Informations about SSL certificates and networks security
Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back … Read More “WPA3” »
Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats … Read More “Department of Commerce Report on the Botnet Threat” »
Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it’s interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we humans routinely leave thermal residues on various objects … Read More “Recovering Keyboard Inputs through Thermal Imaging” »
Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function — a process used to install or update subclass windows running on the system — and can be used to modify the properties of windows running in the … Read More “PROPagate Code Injection Seen in the Wild” »
Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
The Intercept has a long story about the NSA’s domestic interception points. Includes some new Snowden documents. Powered by WPeMatico
At least right now, facial recognition algorithms don’t work with Juggalo makeup. Powered by WPeMatico
The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot initiative was already going to be voted on in November, one with even stronger data privacy … Read More “California Passes New Privacy Law” »
Interesting research in using traffic analysis to learn things about encrypted traffic. It’s hard to know how critical these vulnerabilities are. They’re very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting. Powered by WPeMatico