From Security Weekly Wiki
Jump to navigation
Jump to search
← Older edit
Newer edit →
Revision as of 21:01, 11 August 2016
4,701 bytes added
21:01, 11 August 2016
== Paul's Stories ==
#[https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html Frequent Password Changes Is a Bad Security Idea] - Like what I always said about password change policies: ''"The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation,"''
#[https://nakedsecurity.sophos.com/2016/08/10/facebooks-favorite-hacker-is-back-with-an-ironic-security-hole/ Facebook’s favorite hacker is back – with an ironic security hole]
#[http://www.theregister.co.uk/2016/08/10/ruckus_routers_security/ "Raucous Ruckus router ruckus roundly rumbles: Infosec bod says Wi-Fi kit is weak] - Funny, years ago I found similar bugs
in a similar vendor.
#[http://www.theregister.co.uk/2016/08/11/patch_vbulletin_or_get_popped/ "Patch vBulletin] - Just don't run this softare, like ever.
#[http://www.theregister.co.uk/2016/08/11/linux_malware_never_ok_just_this_once_then_if_we_must/ "Linux malware? That'll never happen. Ok]
#[http://www.theregister.co.uk/2016/08/04/top_infosec_top_bods_praise_and_damn_in_pwnie_awards/ The Pwnies Have Been Awarded] - Uhm, so, best song this year, is well, EPIC: https://www.youtube.com/watch?v=ZNeFHimR4lQ
#[http://www.nytimes.com/2016/08/05/technology/apple-will-pay-a-bug-bounty-to-hackers-who-report-flaws.html Apple Starts A Bug Bounty Program] - ''At the Black Hat hacking conference, Apple announced a list of vulnerabilities that would command big bounties, including $25,000 for ways around Apple’s digital compartments and into its customers’ data, $50,000 for bugs that give hackers a way into iCloud data, and $200,000 to turn over critical vulnerabilities in Apple’s firmware — the software that lies closest to the bare metal of the machine.''
#[http://www.cnet.com/news/rise-of-the-hacking-machines-darpa-cyber-grand-challenge/ Rise Of The Hacking Machines]
#[http://www.theregister.co.uk/2016/08/05/how_many_zeroday_vulns_is_us_govt_sitting_on/ How Many Zero-Day Vulns Is Uncle Sam Sitting On?] - ''Healey acknowledged that we'd probably never know the true number of zero days hoarded by all government agencies. Research shows it's probably not as many as people think. '' Curious to get more details, other than budget analysis, on
how they draw these conclusions. Also, just how many 0days does one government need to be successul and acheive their goals? I mean, if you got one good MS 0day, you can go pretty far.
#[http://www.zdnet.com/article/flaw-in-samsung-pay-lets-hackers-wirelessly-skim-credit-cards/ Flaw In Samsung Pay Lets Hackers Wirelessly Skim Credit Cards] - Someone claims to be able to c
ollect and spoof the payment auth token, creates a video and Samsung says, ''"Samsung Pay is built with the most advanced security features, assuring all payment credentials are encrypted and kept safe, coupled with the Samsung Knox security platform," '' and has not fixed it. WTF.
#[http://www.theregister.co.uk/2016/08/08/oracle_cops_to_micros_pos_breach/ Big Red Alert: Oracle's MICROS Payment Terminal Biz Hacked] - Oops: ''Investigative journo Brian Krebs suspects the infiltration affected as many as 700 computers within Oracle and is the work of a Russian malware gang targeting POS systems.''#[http://www.bbc.com/news/technology-37021957 Project Sauron Malware Was Hidden For Five Years] - State sponsored? We may never know for sure. ''It can disguise itself as benign files and does not operate in predictable ways, making it harder to detect. Experts from Kaspersky Lab and Symantec said it allows the attacker to spy on infected computers.''
#[http://www.theinquirer.net/inquirer/news/2467488/half-of-all-connected-cars-have-security-vulnerabilities Half Of All Connected Cars Have Security Vulnerabilities] - Car manufacturers suc
k at security, is anyone shocked by this?
#[http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/ Microsoft Proves Backdoor Keys Are A Terrible Idea] - ''on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.'' Freakin' sweet!
#[http://www.zdnet.com/article/cyberattacks-are-growing-but-still-nobody-knows-what-they-really-cost/ Nobody Knows What Cyberattacks Really Cost] - ''Future studies, the agency says, should be "done throughout a unified analysis, based on a well-structured methodology, and considering all critical variables that define the EU cyber-space" in order to reflect "the real situation".'' So, yes, thank you captain obvious, its hard, we get it, and we need standards, some practical advice would be great.
== Larry's Stories ==
Retrieved from "
Application Security Weekly
Business Security Weekly
Enterprise Security Weekly
Paul's Security Weekly
Security Weekly News
Security And Compliance Weekly
Tradecraft Security Weekly
Security Weekly Links
About Security Weekly Wiki