Security: Certificates, Spectre, Switzerland and Dark Overlord
-
Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else
Browsers rely on this list of authorities, which are trusted to verify and issue the certificates that allow for secure browsing, using technologies like TLS and HTTPS. Certificate Authorities are the basis of HTTPS, but they are also its greatest weakness. Any of the dozens of certificate authorities trusted by your browser could secretly issue a fraudulent certificate for any website (such as google.com or eff.org.) A certificate authority (or other organization, such as a government spy agency,) could then use the fraudulent certificate to spy on your communications with that site, even if it is encrypted with HTTPS. Certificate Transparency can mitigate some of the risk by requiring public logging of all issued certificates, but is not a panacea.
-
This is bad: the UAE's favorite sleazeball cybermercenaries have applied for permission to break Mozilla's web encryption
Now Darkmatter has applied to Mozilla to become a "Certificate Authority," which means they'd get the ability to produce cryptographically signed certificates that were trusted by default by Firefox and its derivatives, giving them the power to produce cyberweapons that could break virtually any encrypted web session (though Certificate Transparency might expose them if they're careless about it).
And since Moz's root of trust is used to secure Linux updates, this could affect literally billions of operating systems.
-
Spectre is here to stay: An analysis of side-channels and speculative execution
As a result of our work, we now believe that speculative vulnerabilities on today's hardware defeat all language-enforced confidentiality with no known comprehensive software mitigations, as we have discovered that untrusted code can construct a universal read gadget to read all memory in the same address space through side-channels.
-
Experts Find Serious Problems With Switzerland's Online Voting System Before Public Penetration Test Even Begins
The public penetration test doesn’t begin until next week, but experts who examined leaked code for the Swiss internet voting system say it’s poorly designed and makes it difficult to audit the code for security and configure it to operate securely.
-
A Decryption Key for Law Firm Emails in Hacked 9/11 Files Has Been Released
The release of the files was part of an extortion scheme against The Dark Overlord’s hacking victims, and followed the group’s established technique of stealing information and then approaching media outlets with the files in an attempt to exert further pressure on the group’s targets. The Dark Overlord also distributed a set of encrypted folders, ready to be unlocked at a later date, and which they claimed contained more 9/11-linked material.
Now, around two months after the first data dump, someone has released another encryption key for the third layer of stolen material, which appears to contain thousands of emails, at least some of which are between different law firms.
- Login or register to post comments
- Printer-friendly version
- 4903 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago