Security Leftovers
-
One-stop counterfeit certificate shops for all your malware-signing needs
The Stuxnet worm that targeted Iran's nuclear program almost a decade ago was a watershed piece of malware for a variety of reasons. Chief among them, its use of cryptographic certificates belonging to legitimate companies to falsely vouch for the trustworthiness of the malware. Last year, we learned that fraudulently signed malware was more widespread than previously believed. On Thursday, researchers unveiled one possible reason: underground services that since 2011 have sold counterfeit signing credentials that are unique to each buyer.
-
How did OurMine hackers use DNS poisoning to attack WikiLeaks? [Ed: False. They did not attack Wikileaks; they attacked the DNS servers/framework. The corporate media misreported this at the time.
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis.
-
Intel didn't give government advance notice on chip flaws
Google researchers informed Intel of flaws in its chips in June. The company explained in its own letter to lawmakers that it left up to Intel informing the government of the flaws.
Intel said that it did not notify the government at the time because it had “no indication of any exploitation by malicious actors,” and wanted to keep knowledge of the breach limited while it and other companies worked to patch the issue.
The company let some Chinese technology companies know about the vulnerabilities, which government officials fear may mean the information was passed along to the Chinese government, according to The Wall Street Journal.
-
Intel hid CPU bugs info from govt 'until public disclosure'
As iTWire reported recently, Intel faces a total of 33 lawsuits over the two flaws. Additionally, the Boston law firm of Block & Leviton is preparing a class action lawsuit against Intel chief executive Brian Krzanich for allegedly selling a vast majority of his Intel stock after the company was notified of the two security flaws and before they became public.
-
Intel did not tell U.S. cyber officials about chip flaws until made public [iophk: "yeah right"]
Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers [sic] had not exploited the vulnerabilities.
-
LA Times serving cryptocurrency mining script [iophk: "JS"]
The S3 bucket used by the LA Times is apparently world-writable and an ethical hacker [sic] appears to have left a warning in the repository, warning of possible misuse and asking the owner to secure the bucket.
-
Facebook's Mandatory Malware Scan Is an Intrusive Mess
When an Oregon science fiction writer named Charity tried to log onto Facebook on February 11, she found herself completely locked out of her account. A message appeared saying she needed to download Facebook’s malware scanner if she wanted to get back in. Charity couldn’t use Facebook until she completed the scan, but the file the company provided was for a Windows device—Charity uses a Mac.
-
Tinder plugs flaw that enabled account takeover using just a phone number
As Tinder uses Facebook profile pics for its users to lure in a mate or several, the 'dating' app is somewhat tied to the social network. When a swipe-hungry Tinder user comes to login to their account they can either do so via Facebook or use their mobile number.
`
- Login or register to post comments
- Printer-friendly version
- 2499 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago