Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • TLS 1.0 and 1.1 Removal Update

    As you may have read last year in the original announcement posts, Safari, Firefox, Edge and Chrome are removing support for TLS 1.0 and 1.1 in March of 2020. If you manage websites, this means there’s less than a year to enable TLS 1.2 (and, ideally, 1.3) on your servers, otherwise all major browsers will display error pages, rather than the content your users were expecting to find.

  • International Conference on Cyber Crime & Legal Compliance
  • Security Think Tank: Understanding tech is key to effective data segregation
  • Nitrokey and Nextcloud collaborate on securing private clouds

    Nitrokey develops fully open and auditable security USB keys for two-factor authentication, cryptographic key storage and much more. Their devices are developed and produced in Germany, primarily in Berlin. No overseas manufacturing is used to ensure quality and avoid hardware security breaches. The installed firmware can even be exported and verified, preventing attackers from inserting backdoors into products during shipping. Nitrokey has many other unique features, like hidden encrypted storage for plausible deniability at border checks. Learn about their offering on their website.

More in Tux Machines

Security Leftovers

  • Why Are Cryptographers Being Denied Entry into the US?

    Is there some cryptographer blacklist? Is something else going on? A lot of us would like to know.

  • Security Engineering: Third Edition

    Today I put online a chapter on Who is the Opponent, which draws together what we learned from Snowden and others about the capabilities of state actors, together with what we’ve learned about cybercrime actors as a result of running the Cambridge Cybercrime Centre. Isn’t it odd that almost six years after Snowden, nobody’s tried to pull together what we learned into a coherent summary?

    There’s also a chapter on Surveillance or Privacy which looks at policy. What’s the privacy landscape now, and what might we expect from the tussles over data retention, government backdoors and censorship more generally?

  • Google halts some business with China's Huawei: report

    Huawei will reportedly no longer be able to access Android updates, the Gmail app, the Google Play store and new versions of Google phones outside of China.

  • Google restricts Huawei's use of Android

    Existing Huawei smartphone users will be able to update apps and push through security fixes, as well as update Google Play services.

    But when Google launches the next version of Android later this year, it may not be available on Huawei devices.

    Future Huawei devices may no longer have apps such as YouTube and Maps.

  • Forget Huawei, The Internet Of Things Is The Real Security Threat
    We've noted for a while how a lot of the US protectionist security hysteria surrounding Huawei isn't supported by much in the way of hard data. And while it's certainly possible that Huawei helps the Chinese government spy, the reality is that Chinese (or any other) intelligence services don't really need to rely on Huawei to spy on the American public. Why? Because people around the world keep connecting millions of internet of broken things devices to their home and business networks that lack even the most rudimentary of security and privacy protections. Week after week we've documented how these devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and wonderful new surveillance opportunities for hackers and state actors.

today's howtos

Android Leftovers

A Look At The MDS Cost On Xeon, EPYC & Xeon Total Impact Of Affected CPU Vulnerabilities

This weekend I posted a number of benchmarks looking at the performance impact of the new MDS/Zombieload vulnerabilities that also included a look at the overall cost of Spectre/Meltdown/L1TF/MDS on Intel desktop CPUs and AMD CPUs (Spectre). In this article are similar benchmarks but turning the attention now to Intel Xeon hardware and also comparing those total mitigation costs against AMD EPYC with its Spectre mitigations. This article offers a look at the MDS/Zombieload mitigations on a 1st Gen Skylake Xeon Scalable server as well as a Kabylake Xeon E3 server for reference. Following that is a look at the total CPU vulnerability mitigation costs for 1st Gen Xeon Scalable, 2nd Gen Xeon Scalable (Cascade Lake), and an AMD EPYC 2P server as well for its Spectre mitigations. As expected given Intel's guidance last week of their latest Xeon processors being mitigated for MDS, indeed, the dual Xeon Platinum 8280 Cascade Lake server reported it was not affected by the MDS mitigations and thus not enabled. So for the MDS tests up first it's just some reference results using a dual Xeon Gold 6138 Skylake server running Ubuntu 19.04 with the Linux 5.0 patched kernel and reference results side-by-side for a separate Xeon E3-1275 v6 server. Read more