Yikes. "The fingerprints of over 1 million people, as well as facial recognition information... was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks." https://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms
Matrix of affected web servers: https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752
"HTTP/2 Denial of Service Advisory"
"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."
@dick_turpin In theory yes. Like you can always clean a computer with ransomware, you just need to be aware that your data will be gone (if you have backups, it shouldn't be a problem). 🤔
@dick_turpin you would still lose your existing data/photos, that are stored there, since they would still be encrypted. no?
Someone was able to put some ransomware in a DSLR Camera, exploiting the PTP protocol implementation.
Nice read about the incident response and investigation into a targeted attack.
Revealed: Microsoft Contractors Are Listening to Some Skype Calls https://www.vice.com/en_us/article/xweqbq/microsoft-contractors-listen-to-skype-calls
"Detecting incognito mode in Chrome 76 with a timing attack"
WPA3 – two new vulnerabilities were discovered:
– CVE-2019-13377: Brainpool curves introduce a second class of side-channel leaks in the Dragonfly handshake of WPA3
– CVE-2019-13456: information leak in FreeRADIUS' EAP-pwd due to aborting when needing more than 10 iterations
– according to @vanhoefm (Twitter), "Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1"
3 reasons for a false sense of security:
– reason 1: Legacy configuration and outdated security tips
– reason 2: No threat model
– reason 3: No checks and no monitoring
Don’t just assume security; actually check it.