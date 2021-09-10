Integrity, Proprietary Software, Security, and Privacy
SSH host identity certification
Using an SSH CA to certify SSH host keys means the user’s SSH client can trust it without asking the user to verify it. The client is configured to trust any host certificate that can be verified using the SSH CA public key. The CA public key still needs to be communicated to the user in a secure way, but the CA key is only one key and rarely changes, so the tiresome risky situation happens very rarely. After the user has the CA key, an attacker can’t trick the user into accepting a false host key.
With host certificates, the SSH client never needs to ask its user if the host key of a new host is valid, and the user never needs to try to verify it. If the host’s host key changes, the client doesn’t need to bother the user about it, as long as the new host key gets a new certificate.
Overall, this leads to a much smoother and more secure experience for people using SSH.
[Old] OpenSSH/Cookbook/Certificate-based Authentication
Two of the main advantages of certificates over keys are that they can use an expiration date, or even a date range of validity, and that they eliminate need for trust-on-first-use or complicated key verification methods. Mostly they facilitate large scale deployments by easing the processes of key approval and distribution and provide a better option than copying the same host keys across multiple destinations.
User certificates authenticate users to their accounts on the servers. Host certificates authenticate servers to the clients, proving that the clients are connecting to the right system. The use of a principals field to designate users versus hosts is the main difference between host and user certificates. In host certificates, the principals field refers to the server names represented by the certificate. In user certificates that field refers to the accounts which are allowed to use the certificate for logging in. Additional limitations just as specific source addresses and forced commands are available for user certificates. Date and time of validity are possible for both. Host certificates and user certificates should use separate certificate authorities. For a more authoritative resource, see the "CERTIFICATES" section of ssh-keygen(1).
Research Shows Apple's New Do Not Track App Button Is Privacy Theater
While Apple may be attempting to make being marginally competent at privacy a marketing advantage in recent years, that hasn't always gone particularly smoothly. Case in point: the company's new "ask app not to track" button included in iOS 14.5 is supposed to provide iOS users with some protection from apps that get a little too aggressive in hoovering up your usage, location, and other data. In short, the button functions as a more obvious opt out mechanism that's supposed to let you avoid the tangled web of privacy abuses that is the adtech behavioral ad ecosystem.
Portpass app may have exposed hundreds of thousands of users' personal data
Private proof-of-vaccination app Portpass exposed personal information, including the driver’s licences, of what could be as many as hundreds of thousands of users by leaving its website unsecured.
On Monday evening, CBC News received a tip that the user profiles on the app’s website could be accessed by members of the public.
CBC is not sharing how to access those profiles, in order to protect users’ personal information, but has verified that email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licences and passports can easily be viewed by reviewing dozens of users’ profiles.
Apple AirTag Bug Enables ‘Good Samaritan’ Attack
The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.
Amazon brings global computer science education initiative to India
Amazon is working with its global knowledge partner Code.org, a global non-profit organisation dedicated to computer science education, to bring high quality and mobile interactive CS content to Indian students.
"We look forward to working closely with AFE's network of partners in India to provide our high-quality CS curriculum and best practices as they enable students across the country to learn this foundational 21st-century subject," Hadi Partovi, founder and CEO of Code.org, said.
RSF opens a new room for Swedish-Eritrean journalist Dawit on in its digital library against censorship
To mark the 20th anniversary of Dawit Isaak’s arrest in Eritrea, RSF has opened a new room dedicated to the journalist in its digital library against censorship, a project that allows the public to access censored articles via the computer game Minecraft. Articles, texts and poems from the Swedish Eritrean journalist are now available thanks to a collaboration between RSF and the Dawit Isaak Library. The texts are part of the book “Hope: The Tale of Moses and Manna’s Love”, a translation of Isaak’s texts which was published in 2010 by an alliance of Swedish publishing houses.
System76 Announces Return Of Oryx Pro Linux Laptop With A Crucial Upgrade
The Oryx Pro was the first dedicated Linux laptop I owned since switching my desktop computing experience to the FOSS side of the fence, and it’s been inspiring to watch it evolve throughout the last 3 years. It’s transformed from a chunky, generic chassis to a sleeker powerhouse with a fantastic keyboard, smarter port layout, and System76’s lauded Open Firmware with Coreboot. But thanks to the ongoing chip shortage, it’s been tough to snag the current generation Oryx Pro. Fortunately, there’s good news on two fronts: The Oryx Pro just got updated to Intel’s 11th-generation Core i7-11800H — which packs a noticeable performance and power efficiency boost — and it’s actually available to purchase right now. (Provided you have about $2,149 to spare, which is the laptops base price.)
Variscite and Sequitur Labs new partnership accelerates the development of reliable and secure IoT productsTel Aviv, September 29, 2021, Variscite, a leading worldwide System on Module vendor in the embedded market, announced a new partnership with Sequitur Labs, a leading security company providing a complete chip-to-cloud software solution for secure device design, manufacturing, and lifecycle management. The collaboration aims to deliver a complete security solution for customers using Variscite's i.MX8 based System on Module (SoM) for IoT and Artificial Intelligence (AI) applications. Billions of internet devices are expected to be online in the next few years, following an increased demand for smart products based on AI at the network edge. However, the IoT market is not secure – about half of IoT vendors have experienced a security breach at least once. Without the right security framework, each connected device is a target for malicious attacks. Sequitur's EmSPARK™ Security Suite and EmPOWER™ cloud services help IoT vendors resolve these security issues, starting from the early design stage throughout the product lifecycle. Combined with Variscite's trusted SoM solutions, customers can focus their efforts on developing and releasing secure IoT products quickly and at low risk. "With 75 billion devices expected to be online by 2025, device vendors and their customers need to ensure that their products are safe and secure," said Philip Attfield, Co-founder and CEO of Sequitur Labs. "IoT security is no longer optional – whether it's protecting critical IP on the device or securing the transmission of firmware updates through an internet connection". "The partnership with Sequitur Labs allows Variscite to extend its ecosystem and overall system solution around our SoM solutions for the rapidly growing embedded IoT products trend" said Ofer Austerlitz, VP Business Development and Sales at Variscite. " Availability Sequitur's platform is already fully integrated with Variscite's i.MX 8M Plus modules, the DART-MX8M-PLUS and VAR-SOM-MX8M-PLUS. The modules are based on a 1.8GHz Quad Cortex™-A53 NXP's i.MX 8M Plus processor with 800MHz Cortex™-M7 Real-time co-processor and integrate dedicated Artificial Intelligence / Machine Learning (AI/ML) capabilities. Both are members of Variscite's Pin2Pin products families along with additional modules based on the entire i.MX 8 series and popular i.MX 6 platforms. The broad pin-compatibility options allow Variscite's customers to enjoy ultimate scalability and extended longevity, as well as reduced development time, costs, and risks. Sequitur's support in additional i.MX 8 and i.MX 6 System on Modules is already in process. Variscite For almost two decades, Variscite is developing and manufacturing high-quality System-on-Module solutions, providing a vast ARM-based SoM portfolio with a wide range of configuration options and Pin2Pin modules that covers an entire embedded products and applications range; from entry-level to high-performance solutions. Variscite's in-house production fully complies with the strict medical ISO13485 and ISO9001 standards. Along with the company's ongoing online documentation and personal support as well as the generous longevity, the company's customers are enjoying consistent, reliable products and services starting from the earliest development stages throughout the end product life-cycle. For more information, contact Variscite's by email at sales@variscite.com, or via www.variscite.com/contact-us/ Sequitur Labs Sequitur Labs delivers a complete chip-to-cloud solution for secure device design, manufacturing, and lifecycle management. The Sequitur Labs Security Platform offers two products: EmSPARK™ Security Suite: Sequitur Labs' EmSPARK™ Security Suite a collection of firmware, integration tools, and APIs that provide complete chip-to-cloud security for MPU's. EmPOWER™ is a SaaS solution that provides the essential cloud services needed to secure, update, and manage intelligent edge devices. For more information, contact Sequitur Labs by email info@sequiturlabs.com https://www.sequiturlabs.com/emspark-for-variscite/
Android Leftovers
Best Free and Open Source Alternatives to Microsoft OneDrive
Our first recommendation is NextCloud, an open source service that lets you store files, photos, videos, calendar, contacts, and more. You can host it on your own server or use a recommended provider. What makes NextCloud really stand out is that it’s expandable with hundreds of apps, offers good security with two-factor authentication, and makes it easy to access, sync, and share your data. Another option that gets our firm recommendation is CryptPad. This is a realtime collaborative editor, spreadsheet and presentation creator alongside encrypted storage. CryptPad is an open technology that you can run on your own machines. It doesn’t rely on a central point of authority.
