https://access.redhat.com/blogs/766093/posts/2914051?sc_cid=7016000000127ECAAY Application threat modeling can be used as an approach to secure software development, as it is a nice preventative measure for dealing with security issues, and mitigates the time and effort required to deal with vulnerabilities that may arise later throughout the application’s production life cycle. Unfortunately, it seems security has no place in →
https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html I did not know this earlier (I knew about another OS inside but did not know which it was): You might not know it, but inside your Intel system, you have an operating system running in addition to your main OS, MINIX. And it’s raising eyebrows and concerns. →
https://spectrum.ieee.org/tech-talk/computing/networks/report-scores-cities-to-figure-out-if-investing-in-technology-makes-them-safer More and more people are migrating to cities. By 2030, 60 percent of the world’s population will live in an urban setting, according to the United Nations. How can these growing cities reduce conflicts, crime, violence, and terrorism? In a word: technology. →
https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-english-primer/ Article on SSL security. It is beyond doubt that it is simply not secure to blindly trust the medium that connects your users to the internet. HTTPS was created to allow HTTP traffic to be transmitted in encrypted form This blog post presents a plain-english primer on how HTTPS protection can be stripped and →
http://www.zdnet.com/article/reaper-botnet-could-be-worse-than-mirai-cyberattack/?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3BMmD%2FR1DIQduoO1k8kb9JCA%3D%3D A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers. Now it’s on track to become one of the largest botnets recorded in recent years. The botnet, dubbed “Reaper” by researchers at Netlab 360, is said to have ensnared almost two million internet-connected webcams, →
https://spectrum.ieee.org/telecom/security/to-secure-the-internet-of-things-we-must-build-it-out-of-patchable-hardware For several years now, the number of things connected to the Internet—including phones, smart watches, fitness trackers, home thermostats, and various sensors—has exceeded the human population. For the most part, this development promises great excitement and opportunity for engineers and society at large. But there is a dark cloud hanging over the IoT: the →
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. The weakness allows attackers to calculate the private portion of any vulnerable key →
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severe vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points. There is a proof-of-concept exploit called KRACK, short for Key Reinstallation Attacks. KRACK →
https://www.troyhunt.com/what-would-it-look-like-if-we-put-warnings-on-iot-devices-like-we-do-cigarette-packets/ So how would warning labels on IoT devices that have had serious security vulnerabilities look? Hilarious and also so needed. “Intrusions can occur anywhere”… Or maybe it doesn’t need to be tech/legalspeak. WARNING! This connects to the INTERNET and BAD THINGS may happen! →
Numerous companies have shamed themselves by posting their sensitive data and encryption keys to public cloud without any protection, where cyber criminals and security researches find them. What is the better way to get a bad dent to the “professional” cover of the data security consultanting company than doing exactly this? And yet those companies →