This posting is here to collect cyber security news in July 2019. I post links to security vulnerability news to comments of this article. If you are interested in cyber security trends, read my Cyber security trends 2019 posting. You are also free to post related links. →
Linux PCs, Servers, Gadgets Can Be Crashed by ‘Ping of Death’ Network Packets writes that it is possible to crash and slow-down network-facing Linux servers, PCs, smartphones and tablets, and gadgets, by sending them a series of maliciously crafted packets. Netflix has published a security paper with many details. There are four vulnerabilities, three of →
Earlier it was said “customer is always right” but now the in digitak world it seems to have turned to “always claim it is user’s fault”. “The simple act of using Facebook, Snyder claimed, negated any user’s expectation of privacy. An outside party can’t violate what you yourself destroyed, Snyder seemed to suggest.” IN COURT, →
Electrical power grid hacking meets cyber war politics talk? Or just fear-mongering and fake news? What would happen if someone switches off the power fron your country? Russian hackers behind ‘world’s most murderous malware’ probing U.S. power grid https://www.digitaltrends.com/cool-tech/russian-hackers-us-power-grid/?amp Kremlin Warns of Cyberwar After Report of U.S. Hacking Into Russian Power Grid https://www.nytimes.com/2019/06/17/world/europe/russia-us-cyberwar-grid.html →
https://www.theguardian.com/technology/2015/may/01/encryption-wont-work-if-it-has-a-back-door-only-the-good-guys-have-keys-to- This article from few years back is still relevant, because this same stupid idea becomes re-introduced as proposed “solution” in different countries again and again. It’s impossible to overstate how bonkers the idea of sabotaging cryptography is. Use deliberately compromised cryptography, that has a back door that only the “good guys” are supposed to →
A team of researchers representing several universities has disclosed the details a new type of side-channel attack: Researchers show with RAMBleed that it’s possible to use Rowhammer-style side-channel attacks to read protected memory. RAMBleed takes Rowhammer in a new direction. Rather than using bit flips to alter sensitive data, the new technique exploits the hardware →
This posting is here to collect cyber security news in June 2019. I post links to security vulnerability news to comments of this article. If you are interested in cyber security trends, read my Cyber security trends 2019 posting. You are also free to post related links. →
I was on 23.5.2019 at Arrow IoT Summit conference at Helsinki Finland. According to event description: “Arrow IoT Summit brings together companies, top speakers and experts to discuss and develop the Internet of Things in Finland. In addition to inspiring examples and experiences from various fields, the event brings out the best IoT technologies and →
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling This technical deep dive expands on the information in the Microarchitectural Data Sampling (MDS) guidance. Be sure to review the disclosure overview for software developers first and apply any microcode updates from your OS vendor. Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws https://techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/ Intel MDS Vulnerabilities: What You Need →
I was listening an interesting presentation on monday at Helsinki on cyber security of under sea fiber optics cabling. The end result was that it is possible (not always easy or cheap, but technically possible for many countries) and often not illegal on international sea to listen to the traffic on those cables. There are →