From Security Weekly Wiki
Jump to navigationJump to search
  1. Locked Computers - Schneier on Security - Best part is from the comments: The problem? Mice were stolen regularly. We've made a contraption: got out one unused backplate from each case, drilled two holes through it and ran mouse cable through them (plus some rubber padding). Then we screwed the backplates back in and closed the cases. The cable run from the serial port plug through the drilled backplate (in and out) and then to the mouse itself. You couldn't steal the mouse now without cutting the cable or opening the locked case. Problem solved - for some time.Some time later someone - probably out of frustration that he can't steal mice - stole all the balls from them. That was over the top. We've closed the venue and posted a message "Closed until all balls are returned". Some patrons must have got really angry at the thief and had a few pleasant words with him - the balls were found in a bag near the door next morning...
  2. Choosing Imagery for Your Security Awareness Program - If the only tip you take from this article is this, you are winning: Instead, look for imagery that works to evoke emotion. You can do this with imagery that is positive, colorful, and inviting. Unexpected image compositions can also help give a modern look and feel to your campaign.
  3. Top 5 Configuration Mistakes That Create Field Days for Hackers - Sometimes I believe we complicate security too much. This article highlights 1. Default passwords 2. Password re-use 3. Exposed remote management services 4. Missing patches 5. Logging disabled or non-existent.
  4. Quantifying Measurable Security - Okay, but so why is Android not-so-secure? Both Android and Chrome OS have dedicated security teams who are tasked with continually enhancing the security of these operating systems through new features and anti-exploitation techniques. In addition, each team leverages a mature and comprehensive security development lifecycle process to ensure that security is always part of the process and not an afterthought.
  5. Facial recognition will not ensure public safety and heres why - This is why it will never work: Detecting faces means also detecting emotions: if you look worried, angry or nervous, the machine will spot it, and think maybe, you’re up to no good…
  6. WordPress 5.2 Brings New Security Features | SecurityWeek.Com - For the first release, WordPress will (by default) soft-fail if the signature is not valid. In future releases, the default will be configured to a hard failure. The reason for this unsafe default is to ensure updates aren't blocked if there’s a bug in the update code, Okay great, you are validating software updates. WTF, is this really how attackers are exploiting Wordpress? No. It's through the plugins. Good solution, wrong problem to solve.
  7. Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware
  8. Securing satellites: The new space race - Help Net Security - Okay, sign me up: For hackers with deeper pockets, they could realistically launch their own CubeSat into orbit and then conduct hacking operations from there. The benefits are primarily related to proximity to other satellites and not having to wait for a satellite to pass over the ground station to perpetrate an attack. Whatever the method, compromising a satellite is now a realistic and attainable opportunity for hackers.
  9. MobileIron introduces zero sign-on technology to eliminate passwords - Help Net Security
  10. How to Communicate Privately in the Age of Digital Policing
  11. Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked - This is not a big deal for two reasons: 1) Most Alpine containers do not contain a shell (and certainly you can configure them that way), minimizing the likelyhood that PAM can even be accessed to exploit this flaw 2) This only gets you "root" inside the container, not the host system or any other containers.
  12. Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - VICE
  13. San Diego man arrested after rifle-shaped bong causes gun scare - I mean okay, for one marijuana is legal in CA. Two, I mean people in CA love their weed, so I can see people getting bored and being like "Dude, ya know man, we should get a bong that's a rifle, like a rifle bong". And if you do that in comfort of your own home, not having to drive or have much other responsibilities, I'm cool with it. However, they smoked out of this thing in a hotel room in full view of a WINDOW. Common sense was absent that day.
  14. 'Software delivered to Boeing' now blamed for 737 MAX warning fiasco
  15. Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers
  16. Extinguishing the IoT Insecurity Dumpster Fire
  17. Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2 - If you're going to run Linux, just run Linux... I do want to see a lower cost device, that actually works, that is a small computer that sits in a PCIe slot that you can run Linux on. Heck, I run Linux and I'd still buy one just to have an extra Linux box in my computer.
  18. Amazon workers purloin $100,000 worth of Apple Watches | Cult of Mac