Security Leftovers and DRM
-
Why Web Browser Padlocks Shouldn’t Be Trusted
On Monday, the Anti-Phishing Working Group (APWG) released a study (PDF) that tracked a large uptick in phishing attacks in Q2 of 2020. The surge involves rogue sites using the cryptographic protocol Transport Layer Security or TLS, most commonly referred to by its legacy name Secure Sockets Layer, or SSL.
SSL padlocks indicate that a browser is using a secure and encrypted communication pipe to the server hosting the desired website. SSL warnings are also complemented by the additional “HTTPS” indication within a browser address bar, meaning the browser is transmitting information safely using Hypertext Transfer Protocol Secure.
According to the APWG report, 80 percent of phishing sites used SSL certificates in Q2. Attacks ranged from phishing lures pointing to bogus wire-transfer sites, to social-media platforms Facebook and WhatsApp being pelted with links to shady domains.
-
Security updates for Thursday
Security updates have been issued by Debian (ruby-json-jwt and ruby-rack-cors), Fedora (xen), SUSE (aspell and tar), and Ubuntu (ruby-gon, ruby-kramdown, and ruby-rack).
-
Who’s Behind Monday’s 14-State 911 Outage?
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States.
-
PowerShell Backdoor Launched from a ShellCode
Here is a practical example found in the wild. The initial PowerShell script has a VT score of 8/59 (SHA256:f4a4fffaa31c59309d7bba7823029cb211a16b3b187fcbb407705e7a5e9421d3). The script is not heavily obfuscated but the technique used is interesting. It uses the CSharpCodeProvider[1] class: [...]
-
Russian Who [Cracked] LinkedIn, Dropbox Gets 88-Month Prison Term
A Russian [attacker] was sentenced to more than seven years in a U.S. prison for stealing the logins of 117 million users of LinkedIn, Dropbox and the defunct social media site Formspring, according to federal prosecutors.
Yevgeniy Nikulin, 32, was convicted in July after a six-day jury trial in San Francisco in what was said to be one of the largest data breaches in U.S. history.
-
WhatsApp update lets you delete images and videos on other people's phones
A new WhatsApp update will allow users to delete an image, video or gif on someone else’s phone after sending it to them.
The Expiring Media feature, first spotted by the website WaBetaInfo, causes media to disappear after being viewed within a chat.
In order to enable the feature, the sender needs to select a “view once” button when sending the image, video or gif.
[...]
These features are developed in such a way that users are unable to take a screenshot of the media in order to save the image to their phone or device.
- Login or register to post comments
- Printer-friendly version
- 2560 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago