infossl – Page 129 – SSL and internet security news

The Insecurity of WordPress and Apache Struts

March 18, 2020 infossl

apache, reports, Security technology, securityengineering, vulnerabilities

Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails … Read More “The Insecurity of WordPress and Apache Struts” »

TSA Admits Liquid Ban Is Security Theater

March 16, 2020 infossl

airtravel, medicine, Security technology, securitytheater, tsa

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened … Read More “TSA Admits Liquid Ban Is Security Theater” »

Friday Squid Blogging: New Report on Squid Markets

March 13, 2020 infossl

Security technology, squid

This report costs $2,000. (Please don’t buy it for me.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

The EARN-IT Act

March 13, 2020 infossl

backdoors, children, cryptography, cryptowars, encryption, Security technology

Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it’s really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a “National Commission on Online Child Sexual Exploitation Prevention” tasked with developing “best practices” for owners … Read More “The EARN-IT Act” »

The Whisper Secret-Sharing App Exposed Locations

March 12, 2020 infossl

blackmail, children, datacollection, dataloss, leaks, secretsharing, Security technology

This is a big deal: Whisper, the secret-sharing app that called itself the “safest place on the Internet,” left years of users’ most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed. […] The records were viewable … Read More “The Whisper Secret-Sharing App Exposed Locations” »

LA Covers Up Bad Cybersecurity

March 11, 2020 infossl

coverups, cybersecurity, Security technology, utilities, vulnerabilities

This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city’s mayor. Powered by WPeMatico

CIA Dirty Laundry Aired

March 10, 2020 infossl

cia, cybersecurity, hacking, leaks, passwords, Security technology

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA’s security that it wasn’t able to keep Schulte out, … Read More “CIA Dirty Laundry Aired” »

Cybersecurity Law Casebook

March 9, 2020 infossl

courts, cybersecurity, laws, Security technology

Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this. Powered by WPeMatico

Friday Squid Blogging: The Effect of Noise on Squid

March 6, 2020 infossl

Security technology, squid

Two articles. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

More on Crypto AG

March 6, 2020 infossl

assassinations, backdoors, cia, cryptography, intelligence, privacy, Security technology, surveillance

One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end: …in South America, for instance, many of the governments that were using Crypto machines were … Read More “More on Crypto AG” »