The fundamental problem, however, is Republican insiders who have convinced themselves that to keep and hold power, they need to trash the shared beliefs that hold American democracy together.
Tag Archives: security
Torvalds Expresses Concerns Over Current “Kernel Lockdown” Approach
Linus describes Secure Boot as being “pushed in your face by people with an agenda.” But his real problem is that Secure Boot would then imply Kernel Lockdown mode.
Source: Torvalds Expresses Concerns Over Current “Kernel Lockdown” Approach – Phoronix
Equifax Breach Response Turns Dumpster Fire
I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.
Source: Equifax Breach Response Turns Dumpster Fire — Krebs on Security
Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency
“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur.
Source: Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency – The New York Times
How IoT hackers turned a university’s network against itself
While this incident represents one of the first of its kind, the bad news is this form of attack is only going to become more common as more and more everyday items get connected to the internet, providing hackers with greater numbers of potential zombie devices.”
The reason behind it is the issue of default credentials for wireless devices. This is going to bring billions of devices into the fold by 2020, which is only three years away. Whenever it is, there’s going to be so many of these things used by people with very limited understanding of what they are,” says Dine.
Source: How IoT hackers turned a university’s network against itself | ZDNet
The network that IoT devices must use should be isolated and secured by a firewall. This isn’t that difficult to do.
How to Spot Ingenico Self-Checkout Skimmers
The overlay skimming devices pictured here include their own tiny magnetic read heads to snarf card data from the magnetic stripe when customers swipe their cards. Consequently, those tiny readers often interfere with the legitimate magnetic card reader on the underlying device, meaning compromised self-checkout lines may move a bit slower than others.
Source: How to Spot Ingenico Self-Checkout Skimmers — Krebs on Security
Rudy Giuliani is an absurd choice to defend the US from hackers
While it’s amusing to make fun of Giuliani, hiring people with little or no bona fide security experience to head up cybersecurity practices in government is sadly a tried and true pastime in Washington. Instead of tapping actual computer security experts, politicians in many cases continue to put their friends or people they know in charge of a monumental problem that requires expertise beyond having many political connections or relationships with donors.
From: Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’
“You can probably break into Giuliani’s server,” said Robert Graham of Errata Security. “I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses.
“But that doesn’t matter. There’s nothing on Giuliani’s server worth hacking.”
Stop Trying to Fix the User
We must stop trying to fix the user to achieve security. We’ll never get there, and research toward those goals just obscures the real problems. Usable security does not mean “getting people to do what we want.” It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users’ security goals without — as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it — “stress of mind, or knowledge of a long series of rules.”
Source: Security Design: Stop Trying to Fix the User – Schneier on Security
Social Security Administration Now Requires Two-Factor Authentication
Sadly, it is still relatively easy for thieves to create an account in the name of Americans who have not already created one for themselves. All one would need is the target’s name, date of birth, Social Security number, residential address, and phone number. This personal data can be bought for roughly $3-$4 from a variety of cybercrime shops online.
After that, the SSA relays four multiple-guess, so-called “knowledge-based authentication” or KBA questions from credit bureau Equifax. In practice, many of these KBA questions — such as previous address, loan amounts and dates — can be successfully enumerated with random guessing. What’s more, very often the answers to these questions can be found by consulting free online services, such as Zillow and Facebook.
Source: Social Security Administration Now Requires Two-Factor Authentication — Krebs on Security
Could antivirus software make your computer less safe?
Increasingly, attacks focus on social engineering or phishing that lures users onto compromised websites that can steal information or serve ransomware.
Those websites are so short-lived that antivirus software often doesn’t update fast enough to recognize them, Sjouwerman added.
Source: Could antivirus software make your computer less safe?