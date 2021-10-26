Security Leftovers
Gumtree users' locations were visible by pressing F12 • The Register
UK online used goods bazaar Gumtree exposed its users' home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw.
British company Pen Test Partners (PTP) spotted the data leakage, which meant anyone could view a Gumtree user's name and location (either postcode or GPS coordinates) by pressing F12 in their web browser.
In both Firefox and Chrome, F12 opens the "view page source" developer tools screen, showing the code that generates the webpage you see. This meant that anyone could view the precise location of any of the site's 1.7 million monthly sellers.
PTP claimed it encountered a brick wall of indifference in its first attempts to alert Gumtree to the data breach.
Attacking Natural Language Processing Systems With Adversarial Examples - Unite.AI
The paper is titled Bad Characters: Imperceptible NLP Attacks, and comes from three researchers across three departments at the University of Cambridge and the University of Edinburgh, and a researcher from the University of Toronto.
How Building a Solid Foundation Will Help Grow Your Cybersecurity Program
Cybersecurity is such a broad subject that many times, an organization can become stifled when trying to develop a full cybersecurity program. Some organizations that have already put a cybersecurity program in place can also unpleasantly discover gaps in their efforts, making the entire venture seem moot. One way to effectively get started, as well as to prevent gaps, is to build a good foundation upon which a cybersecurity program can grow and mature.
I recently had the opportunity to speak with David O’Leary, Sr. Director of Security Solutions for SHI/StrataScale. David’s experience dates back to the inception of network and cybersecurity, so he has a lot of real-world experience that can be drawn from to assist any organization in starting, scaling, and maturing their cybersecurity program. David, can you tell us a bit about your history and where your journey to cybersecurity began?
Cryptominers aren't just a headache – they're a big neon sign that Bad Things are on your network
Cryptominer malware removal is a routine piece of the cybersecurity landscape these days. Yet if criminals are hijacking your compute cycles to mine cryptocurrencies, chances are there's something worse lurking on your network too.
So warned Sophos threat researcher Sean Gallagher, in a recent interview with The Register as the antivirus organisation launches a report into the Tor2Mine cryptominer.
In The Lab: 6-port $3,000 pfSense Box - StorageReview.com
We listened to our social media audience and went ahead and configured pfSense on the ThinkEdge SE50 to act as a firewall for our network.
LINE Pay leaks around 133,000 users' data to GitHub, of all places
Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year.
Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.
Today in Techrights
10 popular Open-Source Tools to Secure Your Linux Server in 2022
Since I started learning about computers I have heard many experienced users saying Linux is impenetrable, Linux offers the best security, and such. It is partly true that Linux offers various security measures which mitigate attacks and stop hackers from breaching your system network. But you should also understand that just by deploying Linux on your server or PC you are not done yet, you have to configure all the necessary tools and apps. As the security features are not enabled by default, and if you are scared of network breaches and security leaks, then this should be the first thing you should be doing after installing the Linux OS. Remember your security system always depends on the tools you use, it’s the tools’ features that sniff out any malware in the system, prevent security breaches from happening, and find out vulnerabilities to deploy countermeasures. In short, the cybersecurity for a network or terminal is based on the tools, not on the default security measures of the OS. In this article, I am going to discuss the top 10 tools to look at to ensure the safety of your Linux data server and local PCs. The best part is all the tools & apps listed below are 100% free and open-source. To use these tools you just need to be an enthusiast Linux user. However, if you are new to Linux even then also you can set up and configure these tools easily.
Hardware/Modding Leftovers
OpenVPN on OpenBSD in its own rdomain to prevent data leak
Today I will explain how to establish an OpenVPN tunnel through a dedicated rdomain to only expose the VPN tunnel as an available interface, preventing leaks outside of the VPN. I did the same recently for WireGuard tunnels but it had an integrated mechanism for this.
