Security

0

If you've gone to YouTube to watch an unofficial upload of a TV episode, or even a single scene from your favourite anime, you've probably seen the weird things uploaders do to stop YouTube from taking down their videos. Your show might be sped up a bit, the voices pitched down, the video flipped horizontally or covered in digital snowfall. Maybe you suffered through it, recognising that this degraded quality is a necessary sacrifice to avoid YouTube's copyright bots. The bad news is, it was probably completely unnecessary.

1

Israeli security firm Checkmarx has found that it's possible to reconstruct someone's Tinder session, including access to photos, by capturing traffic if you're connected to the same Wi-Fi network. The issue affects both the iOS and Android version of the app with a proof-of-concept app, dubbed TinderDrift, created to highlight how the flaw can be used.

Shared from

1

I was in Hawaii on a family holiday the day of the ballistic missile threat. The alert interrupted our breakfast at Denny’s and we returned to chaos in our hotel, where we were advised to shelter in the bathroom.

I started writing a message to loved ones which I was about to send when it was confirmed it was a false alarm. The experience shows how important it is to be aware of emergency procedures. Here’s what it was like in those 38 minutes of fear.

3

After more than three decades as the leader in desktop and laptop processors, Intel's reputation is in big trouble. Following on the heels of the Spectre and Meltdown vulnerabilities, F-Secure has revealed a new flaw that allows a hacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM (Trusted Platform Module) PINs.

It affects most, if not all laptops that support Intel Management Engine/Intel AMT. Here's what you need to know.

0

While WhatsApp boasts great end-to-end encryption of messages which is great for those who crave privacy - but a source of chagrin for many in the law enforcement community - it seems the messaging service is susceptible to attacks on user privacy. A research paper released at a security event this week describes how group chats can be leveraged by snoops.

2

Spectre and Meltdown are the collective names for three different vulnerabilities found in the processors powering a vast number of the computing devices we rely on, from desktop and notebook PCs through to smartphones and other gadgets. And while many people are aware that these vulnerabilities exist and that tech companies are doing their best to plug the leaky bits of code, many aren't really clear on what the problems are.

What follows is a plain English guide to Spectre and Meltdown.

0

The biggest tech news of the summer has, arguably, been the revelation that CPUs in a massive number of computer systems are susceptible to three different vulnerabilities. Two of these, CVE 2017-5753 and CVE 2017-5715, have been dubbed Spectre with the third, CVE 2017-5754, given the Meltdown moniker. Tech companies around the world have been scrambling to provide mitigations to these vulnerabilities. Microsoft has provided some detail on what they've done and what performance impact you can expect.

0

Red and Blue teaming is a commonly used technique for honing the skills of information security teams. But setting them up and ensuring you have access to enough appropriately skilled participants can be a challenge for many businesses. Cisco has worked to allay some of those challenges through the establishment of Cyber Range - an environment that simulates over 50 real world threat scenarios. And, last year, they let teams of high school students loose in Cyber Range during a Cyber Games competition held at La Trobe University.

0

While we were sleeping Apple dropped an update for iOS users that addresses Spectre - the two vulnerabilities that make it possible for items in kernel memory to be available to user processes. Although there aren't any known exploits for this, and the related Meltdown vulnerability, in the wild the update is an important one for all iOS users.

3

If you've got a Western Digital My Cloud, you'd best hit the software update button and install the latest firmware upgrade. Security researcher James Bercegay says over a dozen different models have a hard coded back door that lets anyone log in using a specific username/password combination.

Shared from Gizmodo

1

Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google's Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory -- which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

Shared from Gizmodo

0

This week, news of massive security vulnerabilities afflicting every modern model of Intel processor went public, even as developers for practically every major platform frantically rushed to roll out fixes. Much more information has now become available about Meltdown and Spectre, a group of attack methods malicious parties could use to break into some of the most sensitive inner workings of any device using the affected CPUs.

Shared from Gizmodo

2

There's small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow "normal user programs - from database applications to JavaScript in web browsers - to discern to some extent the layout or contents of protected kernel memory areas," the Register reports.

Shared from Gizmodo

1

The latest nasty security scourge plaguing the internet is cryptojacking. By running hidden code on a seemingly ordinary webpage, hackers and disreputable webmasters can highjack your CPU's processing power in order to mine cryptocurrency, line their own pockets, and kill your performance. Opera is now the first web browser with a built-in tool to fight off this practice - and hopefully it won't be the last.

0

Ransomware is one of the most damaging threats to our data. And while it used to be about attacks on single devices, we saw the threat evolve this year with the WannaCry and Petya/Not Petya attacks where threat actors found new ways to weaponise other vulnerabilities to deliver ransomware payloads that cost businesses hundreds of millions of dollars. And cloud services are fuelling both the attackers and defenders in their strategies.