November 2021 – SSL and internet security news

Intel is Maintaining Legacy Technology for Security Research

November 30, 2021 infossl

Interesting: Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old products that remain in widespread use, vulnerable to attacks. Intel’s answer to … Read More “Intel is Maintaining Legacy Technology for Security Research” »

Friday Squid Blogging: Bobtail Squid and Vibrio Bacteria

November 26, 2021 infossl

Security technology, squid, Uncategorized

Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Proposed UK Law Bans Default Passwords

November 26, 2021 infossl

Security technology, Uncategorized

Following California’s lead, a new UK law would ban default passwords in IoT devices. Powered by WPeMatico

Apple Sues NSO Group

November 24, 2021 infossl

apple, courts, exploits, Security technology, spyware, Uncategorized

Piling more on NSO Group’s legal troubles, Apple is suing it: The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. … Read More “Apple Sues NSO Group” »

“Crypto” Means “Cryptography,” not “Cryptocurrency”

November 22, 2021 infossl

cryptocurrency, cryptography, Security technology, Uncategorized

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one. Powered by WPeMatico

Friday Squid Blogging: Bigfin Squid Captured on Video

November 19, 2021 infossl

Security technology, squid, Uncategorized

“Eerie video captures elusive, alien-like squid gliding in the Gulf of Mexico.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

New Rowhammer Technique

November 19, 2021 infossl

hardware, Security technology, side-channel attacks, Uncategorized

Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancement: All previous Rowhammer … Read More “New Rowhammer Technique” »

Is Microsoft Stealing People’s Bookmarks?

November 17, 2021 infossl

browsers, microsoft, privacy, Security technology, Uncategorized, web privacy

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this … Read More “Is Microsoft Stealing People’s Bookmarks?” »

Wire Fraud Scam Upgraded with Bitcoin

November 16, 2021 infossl

bitcoin, cryptocurrency, fbi, fraud, scams, Security technology, Uncategorized

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam: As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company. … Read More “Wire Fraud Scam Upgraded with Bitcoin” »

Why I Hate Password Rules

November 16, 2021 infossl

Security technology, Uncategorized

The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~ Which was rejected by the site, because it didn’t meet their password security rules. It took me a … Read More “Why I Hate Password Rules” »