Security Leftovers

• Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

• Why aren’t chip credit cards stopping “card present” fraud in the US?

  Chip cards work by creating a unique code for each transaction, and (ideally) require a customer to enter a PIN to verify that they want to make the purchase. This doesn't make it impossible to steal information from chip-based cards, but it does make it much harder to reuse a stolen card. By contrast, using a magnetic stripe to swipe a card simply offers all the relevant information to the merchant's card reader, which is much easier for a bad actor to steal.

  Gemini Advisory now says that 60 million credit and debit card numbers were stolen in the US in the past 12 months, and most of those were chip-based cards.

• Encryption bill: US academic questions what law is trying to achieve

  American cryptography fellow Riana Pfefferkorn has questioned what end the Federal Government's encryption bill is trying to achieve, asking whether the ends of keeping crime under control could not be achieved by other means.

• Encryption bill: 'systemic weakness' eludes definition

  The Federal Government is yet to properly define in its encryption bill what a systemic weakness means, and the question came up more than once for discussion during the second hearing on the bill before the Parliamentary Joint Committee on Security and Intelligence.

• Minister in Charge of Japan’s Cybersecurity Says He Has Never Used a Computer

  But one is. Japanese lawmakers were aghast on Wednesday when Yoshitaka Sakurada, 68, the minister who heads the government’s cybersecurity office, said during questioning in Parliament that he had no need for the devices, and appeared confused when asked basic technology questions.

• Former Facebook security chief: 'I failed to prepare my employer' on Russian disinformation

  While Stamos took some blame, in a tweet thread he also took at aim at other groups he felt were partially responsible for enabling Russian election interference and credited Facebook for going public with information about misinformation campaigning on its platform when other companies did not.

• Companies keep losing your data because it doesn't cost them anything

  Why does this keep happening? Because it's affordable. In 2014, Home Depot breached more than 50,000,000 credit-cards; in 2016, they paid less than $0.34/customer in restitution.

• Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data

  When criminal [crackers] keep breaking into big company networks to grab consumer data, the reason comes down to dollars and nonsense.

Ubuntu Mir's EGMDE Desktop Getting Experimental XWayland

Ubuntu's little known EGMDE example Mir desktop that is mostly a proving grounds for Mir development is now receiving support for XWayland for being able to run X11 applications within this example environment. Lead Mir developer Alan Griffiths posted about initial XWayland support for EGMDE but that it is "highly experimental, and can crash the desktop." This support is available via the "edge" EGMDE Snap.

Devices: Coreboot, Toradex and Digi, Raspberry Pi 3 Model A+

• Another Micro-ATX Haswell Era Motherboard Working With Coreboot But Needs Tiny Blob

  There are many Sandy Bridge era motherboards that have been freed by Coreboot while if you are looking for more options on something (slightly) newer, a micro-ATX Haswell-era motherboard from ASRock now works under this open-source BIOS implementation. The ASRock H81M-HDS is the latest motherboard port now mainline in Coreboot. The ASRock H81M-HDS supports Haswell Core and Xeon CPUs, supports two DDR3/DDR3L DIMMs, one PCI Express x16 slot, onboard display outputs, four SATA ports, and multiple USB3/USB2 ports. This motherboard can be found refurbished still from some Internet shops for about $70 USD.

• Toradex and Digi launch i.MX8X-based Colibri and ConnectCore COMs

  Toradex and Digi have released Linux-friendly i.MX8X-based modules via early access programs. The Colibri iMX8X and Digi ConnectCore 8X each provide WiFi-ac and Bluetooth 4.2. NXP’s i.MX8X SoC has made quite a splash this week. Eight months after Phytec announced an i.MX8X-based phyCORE-i.MX 8X module, Variscite unveiled a VAR-SOM-MX8X module and then Congatec followed up with the Qseven form-factor Conga-QMX8X and SMARC 2.0 Conga-SMX8X. Now Toradex and Digi are beginning shipments of i.MX8X based modules for early access customers.

• New Raspberry Pi 3 Model A+ launched for only $25

Mozilla Firefox and Google Chrome: Net Neutrality Stance, Mozilla, a VR Work, Firefox Monitor and 5 Best Chrome Extensions For Productivity

• Mozilla Fights On For Net Neutrality

  Mozilla took the next step today in the fight to defend the web and consumers from the FCC’s attack on an open internet. Together with other petitioners, Mozilla filed our reply brief in our case challenging the FCC’s elimination of critical net neutrality protections that require internet providers to treat all online traffic equally. The fight for net neutrality, while not a new one, is an important one. We filed this case because we believe that the internet works best when people control for themselves what they see and do online. The FCC’s removal of net neutrality rules is not only bad for consumers, it is also unlawful. The protections in place were the product of years of deliberation and careful fact-finding that proved the need to protect consumers, who often have little or no choice of internet provider. The FCC is simply not permitted to arbitrarily change its mind about those protections based on little or no evidence. It is also not permitted to ignore its duty to promote competition and protect the public interest. And yet, the FCC’s dismantling of the net neutrality rules unlawfully removes long standing rules that have ensured the internet provides a voice for everyone. Meanwhile, the FCC’s defenses of its actions and the supporting arguments of large cable and telco company ISPs, who have come to the FCC’s aid, are misguided at best. They mischaracterize the internet’s technical structure as well as the FCC’s mandate to advance internet access, and they ignore clear evidence that there is little competition among ISPs. They repeatedly contradict themselves and have even introduced new justifications not outlined in the FCC’s original decision to repeal net neutrality protections.

• Virtual meeting rooms don’t have to be boring. We challenge you to design better ones!

  Mozilla’s mission is to make the Internet a global public resource, open and accessible to all, including innovators, content creators, and builders on the web. VR is changing the very future of web interaction, so advancing it is crucial to Mozilla’s mission. That was the initial idea behind Hubs by Mozilla, a VR interaction platform launched in April 2018 that lets you meet and talk to your friends, colleagues, partners, and customers in a shared 360-environment using just a browser, on any device from head-mounted displays like HTC Vive to 2D devices like laptops and mobile phones. Since then, the Mozilla VR team has kept integrating new and exciting features to the Hubs experience: the ability bring videos, images, documents, and even 3D models into Hubs by simply pasting a link. In early October, two more useful features were added: drawing and photo uploads.

• New Raspbian Update, Qt Creator 4.8 Beta2 Released, Firefox Monitor Now Available in More Than 26 Languages, Chrome OS Linux Soon Will Have Access to Downloads Folder and Canonical Extends Ubuntu 18.04 Long-Term Support

  Firefox Monitor, the free services that tells you whether your email has been part of a security breach, is now available in more than 26 languages: "Albanian, Traditional and Simplified Chinese, Czech, Dutch, English (Canadian), French, Frisian, German, Hungarian, Indonesian, Italian, Japanese, Malay, Portuguese (Brazil), Portuguese (Portugal), Russian, Slovak, Slovenian, Spanish (Argentina, Mexico, and Spain), Swedish, Turkish, Ukranian and Welsh." Along with this, Mozilla also announced that it has added "a notification to our Firefox Quantum browser that alerts desktop users when they visit a site that has had a recently reported data breach". See the Mozilla blog for details.

• 5 Best Chrome Extensions For Productivity That You Should Use In 2019

  Google is the most popular browser around and supports a vast number of extensions as well. Since there are a lot of Chrome addons available in the Chrome Web Store, picking the best Google Chrome extension can be quite a task. Also, it is quite easy to get distracted on the web and lose track of time. Thankfully, several good extensions for productivity are available that can help you focus on your tasks, save time by prioritizing them and skillfully manage your to-do list. So here is a list of excellent Google Chrome extensions for productivity for the year 2019 that will assist you in your work in.