April 2021 – Page 2 – SSL and internet security news

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

April 19, 2021 infossl

apple, exploits, fbi, hacking, iphone, Security technology, terrorism, Uncategorized

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called … Read More “Details on the Unlocking of the San Bernardino Terrorist’s iPhone” »

Friday Squid Blogging: Blobs of Squid Eggs Found Near Norway

April 16, 2021 infossl

Security technology, squid, Uncategorized

Divers find three-foot “blobs” — egg sacs of the squid Illex coindetii — off the coast of Norway. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Cybersecurity Experts to Follow on Twitter

April 16, 2021 infossl

cybersecurity, Schneier news, Security technology, twitter, Uncategorized

Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If you are one of the 134K people who read me from Twitter, “hi.”) Powered by WPeMatico

NSA Discloses Vulnerabilities in Microsoft Exchange

April 16, 2021 infossl

disclosure, microsoft, nsa, patching, Security technology, Uncategorized, vulnerabilities

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA. Powered by WPeMatico

DNI’s Annual Threat Assessment

April 15, 2021 infossl

cybersecurity, national security policy, Security technology, supply chain, threat models, Uncategorized

The office of the Director of National Intelligence released its “Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around … Read More “DNI’s Annual Threat Assessment” »

More Biden Cybersecurity Nominations

April 13, 2021 infossl

cybersecurity, national security policy, nsa, Security technology, Uncategorized

News: President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). I know them both, and think they’re both good choices. More news. Powered by WPeMatico

Friday Squid Blogging: Jurassic Squid and Prey

April 9, 2021 infossl

Security technology, squid, Uncategorized

A 180-million-year-old Vampire squid ancestor was fossilized along with its prey. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Backdoor Added — But Found — in PHP

April 9, 2021 infossl

authentication, backdoors, hacking, open source, Security technology, supply chain, Uncategorized

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internet’s websites use PHP, it’s scary. Developers … Read More “Backdoor Added — But Found — in PHP” »

Google’s Project Zero Finds a Nation-State Zero-Day Operation

April 8, 2021 infossl

cyberattack, google, Security technology, terrorism, Uncategorized, zero-day

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to … Read More “Google’s Project Zero Finds a Nation-State Zero-Day Operation” »

Signal Adds Cryptocurrency Support

April 7, 2021 infossl

cryptocurrency, encryption, privacy, Security technology, signal, Uncategorized

According to Wired, Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.” Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend … Read More “Signal Adds Cryptocurrency Support” »