Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hackers [sic] boast of ease of bypassing security

    According to Pogue, the Nuix report challenges the common media narrative that data breaches are hard to prevent because cyber attacks are becoming more sophisticated and, he notes that nearly a quarter of Black Report respondents (22%) said they used the same attack techniques for a year or more.

  • One-in-five cybercriminals blow their earnings on drugs and hookers

    The research was carried out by Dr Mike McGuire, a senior lecturer in Criminology at the University of Surrey. He's presenting the full research paper in San Francisco later in the month.

  • Thousands of hacked websites are infecting visitors with malware

    The campaign, which has been running for at least four months, is able to compromise websites running a variety of content management systems, including WordPress, Joomla, and SquareSpace. That's according to a blog post by Jérôme Segura, lead malware intelligence analyst at Malwarebytes. The hackers, he wrote, cause the sites to display authentic-appearing messages to a narrowly targeted number of visitors that, depending on the browsers they're using, instruct them to install updates for Firefox, Chrome, or Flash.

    To escape detection, the attackers fingerprint potential targets to ensure, among other things, that the fake update notifications are served to a single IP address no more than once. [...]

  • Open Letter On Ending Attacks On Security Research

    The Center for Democracy and Technology has put together an important letter from experts on the importance of security research. This may sound obvious, but increasingly we're seeing attacks on security researchers, where the messenger is blamed for finding and/or disclosing bad security practices or breaches -- and that makes us all less safe by creating chilling effects.

  • D.C. Court: Accessing Public Information is Not a Computer Crime

    Good news for anyone who uses the Internet as a source of information: A district court in Washington, D.C. has ruled that using automated tools to access publicly available information on the open web is not a computer crime—even when a website bans automated access in its terms of service. The court ruled that the notoriously vague and outdated Computer Fraud and Abuse Act (CFAA)—a 1986 statute meant to target malicious computer break-ins—does not make it a crime to access information in a manner that the website doesn’t like if you are otherwise entitled to access that same information.

    The case, Sandvig v. Sessions, involves a First Amendment challenge to the CFAA’s overbroad and imprecise language. The plaintiffs are a group of discrimination researchers, computer scientists, and journalists who want to use automated access tools to investigate companies’ online practices and conduct audit testing. The problem: the automated web browsing tools they want to use (commonly called “web scrapers”) are prohibited by the targeted websites’ terms of service, and the CFAA has been interpreted by some courts as making violations of terms of service a crime. The CFAA is a serious criminal law, so the plaintiffs have refrained from using automated tools out of an understandable fear of prosecution. Instead, they decided to go to court. With the help of the ACLU, the plaintiffs have argued that the CFAA has chilled their constitutionally protected research and journalism.

    The CFAA makes it illegal to access a computer connected to the Internet “without authorization,” but the statute doesn’t tells us what “authorization” or “without authorization” means. Even though it was passed in the 1980s to punish computer intrusions, it has metastasized in some jurisdictions into a tool for companies and websites to enforce their computer use policies, like terms of service (which no one reads). Violating a computer use policy should by no stretch of the imagination count as a felony.

  • Blockchain Open Source Code Is Failing On Security Says CAST [Ed: Some so-called 'journalists' entertain self-serving publicity stunt of malicious firms that FUD FOSS for attention]
  • Open source lessons for the cyber security industry

    The only way to win the war against cyber "bad guys" is if cyber security follows the example set by the open source movement and democratises, making it everyone's responsibility.

    That's the view of Marten Micklos, CEO of HackerOne, the bug bounty and vulnerability coordination platform. Speaking at the recent Linux Foundation's Open Source Leadership Summit in California, he told delegates that the security industry could benefit from the way in which open source had built the functionality and conflict resolution governance that enabled people, including those who disagreed, to work together to achieve a common goal.

More in Tux Machines

OSS/Microsoft Openwashing Leftovers

Brave and Firefox Latest

  • Brave Browser Team Up With Tor
     

    TOR [sic] or The Onion Router uses technology that separates your computer from the website you’re viewing by routing the network traffic through 3 seperate servers before it reaches your computer. That being said Brave Core Beta hasn’t been fully tested yet so “users should not rely on it for serious use just yet,” Brave said.

  •  
  • Your RSS is grass: Mozilla euthanizes feed reader, Atom code in Firefox browser, claims it's old and unloved
    When Firefox 64 arrives in December, support for RSS, the once celebrated content syndication scheme, and its sibling, Atom, will be missing. "After considering the maintenance, performance and security costs of the feed preview and subscription features in Firefox, we’ve concluded that it is no longer sustainable to keep feed support in the core of the product," said Gijs Kruitbosch, a software engineer who works on Firefox at Mozilla, in a blog post on Thursday. RSS – which stands for Rich Site Summary, RDF Site Summary, or Really Simple Syndication, as you see fit – is an XML-based format for publishing and subscribing to web content feeds. It dates back to 1999 and for a time was rather popular, but been disappearing from a variety of applications and services since then. Mozilla appears to have gotten the wrecking ball rolling in 2011 when it removed the RSS button from Firefox. The explanation then was the same as it is now: It's just not very popular.
  • Cameron Kaiser: It's baaaaa-aaack: TenFourFox Intel
    It's back! It's undead! It's ugly! It's possibly functional! It's totally unsupported! It's ... TenFourFox for Intel Macs! Years ago as readers of this blog will recall, Claudio Leite built TenFourFox 17.0.2 for Intel, which the update check-in server shows some determined users are still running to this day on 10.5 and even 10.4 despite various problems such as issue 209. However, he didn't have time to maintain it, and a newer version was never built, though a few people since then have made various attempts and submitted some patches. One of these attempts is now far enough along to the point where I'm permitted to announce its existence. Riccardo Mottola has done substantial work on getting TenFourFox to build and run again on old Intel Macs with a focus on 32-bit compatibility, and his patches have been silently lurking in the source code repository for some time. Along with Ken Cunningham's additional work, who now also has a MacPorts portfile so you can build it yourself (PowerPC support in the portfile is coming, though you can still use the official instructions, of course), enough functions in the new Intel build that it can be used for basic tasks.

Security: 'Smart' Locks, Windows in Weapons

Android Leftovers