Purism Launches Librem AweSIM Cellular Service Announcing Librem AweSIM: A Privacy-focused Cellular Service for the Librem 5
How I Switched from Windows 10 to Linux Mint
Ok, now I have decided to switch to Linux but here comes the first question. Which distro will satisfy my needs both in terms of GUI and other aspects? Linux is not something new to me since I have been working with RHEL based distros in my work for the past 4 years with the command-line. I know RHEL based distros are good for enterprises but not for personalized desktop environments, at least that’s what I am thinking till now. So I started my research to find the distro that should be easy for me to use and at the same time should have good community support if in case I ran into some problem. Among many Linux distros, I drilled down my list to 4 flavors.
Android Leftovers
today's leftovers
