Informations about SSL certificates and networks security
Regularly I receive mail from people wanting to advertise on, write for, or sponsor posts on my blog. My rule is that I say no to everyone. There is no amount of money or free stuff that will get me to write about your security product or service. With regard to squid, however, I have … Read More “Friday Squid Blogging: Squid Empire Is a New Book” »
The large accountancy firm Deloitte was hacked, losing client e-mails and files. The hackers had access inside the company’s networks for months. Deloitte is doing its best to downplay the severity of this hack, but Bran Krebs reports that the hack “involves the compromise of all administrator accounts at the company as well as Deloitte’s … Read More “Deloitte Hacked” »
There’s a newly discovered bug in Internet Explorer that allows any currently visited website to learn the contents of the address bar when the user hits enter. This feels important; the site I am at now has no business knowing where I go next. Powered by WPeMatico
New rules give the DHS permission to collect “social media handles, aliases, associated identifiable information, and search results” as part of people’s immigration file. The Federal Register has the details, which seems to also include US citizens that communicate with immigrants. This is part of the general trend to scrutinize people coming into the US … Read More “Department of Homeland Security to Collect Social Media of Immigrants and Citizens” »
Under European law, service providers like Tinder are required to show users what information they have on them when requested. This author requested, and this is what she received: Some 800 pages came back containing information such as my Facebook “likes,” my photos from Instagram (even after I deleted the associated account), my education, the … Read More “The Data Tinder Collects, Saves, and Uses” »
Wired has a story about a possible GPS spoofing attack by Russia: After trawling through AIS data from recent years, evidence of spoofing becomes clear. Goward says GPS data has placed ships at three different airports and there have been other interesting anomalies. “We would find very large oil tankers who could travel at the … Read More “GPS Spoofing Attacks” »
The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions … Read More “ISO Rejects NSA Encryption Algorithms” »
New York Times reporter Charlie Savage writes about some bad statistics we’re all using: Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about the volume of internet communications the National Security Agency was collecting under … Read More “What the NSA Collects via 702” »
This is a good interview with Apple’s SVP of Software Engineering about FaceID. Honestly, I don’t know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can’t be hacked with fake faces. I dislike the fact that the police can point the phone at someone … Read More “Apple’s FaceID” »
A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensive vulnerabilities discovered recently in a Broadcom Wi-Fi … Read More “Bluetooth Vulnerabilities” »