Uncategorized – Page 61 – SSL and internet security news

An Untrustworthy TLS Certificate in Browsers

November 10, 2022 infossl

browsers, certificates, Security technology, tls, trust, Uncategorized

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding … Read More “An Untrustworthy TLS Certificate in Browsers” »

Defeating Phishing-Resistant Multifactor Authentication

November 9, 2022 infossl

authentication, phishing, Security technology, two-factor authentication, Uncategorized

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful. Powered by WPeMatico

Using Wi-FI to See through Walls

November 8, 2022 infossl

academic papers, drones, privacy, Security technology, surveillance, Uncategorized, Wi-Fi

This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find … Read More “Using Wi-FI to See through Walls” »

The Conviction of Uber’s Chief Security Officer

November 7, 2022 infossl

courts, cover-ups, cyberattack, cybersecurity, data breaches, data protection, Security technology, uber, Uncategorized

I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, … Read More “The Conviction of Uber’s Chief Security Officer” »

Friday Squid Blogging: Newfoundland Giant Squid Sculpture

November 4, 2022 infossl

Security technology, squid, Uncategorized

In 1878, a 55-foot-long giant squid washed up on the shores of Glover’s Harbour, Newfoundland. It’s the largest giant squid ever recorded—although scientists now think that the size was an exaggeration or the result of postmortem stretching—and there’s a full-sized statue of it near the beach where it was found. As usual, you can also … Read More “Friday Squid Blogging: Newfoundland Giant Squid Sculpture” »

NSA on Supply Chain Security

November 4, 2022 infossl

infrastructure, nsa, operational security, reports, Security technology, supply chain, Uncategorized

The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the … Read More “NSA on Supply Chain Security” »

Iran’s Digital Surveillance Tools Leaked

November 1, 2022 infossl

iran, leaks, privacy, Security technology, surveillance, Uncategorized

It’s Iran’s turn to have its digital surveillance tools leaked: According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections … Read More “Iran’s Digital Surveillance Tools Leaked” »

Apple Only Commits to Patching Latest OS Version

October 31, 2022 infossl

apple, ios, patching, Security technology, Uncategorized

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica: In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent … Read More “Apple Only Commits to Patching Latest OS Version” »

Friday Squid Blogging: Chinese Squid Fishing

October 28, 2022 infossl

china, Security technology, squid, Uncategorized

China claims that it is “engaging in responsible squid fishing”: Chen Xinjun, dean of the College of Marine Sciences at Shanghai Ocean University, made the remarks in response to recent accusations by foreign reporters and actor Leonardo DiCaprio that China is depleting its own fish stock and that Chinese boats have sailed to other waters … Read More “Friday Squid Blogging: Chinese Squid Fishing” »

Critical Vulnerability in Open SSL

October 28, 2022 infossl

patching, Security technology, ssl, Uncategorized, vulnerabilities

There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It’s likely to be abused to disclose server memory contents, and potentially … Read More “Critical Vulnerability in Open SSL” »