Category: Uncategorized

Auto Added by WPeMatico

Other Attempts to Take Over Open Source Projects

Posted on By infossl
backdoors, open source, Security technology, social engineering, Uncategorized

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular … Read More “Other Attempts to Take Over Open Source Projects” »

X.com Automatically Changing Link Text but Not URLs

Posted on By infossl
domain names, phishing, Security technology, twitter, Uncategorized

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would … Read More “X.com Automatically Changing Link Text but Not URLs” »

New Lattice Cryptanalytic Technique

Posted on By infossl
cryptanalysis, cryptography, quantum cryptography, Security technology, Uncategorized

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We … Read More “New Lattice Cryptanalytic Technique” »

Smuggling Gold by Disguising it as Machine Parts

Posted on By infossl
crime, Security technology, smuggling, Uncategorized

Someone got caught trying to smuggle 322 pounds of gold (that’s about 1/4 of a cubic foot) out of Hong Kong. It was disguised as machine parts: On March 27, customs officials x-rayed two air compressors and discovered that they contained gold that had been “concealed in the integral parts” of the compressors. Those gold … Read More “Smuggling Gold by Disguising it as Machine Parts” »

Backdoor in XZ Utils That Almost Happened

Posted on By infossl
backdoors, cybersecurity, economics of security, hacking, linux, malware, open source, Security technology, social engineering, ssh, Uncategorized

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces … Read More “Backdoor in XZ Utils That Almost Happened” »

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

Posted on By infossl
china, email, hacking, microsoft, privacy, Security technology, Uncategorized

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred. The Board … Read More “US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack” »

Security Vulnerability of HTML Emails

Posted on By infossl
email, Security technology, spoofing, Uncategorized, vulnerabilities

This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext … Read More “Security Vulnerability of HTML Emails” »