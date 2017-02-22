Security Leftovers
-
Major Cloudflare bug leaked sensitive data from customers’ websites
Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. The announcement is a major blow for the content delivery network, which offers enhanced security and performance for more than 5 million websites.
This could have allowed anyone who noticed the error to collect a variety of very personal information that is typically encrypted or obscured.
-
SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
After sitting through an endless flood of headless-chicken messages on multiple media about SHA-1 being fatally broken, I thought I'd do a quick writeup about what this actually means.
-
Torvalds patches git to mitigate against SHA-1 attacks
Linux creator Linus Torvalds says two sets of patches have been posted for the distributed version control system git to mitigate against SHA-1 attacks which are based on the method that Dutch and Google engineers detailed last week.
The post by Torvalds detailing this came after reports emerged of the version control system used by the WebKit browser engine repository becoming corrupted after the two proof-of-concept PDF files that were released by the Dutch and Google researchers were uploaded to the repository.
-
Linus Torvalds on "SHA1 collisions found"
-
More from Torvalds on SHA1 collisions
I thought I'd write an update on git and SHA1, since the SHA1 collision attack was so prominently in the news.
Quick overview first, with more in-depth explanation below:
(1) First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git.
(2) Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation.
(3) And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories.
-
[Older] Wire’s independent security review
Ever since Wire launched end-to-end encryption and open sourced its apps one question has consistently popped up: “Is there an independent security review available?” Well, there is now!
-
Malware Lets a Drone Steal Data by Watching a Computer’s Blinking LED
-
FCC to halt rule that protects your private data from security breaches
The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information.
The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening.
The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information—such as Social Security numbers, financial and health information, and Web browsing data—from theft and data breaches.
"Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2," an FCC spokesperson said in a statement to Ars.
-
Google releases details of another Windows bug
-
How to secure the IoT in your organisation: advice and best practice for securing the Internet of Things
All of the major technology vendors are making a play in the Internet of Things space and there are few organisations that won’t benefit from collecting and analysing the vast array of new data that will be made available.
But the recent Mirai botnet is just one example of the tremendous vulnerabilities that exist with unsecured access points. What are the main security considerations and best practices, then, for businesses seeking to leverage the potential of IoT?
-
- Login or register to post comments
- Printer-friendly version
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Security Leftovers
GNOME News
Linux and Graphics
today's howtos
Recent comments
3 weeks 3 days ago
3 weeks 5 days ago
5 weeks 3 days ago
13 weeks 1 day ago
13 weeks 4 days ago
16 weeks 6 days ago
18 weeks 5 days ago
20 weeks 1 day ago
20 weeks 1 day ago
20 weeks 3 days ago