Cybersecurity

Electrical power grid hacking meets cyber war politics talk? Or just fear-mongering and fake news? What would happen if someone switches off the power fron your country? Russian hackers behind ‘world’s most murderous malware’ probing U.S. power grid https://www.digitaltrends.com/cool-tech/russian-hackers-us-power-grid/?amp Kremlin Warns of Cyberwar After Report of U.S. Hacking Into Russian Power Grid https://www.nytimes.com/2019/06/17/world/europe/russia-us-cyberwar-grid.html →

https://www.theguardian.com/technology/2015/may/01/encryption-wont-work-if-it-has-a-back-door-only-the-good-guys-have-keys-to- This article from few years back is still relevant, because this same stupid idea becomes re-introduced as proposed “solution” in different countries again and again. It’s impossible to overstate how bonkers the idea of sabotaging cryptography is. Use deliberately compromised cryptography, that has a back door that only the “good guys” are supposed to →

A team of researchers representing several universities has disclosed the details a new type of side-channel attack: Researchers show with RAMBleed that it’s possible to use Rowhammer-style side-channel attacks to read protected memory. RAMBleed takes Rowhammer in a new direction. Rather than using bit flips to alter sensitive data, the new technique exploits the hardware →

This posting is here to collect cyber security news in June 2019. I post links to security vulnerability news to comments of this article. If you are interested in cyber security trends, read my Cyber security trends 2019 posting. You are also free to post related links.   →

I was on 23.5.2019 at Arrow IoT Summit conference at Helsinki Finland. According to event description: “Arrow IoT Summit brings together companies, top speakers and experts to discuss and develop the Internet of Things in Finland. In addition to inspiring examples and experiences from various fields, the event brings out the best IoT technologies and →

https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling This technical deep dive expands on the information in the Microarchitectural Data Sampling (MDS) guidance. Be sure to review the disclosure overview for software developers first and apply any microcode updates from your OS vendor. Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws https://techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/ Intel MDS Vulnerabilities: What You Need →

I was listening an interesting presentation on monday at Helsinki on cyber security of under sea fiber optics cabling. The end result was that it is possible (not always easy or cheap, but technically possible for many countries) and often not illegal on international sea to listen to the traffic on those cables. There are →

This posting is here to collect cyber security news in May 2019. I post links to security vulnerability news to comments of this article. If you are interested in cyber security trends, read my Cyber security trends 2019 posting. You are also free to post related links.   →

https://www.schneier.com/blog/archives/2019/04/china_spying_on.html It seems that supply chain security is an insurmountably hard problem in Internet age. For years, the US and the Five Eyes seems to have had a monopoly on spying on the Internet around the globe. Now other countries seem to want in too. The recent focus on cyber security discussion has been a →

PuTTY is one of most used open-source client-side programs to remotely access computers over secure SSH network protocol from Windows workstations. I use it very often to connect to embedded Linux devices and Linux servers. Based on latest news it might be now a very good idea to update it to latest version 0.71: PuTTY →