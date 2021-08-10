Proprietary and Security Leftovers
In a remote-work world, a zero-trust revolution is necessary
Perimeter security is obsolete for a number of reasons, but mainly because of the prevalence of remote work. Other reasons include: mobile computing, cloud computing and the increasing sophistication of cyberattacks, generally. And, of course, threats can come from the inside, too.
In other words, there is no network edge anymore — not really — and even to the extent that perimeters exist, they can be breached. Once [crackers] get inside the perimeter, they can move around with relative ease.
Zero trust aims to fix all that by requiring each user, device, and application to individually pass an authentication or authorization test each time they access any component of the network or any company resources.
Art Bits from HyperCard
Long-time Macintosh users likely remember HyperCard, Apple's strange hypermedia system that was sorta like a cross between index cards, web pages, and 90s interactive edutainment software. HyperCard left a pretty big legacy for the Web to come, influencing everything from JavaScript to wikis to the pointing finger thing for links on pages to fuckin' Myst.
Apple packaged in some sample HyperCard stacks to get people up to speed with the software, including one called "Art Bits", which included a ton of sample clip art for use in your own stacks. This stack is fantastic for showing off just how much Apple could do with two colors.
Trivago fined $44.7m over misleading rates
Trivago was found guilty in 2020 for telling consumers it would show them the cheapest rates, when it actually ranked hotels by factoring in which advertisers paid the highest per-click fee.
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic [iophk: Windows TCO]
A packet capture (pcap) of the infection traffic and the associated malware samples are available here. The pcap is from an Active Directory (AD) environment. The pcap been sanitized to disguise usernames, hostnames, domains, internal IP addresses, the public IP address used to connect from my test lab to the Internet, and any other information that could identify the environment.
Hive ransomware affiliate targets vulnerable Microsoft Exchange servers
The ProxyShell attacks take advantage of three vulnerabilities in Exchange, formally named CVE-2021-34474, CVE-2021-34523 and CVE-2021-31207. They were patched by Microsoft in April and May last year, but the problem is that not all users update their Exchange installations.
Windows 11 usage stats within touching distance of... XP [Ed: Vista 11 is a failure. Windows is dying.]
Windows 11 is continuing to struggle both in the enterprise and at home, according to figures published by IT asset management platform Lansweeper. Disappointingly for Microsoft, it has yet to even surpass Windows XP.
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion.
Open Hardware/Modding: RouterPi, PiStorm, and More
Free Software and Coding
Keep your Exif metadata private with this open source tool
These days, nearly everyone has a digital camera. Cameras are an integral part of smartphones and laptops. If you're interacting with consumer electronics, you probably have a digital camera available. Accordingly, there are billions of digital images on the internet from various devices and sources. Each image from a digital camera has Exchangeable image file format (Exif) metadata embedded into it. Exif data provides information about where and when the picture was taken, the camera used to produce the image, the file size, MIME type, color space, and much more. Each picture you take with a digital camera contains numerous tags which provide a great deal of information, some of which might ordinarily be considered confidential. Major social media platforms maintain that they remove this metadata to protect users from cybercrime. That is not the case for folks who have their own blogs and wikis and are posting pictures of loved ones, family gatherings, and classrooms. A person could download an image from a site and gain access to damaging personal information stored in the metadata.
