The overlay skimming devices pictured here include their own tiny magnetic read heads to snarf card data from the magnetic stripe when customers swipe their cards. Consequently, those tiny readers often interfere with the legitimate magnetic card reader on the underlying device, meaning compromised self-checkout lines may move a bit slower than others.
We must stop trying to fix the user to achieve security. We’ll never get there, and research toward those goals just obscures the real problems. Usable security does not mean “getting people to do what we want.” It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users’ security goals without — as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it — “stress of mind, or knowledge of a long series of rules.”
The problems didn’t lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock’s companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.
In plain English, they’re abandoning their wired Internet for a mobile-data-only diet — and if the trend continues, it could reflect a huge shift in the way we experience the Web.
Seventeen percent of households making between $75,000 and $100,000 are mobile-only now, compared with 8 percent two years ago. And 15 percent of households earning more than $100,000 are mobile-only, versus 6 percent in 2013.
HDMI is a horrid format; it was badly thought out and badly designed, and the failures of its design are so apparent that they could have been addressed and resolved with very little fuss. Why they weren’t, exactly, is really anyone’s guess, but the key has to be that the standard was not intended to provide a benefit to the consumer, but to such content providers as movie studios and the like. It would have been in the consumer’s best interests to develop a standard that was robust and reliable over distance, that could be switched, amplified, and distributed economically, and that connects securely to devices; but the consumer’s interests were, sadly, not really a priority for the developers of the HDMI standard.
How do you recognize a good API? It’s tough, but one thing is sure, a good interface allows easy swapping of components. If it doesn’t allow easy swapping of components, it’s not a good interface.
Throughout systemd there is a lack of understanding of proper interfaces. Making the GUI depend on a particular init system is a particularly obvious example of poor design, but the code was written from a ‘code first’ perspective rather than an ‘interface first’ perspective.
Many of the most serious flaws revealed a kind of sloppiness in the design and production of the devices, Brandon Creighton, Veracode’s research architect, told The Security Ledger. For example: both the Ubi and Wink Relay devices left debugging interfaces exposed and unsecured in their shipped product. That could provide an avenue for attackers who had access to the same network as the device to steal information or bypass other security controls.
Exposed debugging interfaces are useful during product testing, but have little or no utility to consumers. That suggests that the companies merely forgot to restrict access to them before shipping, Creighton said.
I was just thinking about how useful and simple ssh is for doing end to end encryption for various services before being notified of this post. On a linux box you can ssh -X remotehost and bring up any X-windowed app from a terminal command. Very simple. Very useful. Very secure. For copying files there’s the scp command. And one final shout out to the sshfs command for mounting remote filesystems.
F.B. Purity is a browser extension / add-on that lets you clean up and customise Facebook. It filters out the junk you don’t want to see, leaving behind the stories and page elements you do wish to see. The list of story types that FBP hides is customizable to your taste.
IPMI runs regardless of the underlying operating system and operates on UDP port 623 through a server’s network port or its own Ethernet port. It runs continuously, Farmer said, unless the plug is literally pulled. Moore’s scan pulled up 230,000 responses over port 623, an admittedly tiny slice of the overall number of implementations. Yet Farmer concludes that 90 percent of BMCs running IPMI could be compromised because of default or weak passwords or weaknesses in the protocol, not only implicating the host server but others in the same management group because, as he discovered, some vendors share common passwords.
BMC = Baseboard Management Controller, a separate device attached to motherboards for management purposes. This isn’t the first article to point out vulnerabilities in IPMI. It has been noted that IPMI should run on its own intranet and not the public internet. Providing another layer of security to this interface may mitigate any problems. IPMI can’t be any less secure than SNMP.
