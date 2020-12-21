Security and Proprietary Leftovers
Security updates for Thursday
Security updates have been issued by Debian (spip and sympa), Gentoo (c-ares, cherokee, curl, dbus, firefox, gdk-pixbuf, haproxy, libass, nss, openssl, pdns, pdns-recursor, php, samba, tomcat, and webkit-gtk), and SUSE (java-1_8_0-ibm, openexr, and python3).
Cross-layer attacks: New hacking technique raises DNS cache poisoning, user tracking risk
As many as one in 20 web servers could be vulnerable to a weakness in the Linux kernel, according to security researchers.
The same weakness could also expose millions of Android device users to increased risk of tracking.
A Major Wireless Network Flaw Is Still Being Exploited To Track User Locations
In 2017, hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. While the problem isn't new, a 2016 60 Minutes report brought wider attention to the fact that the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. All while the intrusion looks like ordinary carrier to carrier chatter among a sea of other, "privileged peering relationships."
The cyber attack that rocked the nation [iophk: Windows TCO]
“Mistakes were made,” acknowledged founder and deposed CEO Ville Tapio—not “I made mistakes,” but the passive voice dodge. Left unmentioned was the fact that, as Mikko Hyppönen, chief research officer at Finnish cyber security firm F-Secure, pointed out, the company left the door wide open to [crackers].
