This week in computer security - Page 19 - RPGWatch Forums
|
Your donations keep RPGWatch running!
RPGWatch Forums » General Forums » Tech Help » This week in computer security

Default This week in computer security

March 4th, 2019, 19:34
Unrelated much but just so you know.
Facebook tried and is trying to stop privacy legislations all over the world:
https://www.theguardian.com/technolo…aws-investment
Social network targeted legislators around the world, promising or threatening to withhold investment
Yea, all your answers to security questions about an account should belong to Facebook and it should be able distibute them to 3rd parties without any penalty.

Here's hope this blackmailer/hating platform that started as a positive company to keep people connected then ended up as big brother gets banned worldwide.
--
Toka Koka
joxer is offline

joxer

joxer's Avatar
The Smoker
Original Sin 1 & 2 Donor

#361

Join Date: Apr 2009
Posts: 22,185
Mentioned: 174 Post(s)

Default 

March 5th, 2019, 00:14
Btw certain home cisco routers have a critical bug with a known exploit; patch is available so if you have a cisco product upgrade (or check for upgrade):
https://www.zdnet.com/article/hacker…rv215-routers/
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#362

Join Date: Oct 2006
Location: usa - no longer boston
Posts: 7,758
Mentioned: 63 Post(s)

Default 

March 7th, 2019, 06:44
On the positive side (you remember the positive side, right?) - it looks like PGP is coming to authentication: https://www.w3.org/2019/03/pressrele…authn-rec.html

If I understand that right, websites don't keep your password anymore. Instead, they keep your public key. The actual authentication is done on your PC/phone/internet-aware-mattress via whatever method you like (I'll leave the mattress' method of ID up to your imagination). Every website gets its own key pair.

I haven't looked yet on what happens if the device that has your keys goes missing.
--
The very powerful and the very stupid have one thing in common: instead of altering their views to fit the facts, they alter the facts to fit their views….
-- Doctor Who in "Face of Evil"
Zloth is offline

Zloth

Zloth's Avatar
I smell a… wumpus!?
RPGWatch Donor

#363

Join Date: Aug 2008
Location: Kansas City
Posts: 6,880
Mentioned: 26 Post(s)
+1:

Default 

March 7th, 2019, 13:09
I didn't read the standard but it sounds like a good start; I guess they will have you answer a security question; you encrypt it with your private key and they decrypt it with your public key?

Wonder how they deal with key loggers and if it will make people more vulnerable once the private key is lost ?

Originally Posted by Zloth View Post
On the positive side (you remember the positive side, right?) - it looks like PGP is coming to authentication: https://www.w3.org/2019/03/pressrele…authn-rec.html

If I understand that right, websites don't keep your password anymore. Instead, they keep your public key. The actual authentication is done on your PC/phone/internet-aware-mattress via whatever method you like (I'll leave the mattress' method of ID up to your imagination). Every website gets its own key pair.

I haven't looked yet on what happens if the device that has your keys goes missing.
Last edited by you; March 7th, 2019 at 21:09.
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#364

Join Date: Oct 2006
Location: usa - no longer boston
Posts: 7,758
Mentioned: 63 Post(s)

Default 

March 7th, 2019, 17:09
"seriously, update your Chrome installs… like right this minute."

https://www.androidauthority.com/goo…ty-963311/amp/

A pretty extreme vulnerability - could grant access to all your data, and pwn your system. Might actually be worth making a newsbit for this one.
--
"And if I laugh at any mortal thing, 'tis that I may not weep."
Ripper is offline

Ripper

Ripper's Avatar
Ngikufisela iwela

#365

Join Date: Nov 2014
Posts: 8,819
Mentioned: 74 Post(s)
+1:

Default 

March 8th, 2019, 21:08
And when you update it - update it again as there was (I think) a second flaw and a second patch


Originally Posted by Ripper View Post
"seriously, update your Chrome installs… like right this minute."

https://www.androidauthority.com/goo…ty-963311/amp/

A pretty extreme vulnerability - could grant access to all your data, and pwn your system. Might actually be worth making a newsbit for this one.
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#366

Join Date: Oct 2006
Location: usa - no longer boston
Posts: 7,758
Mentioned: 63 Post(s)
+1:

Default 

April 24th, 2019, 16:00
https://www.tomshardware.co.uk/opera…ews-60470.html
Asus Wasn't the Only One Struck by Operation ShadowHammer

One of the companies impacted, Electronics Extreme, makes the survival game Infestation: Survivor Stories. The second, Innovative Extremist, is a web and IT infrastructure services provider that has also worked in game development. The third company, Zepetto, is from South Korea and made the video game Point Blank.

According to Kaspersky’s researchers, the attackers either had access to the source code of thee companies’ software or were able to infect their software during compilation. The hackers could have infiltrated the networks of these companies. The researchers noted that this reminded them of how the CCleaner attack happened. Avast’s CCleaner update servers were infiltrated in a similar way, exposing millions of users to a trojanized CCleaner update.

Kaspersky said that three other South Korean companies were targeted, including another video game company, a conglomerate holding company and a pharmaceutical firm. The cybersecurity firm didn't share their names.
While my motherboard is ASUS', I've never installed Asus live update so I was safe on that side, but usual customers who were buying preinstalled ASUS machines on the other hand…
Also note that when I have to intervene somewhere, among first things I do is removing CCleaner. That tool was nice about a decade ago, later became an unwanted burden - and I didn't know there was a security breach.

-----------------------------------------------------------

https://www.tomshardware.co.uk/eu-ce…ews-60467.html
EU To Create One Large Centralized Biometrics Database, Drawing Criticism

The European Parliament has voted to create one large centralized biometrics database that the law enforcement agencies of any member state can access (with some restrictions).
It's awsome and I love the idea.
But it needs to be offline and accessed only through outdated bureaucracy ways. Otherwise, we'll crack it and spy random strangers for fun (and in some cases for $).
--
Toka Koka
joxer is offline

joxer

joxer's Avatar
The Smoker
Original Sin 1 & 2 Donor

#367

Join Date: Apr 2009
Posts: 22,185
Mentioned: 174 Post(s)

Default 

April 28th, 2019, 14:59
I once had this Asus thing, but I disliked it, so I uninstalled it.
--
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction." (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#368

Join Date: Nov 2006
Location: Old Europe
Posts: 19,117
Mentioned: 20 Post(s)

Default 

May 15th, 2019, 19:15
Microsoft patches Windows XP

https://www.theverge.com/2019/5/14/1…curity-patches
--
Developer of The Wizard's Grave Android game. Discussion Thread:
http://www.rpgwatch.com/forums/showthread.php?t=22520
Lucky Day is offline

Lucky Day

Lucky Day's Avatar
Daywatch

#369

Join Date: Oct 2006
Location: The Uncanny Valley
Posts: 5,094
Mentioned: 9 Post(s)

Default 

May 17th, 2019, 03:44
*Reads all the new hardware vulnerabilities*

*Gives my Ryzen CPU a good pat*

"Who's a GOOD boy? Yes YOU are!"
--
_______________
Love old text based RPGs? MUDs? Try Shadows of Kalendale:
https://www.rpgwatch.com/forums/showthread.php?t=14727
Caddy is offline

Caddy

Caddy's Avatar
Broken Screwdriver
Original Sin Donor

#370

Join Date: Feb 2009
Location: Calgary, Alberta
Posts: 2,175
Mentioned: 19 Post(s)

Default 

May 20th, 2019, 10:52
New hardware vulnerabilities hit intel hard:
https://www.engadget.com/2019/05/20/…lnerabilities/
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#371

Join Date: Oct 2006
Location: usa - no longer boston
Posts: 7,758
Mentioned: 63 Post(s)

Default 

June 18th, 2019, 23:16
Critical bug in firefox - if you are a firefox user you should update immediately….
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#372

Join Date: Oct 2006
Location: usa - no longer boston
Posts: 7,758
Mentioned: 63 Post(s)

Default 

February 8th, 2020, 12:53
Security Researchers Expose Vulnerability in Philips Hue Smart Bulbs: https://www.macrumors.com/2020/02/05…e-smart-bulbs/ "A new vulnerability has been discovered in the Philips Hue smart lighting system that could let hackers gain access to the local host network and other devices connected to it."

I may be wrong, but I have a feeling that security is not as well handled in the internet of things as in the internet of computers.

Another example. There is a group in the Norwegian Health Care informatics organisation responsible for evaluating security by trying to break into health care networks. My workplace has in general performed quite well in these tests, but once they were able to break in through some medical technical equipment - don't remember exactly what i was, but it wasn't one of the PC's.

a pibbur whose knowledge about things like this "leaves something to be desired" (he loves that expression).
--
Over the mountain watching the watcher
a pibbur is offline

a pibbur

a pibbur's Avatar
Feeling … lonely?

#373

Join Date: Nov 2019
Posts: 196
Mentioned: 10 Post(s)

Default 

February 8th, 2020, 19:04
Most of the IoT devices have enormous security holes which allows hackers to not only take over the device but access the local network.

An interesting bug (not security hole) that cropped up a couple of days ago is a lot of windows 7 users can no longer perform a shutdown
you is offline

you

Lazy_dog
RPGWatch Donor
Original Sin 2 Donor

#374

Join Date: Oct 2006
Location: usa - no longer boston
Posts: 7,758
Mentioned: 63 Post(s)
+1:

Default 

March 7th, 2020, 16:16
BBC report in Indian scam callcenters : https://www.bbc.com/news/technology-51740214

Should be read by everyone. I have witnessed 2 of these calls on the telephone of my parents myself.
--
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction." (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#375

Join Date: Nov 2006
Location: Old Europe
Posts: 19,117
Mentioned: 20 Post(s)

Default 

March 7th, 2020, 20:53
Originally Posted by Alrik Fassbauer View Post
BBC report in Indian scam callcenters : https://www.bbc.com/news/technology-51740214

Should be read by everyone. I have witnessed 2 of these calls on the telephone of my parents myself.
I get them once or twice a month at work. I always enjoy talking to them and playing dumb. The longer I can keep them busy the more angry and cursing they become

I saw you had a post on 2-factor being hacked but I still believe its the best security measure you can do. I recommend using an authenticator app with push-notification, and sms as backup. Most email probiders supports this now.
hishadow is offline

hishadow

Level N+1

#376

Join Date: Mar 2008
Location: Scandinavia
Posts: 1,163
Mentioned: 1 Post(s)

Default 

March 25th, 2020, 15:04
Bug in SSDs by Hewlett Packard : They … "destroy themselves" … after exactly 40.000 hours : https://support.hpe.com/hpesc/public…a00097382en_us
--
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction." (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#377

Join Date: Nov 2006
Location: Old Europe
Posts: 19,117
Mentioned: 20 Post(s)

Default 

April 1st, 2020, 03:32
They fixed the firmware such that the drives only fail at 40.000 hours + Math.rand(seed) now.
posfan12 is offline

posfan12

posfan12's Avatar
Watchdog

#378

Join Date: Aug 2010
Posts: 170
Mentioned: 2 Post(s)
+1:

Default 

April 1st, 2020, 03:38
I think they're taking the "planned obsolescence" thing a bit too far!
--
The very powerful and the very stupid have one thing in common: instead of altering their views to fit the facts, they alter the facts to fit their views….
-- Doctor Who in "Face of Evil"
Zloth is offline

Zloth

Zloth's Avatar
I smell a… wumpus!?
RPGWatch Donor

#379

Join Date: Aug 2008
Location: Kansas City
Posts: 6,880
Mentioned: 26 Post(s)

Default 

April 16th, 2020, 10:02
Account data from the service "zoom" have been found online.
I don't have any English-language link yet.
--
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction." (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#380

Join Date: Nov 2006
Location: Old Europe
Posts: 19,117
Mentioned: 20 Post(s)
RPGWatch Forums » General Forums » Tech Help » This week in computer security
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 10:20.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.
vBulletin Security provided by DragonByte Security (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging (Lite) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright by RPGWatch