This week in computer security - Page 19 - RPGWatch Forums
|
Your donations keep RPGWatch running!
RPGWatch Forums » General Forums » Tech Help » This week in computer security

Default This week in computer security

March 4th, 2019, 19:34
Unrelated much but just so you know.
Facebook tried and is trying to stop privacy legislations all over the world:
https://www.theguardian.com/technolo…aws-investment
Social network targeted legislators around the world, promising or threatening to withhold investment
Yea, all your answers to security questions about an account should belong to Facebook and it should be able distibute them to 3rd parties without any penalty.

Here's hope this blackmailer/hating platform that started as a positive company to keep people connected then ended up as big brother gets banned worldwide.
--
Toka Koka
joxer is offline

joxer

joxer's Avatar
The Smoker
RPGWatch Donor
Original Sin 1 & 2 Donor

#361

Join Date: Apr 2009
Posts: 20,316
Mentioned: 120 Post(s)

Default 

March 5th, 2019, 00:14
Btw certain home cisco routers have a critical bug with a known exploit; patch is available so if you have a cisco product upgrade (or check for upgrade):
https://www.zdnet.com/article/hacker…rv215-routers/
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#362

Join Date: Oct 2006
Location: usa - boston
Posts: 6,565
Mentioned: 37 Post(s)

Default 

March 7th, 2019, 06:44
On the positive side (you remember the positive side, right?) - it looks like PGP is coming to authentication: https://www.w3.org/2019/03/pressrele…authn-rec.html

If I understand that right, websites don't keep your password anymore. Instead, they keep your public key. The actual authentication is done on your PC/phone/internet-aware-mattress via whatever method you like (I'll leave the mattress' method of ID up to your imagination). Every website gets its own key pair.

I haven't looked yet on what happens if the device that has your keys goes missing.
--
The very powerful and the very stupid have one thing in common: instead of altering their views to fit the facts, they alter the facts to fit their views….
-- Doctor Who in "Face of Evil"
Zloth is offline

Zloth

Zloth's Avatar
I smell a… wumpus!?

#363

Join Date: Aug 2008
Location: Kansas City
Posts: 6,153
Mentioned: 18 Post(s)
+1:

Default 

March 7th, 2019, 13:09
I didn't read the standard but it sounds like a good start; I guess they will have you answer a security question; you encrypt it with your private key and they decrypt it with your public key?

Wonder how they deal with key loggers and if it will make people more vulnerable once the private key is lost ?

Originally Posted by Zloth View Post
On the positive side (you remember the positive side, right?) - it looks like PGP is coming to authentication: https://www.w3.org/2019/03/pressrele…authn-rec.html

If I understand that right, websites don't keep your password anymore. Instead, they keep your public key. The actual authentication is done on your PC/phone/internet-aware-mattress via whatever method you like (I'll leave the mattress' method of ID up to your imagination). Every website gets its own key pair.

I haven't looked yet on what happens if the device that has your keys goes missing.
Last edited by you; March 7th, 2019 at 21:09.
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#364

Join Date: Oct 2006
Location: usa - boston
Posts: 6,565
Mentioned: 37 Post(s)

Default 

March 7th, 2019, 17:09
"seriously, update your Chrome installs… like right this minute."

https://www.androidauthority.com/goo…ty-963311/amp/

A pretty extreme vulnerability - could grant access to all your data, and pwn your system. Might actually be worth making a newsbit for this one.
--
"Orwell was almost exactly wrong in a strange way. He thought the world would end with Big Brother watching us, but it ended with us watching Big Brother." Alan Moore
Ripper is offline

Ripper

Ripper's Avatar
Ngikufisela iwela

#365

Join Date: Nov 2014
Posts: 8,043
Mentioned: 54 Post(s)
+1:

Default 

March 8th, 2019, 21:08
And when you update it - update it again as there was (I think) a second flaw and a second patch


Originally Posted by Ripper View Post
"seriously, update your Chrome installs… like right this minute."

https://www.androidauthority.com/goo…ty-963311/amp/

A pretty extreme vulnerability - could grant access to all your data, and pwn your system. Might actually be worth making a newsbit for this one.
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#366

Join Date: Oct 2006
Location: usa - boston
Posts: 6,565
Mentioned: 37 Post(s)
+1:

Default 

April 24th, 2019, 16:00
https://www.tomshardware.co.uk/opera…ews-60470.html
Asus Wasn't the Only One Struck by Operation ShadowHammer

One of the companies impacted, Electronics Extreme, makes the survival game Infestation: Survivor Stories. The second, Innovative Extremist, is a web and IT infrastructure services provider that has also worked in game development. The third company, Zepetto, is from South Korea and made the video game Point Blank.

According to Kaspersky’s researchers, the attackers either had access to the source code of thee companies’ software or were able to infect their software during compilation. The hackers could have infiltrated the networks of these companies. The researchers noted that this reminded them of how the CCleaner attack happened. Avast’s CCleaner update servers were infiltrated in a similar way, exposing millions of users to a trojanized CCleaner update.

Kaspersky said that three other South Korean companies were targeted, including another video game company, a conglomerate holding company and a pharmaceutical firm. The cybersecurity firm didn't share their names.
While my motherboard is ASUS', I've never installed Asus live update so I was safe on that side, but usual customers who were buying preinstalled ASUS machines on the other hand…
Also note that when I have to intervene somewhere, among first things I do is removing CCleaner. That tool was nice about a decade ago, later became an unwanted burden - and I didn't know there was a security breach.

-----------------------------------------------------------

https://www.tomshardware.co.uk/eu-ce…ews-60467.html
EU To Create One Large Centralized Biometrics Database, Drawing Criticism

The European Parliament has voted to create one large centralized biometrics database that the law enforcement agencies of any member state can access (with some restrictions).
It's awsome and I love the idea.
But it needs to be offline and accessed only through outdated bureaucracy ways. Otherwise, we'll crack it and spy random strangers for fun (and in some cases for $).
--
Toka Koka
joxer is offline

joxer

joxer's Avatar
The Smoker
RPGWatch Donor
Original Sin 1 & 2 Donor

#367

Join Date: Apr 2009
Posts: 20,316
Mentioned: 120 Post(s)

Default 

April 28th, 2019, 14:59
I once had this Asus thing, but I disliked it, so I uninstalled it.
--
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction." (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#368

Join Date: Nov 2006
Location: Old Europe
Posts: 18,499
Mentioned: 13 Post(s)

Default 

May 15th, 2019, 19:15
Microsoft patches Windows XP

https://www.theverge.com/2019/5/14/1…curity-patches
--
Developer of The Wizard's Grave Android game. Discussion Thread:
http://www.rpgwatch.com/forums/showthread.php?t=22520
Lucky Day is offline

Lucky Day

Lucky Day's Avatar
Daywatch

#369

Join Date: Oct 2006
Location: The Uncanny Valley
Posts: 4,834
Mentioned: 6 Post(s)

Default 

May 17th, 2019, 03:44
*Reads all the new hardware vulnerabilities*

*Gives my Ryzen CPU a good pat*

"Who's a GOOD boy? Yes YOU are!"
--
_______________
Love old text based RPGs? MUDs? Try Shadows of Kalendale:
https://www.rpgwatch.com/forums/showthread.php?t=14727
Caddy is offline

Caddy

Caddy's Avatar
Broken Screwdriver
Original Sin Donor

#370

Join Date: Feb 2009
Location: Calgary, Alberta
Posts: 2,008
Mentioned: 15 Post(s)
RPGWatch Forums » General Forums » Tech Help » This week in computer security
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 08:40.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
vBulletin Security provided by DragonByte Security (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging (Lite) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright by RPGWatch