Language Selection

English French German Italian Portuguese Spanish

Security: E-Mail Vulnerability, Reproducible Builds, 'IoT', YouTube and Mythology About Security (Back Doors Intentional)

Filed under
Security
  • Obscure E-Mail Vulnerability

     

    I think the problem is more subtle. It's an example of two systems without a security vulnerability coming together to create a security vulnerability. As we connect more systems directly to each other, we're going to see a lot more of these. And like this Google/Netflix interaction, it's going to be hard to figure out who to blame and who -- if anyone -- has the responsibility of fixing it.

  • Reproducible Builds: Weekly report #154
  • A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

     

    ou know by now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.

  • Feral Interactive Releases GameMode, YouTube Music Videos Hacked, Oregon Passes Net Neutrality Law and More

    YouTube was hacked this morning, and many popular music videos were defaced, including the video for the hit song Despacito, as well as videos by Shakira, Selena Gomez, Drake and Taylor Swift. According to the BBC story, "A Twitter account that apparently belongs to one of the hackers posted: 'It's just for fun, I just use [the] script 'youtube-change-title-video' and I write 'hacked'."

  • Despacito YouTube music video hacked plus other Vevo clips

    YouTube's music video for the hit song Despacito, which has had over five billion views, has been hacked.

    More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo.

    [...]

    Cyber-security expert Prof Alan Woodward, from Surrey University, said it was unlikely that the hacker was able to gain access so easily.

  • YouTube Hacked? Most Watched Video “Despacito” And Other Clips Deleted (And Restored)

    Just five days ago, Luis Fonsi’s viral Despacito music video earned the title of world’s most watched video on YouTube with more than 5 billion views. Apparently, YouTube hackers managed to delete the video, along with other Vevo clips.

    However, as per the latest development, the deleted videos have been restored on the website. Earlier, after the hack, Despacito video showed a thumbnail with masked people holding guns. After clicking the video, it said: “This video is unavailable.”

  • Mythology about security…

    Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day.  Getting security right is really, really hard, and current efforts towards “back doors”, or other access is misguided. We haven’t even recovered from the previous rounds of government regulations, which has caused excessive complexity in an already difficult problem and many serious security problems. Let us not repeat this mistake…

More in Tux Machines

GNU: The GNU C Library, IRC Break, and GNUstep

  • Intel CET With Indirect Branch Tracking & Shadow Stack Land In Glibc
    Landing yesterday in Glibc for Intel's Control-flow Enforcement Technology (CET) were the instructions for Indirect Branch Tracking (IBT) and Shadow Stack (SHSTK). These Intel CET bits for the GNU C Library amount to a fair amount of code being added. The commit message explains some of the CET steps taken. The Control-flow Enforcement Technology behavior can be changed for SHSTK/IBT at run-time through the "GLIBC_TUNABLES" environment variable.
  • No Friday Free Software Directory IRC meetup on Friday July 20th
    No meeting will be taking place this week due to travel, but meetings will return to our regular schedule starting on Friday, July 27th.
  • Graphos GNUstep and Tablet interface
    I have acquired a Thinkpad X41 Tablet and worked quite a bit on it making it usable and then installing Linux and of course GNUstep on it. The original battery was dead and the compatible replacement I got is bigger, it works very well, but makes the device unbalanced. Anyway, my interest about it how usable GNUstep applications would be and especially Graphos, its (and my) drawing application. Using the interface in Tablet mode is different: the stylus is very precise and allows clicking by pointing the tip and a second button is also possible. However, contrary to the mouse use, the keyboard is folded so no keyboard modifiers are possible. Furthermore GNUstep has no on-screen keyboard so typing is not possible.

Oracle Solaris 11.3 and Solaris 11.4

  • Oracle Solaris 11.3 SRU 34 Brings GCC 7.3, Other Package Updates
    While Solaris 11.4 is still in the oven being baked at Oracle, the thirty-fourth stable release update of Solaris 11.3 is now available.
  • Oracle Solaris 11.3 SRU 34 released
    Full details of this SRU can be found in My Oracle Support Doc 2421850.1. For the list of Service Alerts affecting each Oracle Solaris 11.3 SRU, see Important Oracle Solaris 11.3 SRU Issues (Doc ID 2076753.1).
  • Oracle Solaris 11.4 Open Beta Refresh 2
    As we continue to work toward release of Oracle Solaris 11.4, we present to you our third release of Oracle Solaris 11.4 open beta.
  • Oracle Solaris 11.4 Public Beta Updated With KPTI For Addressing Meltdown
    In addition to sending down a new SRU for Solaris 11.3, the Oracle developers left maintaining Solaris have issued their second beta of the upcoming Solaris 11.4. Oracle Solaris 11.4 Open Beta Refresh 2 is an updated version of their public beta of Solaris 11.4 originally introduced in January. They say this is the last planned public beta with the general availability release now nearing availability.

Security: Back Doors in Voting Machines, Two-Factor Authentication, Introduction to Cybersecurity, and Reproducible Builds

  • Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
    The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them. The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.
  • PSA: Make Sure You Have a Backup for Two-Factor Authentication
  • An Introduction to Cybersecurity: The First Five Steps
    You read all these headlines about the latest data breaches, and you worry your organization could be next. After all, if TalkTalk, Target, and Equifax can’t keep their data safe, what chance do you have? Well, thankfully, most organizations aren’t quite as high profile as those household names, and probably don’t receive quite so much attention from cybercriminals. At the same time, though, no organization is so small or insignificant that it can afford to neglect to take sensible security measures. If you’re just starting to take cybersecurity seriously, here are five steps you can take to secure your organization more effectively than 99 percent of your competitors.
  • Reproducible Builds: Weekly report #168

today's howtos