• The Morris Worm Turns 30

• DJI Fixes Massive Vulnerability In User Accounts That Could’ve Allowed Hackers To Take Control Of Your Drone And Steal Personal Information

  DJI drones are the hot trend of 21st century. However, as functional and well built they are, some vulnerabilities in them could pose serious threat to your security. As these drones rely on a DJI account to be functional, you can land in serious trouble if a hacker gains access to your account. The hacker may access your drone and fly or crash it into a sensitive more or no fly zone. Not only that, personal information can also be accessed through the exploit and that may put you in more danger.

• Denuvo: Every Download Is A Lost Sale For This Anonymous AAA Title We're Referencing, So Buy Moar Dunuvo!

  The saga of antipiracy DRM company Denuvo is a long and tortured one, but the short version of it is that Denuvo was once a DRM thought to be unbeatable but which has since devolved into a DRM that cracking groups often beat on timelines measured in days if not hours. Denuvo pivoted at that point, moving on from boasting at the longevity of its protection to remarking that even this brief protection offered in the release windows of games made it worthwhile. Around the same time, security company Irdeto bought Denuvo and rolled its services into its offering.

  And Irdeto apparently wants to keep pushing the line about early release windows, but has managed to do so by simply citing some unnamed AAA sports game that it claims lost millions by being downloaded instead of using Denuvo to protect it for an unspecified amount of time.

• Denuvo Research Claims Unnamed “major sports title” Lost $21m in Revenue Because of Piracy [Ed: Amplifying the lies of disgraced DRM firm Denuvo]

  Denuvo, the infamous video game anti-piracy software provider, was acquired by Irdeto earlier this year in January. In a statement posted on Irdeto’s website, the software company shared research results which claim game piracy caused a potential loss of $21 million for an unnamed AAA sports title in the two weeks following its release.

• Chinese drones could be [cracked] to access videos and credit card details

  China's DJI accounts for approximately 70pc of the global commercial and consumer drone industry.

  User accounts for the DJI website and app, used to control and manage drones, were vulnerable to cyber-attacks, giving [crackers] access to live aerial drone footage, location of drone pilots and personal details of owners.

• [Cracker] who launched DDoS attacks against EA, Sony and Steam pleads guilty

  Charged with causing Damage to a Protected Computing, Austin Thompson targeted Valve Software's Steam, the most popular PC gaming portal, as well as Electronic Arts' Origin service and the Sony PlayStation network.

• Britain flashes amber light at Huawei with review of telecoms supply chains

  The British government has launched a probe into the security of supply chains in its fast-evolving telecommunications industry, in a move that will kick-start debate over the key role of Chinese telco giant Huawei in the country's telecoms infrastructure.

  Britain's review comes just months after Australia and the US effectively blocked Huawei and fellow Chinese equipment maker ZTE as suppliers to the rollout of 5G mobile telecoms infrastructure – so it will likely be welcomed by Britain's key intelligence partners.

• Red Hat’s Operating System Gets NIST Data Security Recertification; Paul Smith Quoted

  Red Hat has received Federal Information Processing Standard 140-2 recertification from the National Institute of Standards and Technology for its Enterprise Linux 7.5 operating system.

  Paul Smith, senior vice president and general manager of Red Hat’s public sector in North America, said in a statement published Thursday the FIPS 140-2 recertification seeks to show the capability of the company’s software to deliver “secure computing at both the operating system and layered infrastructure levels.”

• Red Hat Enterprise Linux 7.5 renewed FIPS 140-2 security certifications from National Institute of Standards and Technology

• Secure Shell: What is SSH?

  So, here is my ode to Secure Shell for those that are unaware of SSH (It will not be any kind of artistic prose.) Many outside of the technology world may not realize how oft-utilized and important SSH and, indeed, shelling is in our everyday technological lives. This article will examine SSH and shelling, in general, and go over some of the technical aspects that encompass SSH and secure shell.

• A Columbia cyber firm’s open source project is looking to improve IoT security

  Columbia-based MasterPeace Solutions is working on an open source project to address security vulnerabilities in Internet of Things devices.

  osMUD is aimed at protecting internet-connected devices used at homes and small businesses. The project was shared with the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence, which is based in Rockville, according to MasterPeace.

  Now, the cybersecurity firm will participate in a consortium that was formed around the effort that looks to bring together bring together device manufacturers, network security companies, and network administrators. Participating organizations include Cable Labs, Cisco, CTIA, Digicert, ForeScout, Global Cyber Alliance, Patton, and Symantec. Each organization will provide code and expertise to the effort. MasterPeace is providing network security engineering and defense operations expertise. The longtime government contractor has previously shown willingness to gather the community in recent years with efforts like an in-house accelerator.

• What is a “Dark Web Scan” and Should You Use One?

  The “dark web” consists of hidden websites that you can’t access without special software. These websites won’t appear when you use Google or another search engine, and you can’t even access them unless you go out of your way to use the appropriate tools.

  For example, the Tor software can be used for anonymous browsing of the normal web, but it also hides special sites known as “.onion sites” or “Tor hidden services.” These websites use Tor to cloak their location, and you only access them through the Tor network.

• Reproducible Builds Joins Conservancy

  We are very excited to announce the Reproducible Builds project as our newest member project. Reproducible builds is a set of software development practices that create an independently-verifiable path from the source code to the binary code used by computers. This ensures that the builds you are installing are exactly the ones you were expecting, which is critical for freedom, security and compatibility and exposes injections of backdoors introduced by compromising build servers or coercing developers to do so via political or violent means.

  The Reproducible Builds project, which began as a project within the Debian community, joins our other adjacent work around this distribution, such as the Debian Copyright Aggregation Project. Reproducible Builds is also critical to Conservancy's own compliance work: a build that cannot be verified may contain code that triggers different license compliance responsibilities than those which the recipient is expecting. Unaccounted-for code makes it hard for anyone who distributes software to guarantee that they are doing so responsibly and with care for those who receive the software.

Tuesday morning, as millions of Americans lined up at their polling places to participate in the often quite literally broken democratic process, a new Twitter account tweeted a link to a short manifesto: “today’s voting machines are often insecure, not particularly easy-to-use, and so expensive that they’re often used much longer than they were designed for and election officials are forced to hunt for replacement parts on eBay. The market has failed us.”

The announcement, from a new nonprofit called VotingWorks, ended with a promise to build a “secure, affordable, open-source voting machine” from the ground up. The letter wasn’t signed, but it’s the work of Ben Adida, a software developer who has studied voting machines for more than 20 years and had a PhD from MIT in secure voting.

“I thought this launch would be pretty quiet, I thought it would be buried in the news of the actual election, but already a lot of people have reached out to volunteer to make it happen,” Adida told me on the phone. “It’s super early days, but the response to the announcement shows that people are hungry for this.”

Adida says that VotingWorks plans to use already existing, commodity hardware and open-source software to compete with the proprietary, expensive, and often insecure voting machines that currently dominate the market. He pitches it as an attempt to rethink voting machine from “first principles,” to reconsider what a voting machine is.