securityweek.com · Domains · Slashdot Mirror

Cloudflare Launches Security Service for Tor Users by Freshly+Exhumed · 2018-10-22 19:33 · Score: 1 · on UK ISP Tests SIM Card That Forces All of Your Mobile Data Through Tor (vice.com)

If only every site would look into activating this new Cloudflare-Tor solution:

https://www.securityweek.com/c...

It has to be activated on the server side, so if you're tired of endless ReCAPTCHA loops of fire hydrants, buses, stairs, chimneys, traffic lights, etc. etc. then ask the site(s) to enable it.

Really ? by jmccue · 2018-08-31 06:21 · Score: 1 · on US Accuses China of 'Super Aggressive' Spy Campaign on LinkedIn (reuters.com)

Really, worried about someone scraping linkdein ? Why bother just search for the data: securityweek.com

Only one company to blame for this, it is not China

Re:HDHomeRun calls home by Anonymous Coward · 2018-06-17 14:42 · Score: 0 · on Gaming Companies Remove Analytics App After Massive User Outcry (bleepingcomputer.com)

CSRF is irrelevant for IOT devices and native apps, and cUrl, etc. They are not browsers, and it's the popular consumer browsers that enforce CSRF. CSRF is a crock.

With all due respect you are confused. There have been multiple well known instances of CE vendors removing or protecting functionality from their modems since it could be leveraged remotely by malicious websites.

https://www.securityweek.com/a...

Browser features can in fact be used to protect the end user from CSRF but only when the system has been designed to leverage them.

The fact that a device can be accessed without authentication or prior authorization in a network by itself does not make it vulnerable to malicious websites. The problem isn't that something like HDHomeRun can be access locally without authentication. It's that it can be leveraged by malicious sites without the user having any clue.

We can't guess whether you are referring to: the HDHomeRun devices

Obviously HDHomeRun devices themselves.

If you have proof, and it's like this on iOS, let Apple know. Google don't care.

Anyone with half a brain and wireshark can check for themselves. You could also just follow the URL to the API I posted and see what it gets you.

This all started out of curiosity... when you visit http://my.hdhomerun.com/ how is it that your device information is being shown to you? The answers came with very little effort from that point forward.

Re:Transmission by Curupira · 2018-02-21 22:55 · Score: 1 · on uTorrent Client Affected by Some Pretty Severe Security Flaws (bleepingcomputer.com)

Has this vulnerability in Transmission been fixed? https://www.securityweek.com/c...

Throwing away the mod points I've used in this thread so I can answer you:
Yes, it was.

Re:Transmission by Walter+White · 2018-02-21 15:16 · Score: 1 · on uTorrent Client Affected by Some Pretty Severe Security Flaws (bleepingcomputer.com)

Has this vulnerability in Transmission been fixed? https://www.securityweek.com/c...

Re:32-Bit is like what 16-Bit was in the late 90s by Hal_Porter · 2018-01-26 04:00 · Score: 1 · on Apple Prepares MacOS Users For Discontinuation of 32-Bit App Support (arstechnica.com)

There's nothing to stop you having more than one stack. MIPS chips don't have a hardware stack at all - you just have a bunch of registers and you do operations on them. The ABI defines one register as a stack but it could easily define another. Or it could define several.

Still even on MIPS having two stacks is a breaking ABI change.

On Intel they've added new register and new instructions. And it seems like once you enable CET you can't run non CET code. I.e. it's a like the switch from x86 mode to x64 where you can't run old code - everything needs to be recompiled. In the CET paper they have a bitmap to mark 4K code pages as either CET or 'legacy code'

3.6.1 Legacy Code Page Bitmap Format

The legacy code page bitmap is a flat bitmap whose linear address is pointed to by the EB_LEG_BITMAP_BASE.
Each bit in the bitmap represents a 4K page in linear memory. If the bit is 1 it indicates that
the corresponding code page is a legacy code page; else it is a CET-enabled code page.
The processor uses the linear address of the instruction to which legacy transfer was attempted to lookup the bitmap. Bits of the linear address used as index in the bitmap are as follows.

They have to have that because you can't in general execute legacy code once CET is enabled because legacy code might innocently break the CET rules it doesn't know about. E.g. all indirect branches have to end at an ENDBRANCH instruction

http://www.securityweek.com/in...

Additionally, Patel explains that a new instruction was added to ISA, namely the ENDBRANCH instruction, which would mark legal target for an indirect branch or jump. âoeThus if ENDBRANCH is not target of indirect branch or jump, the CPU generates an exception indicating unintended or malicious operation. This specific instruction has been implemented as NOP on current Intel processors for backwards compatibility (similar to several MPX instructions) and pre-enabling of software,â he notes.

Actually if you're going to do that you could enforce code signing for usermode too - the OS could verify the signature when it loaded the executable and would page code into memory it subsequently marked read only.

Kernel mode code has always been signed in 64 bit windows - they knew the switch from x86 to x64 was a breaking change so they decided to enforce that too.

Windows S will only run Win32 code if it is signed by Microsoft and they use that to stop any third party applications. Maybe they could have a more open system which still enforces code signing.

It'd suck for WIn32 developers because they'd need to pay for a certificate like you do for kernel mode code.

Re:Zhaoxin by Hal_Porter · 2018-01-06 08:52 · Score: 5, Informative · on Linus Torvalds Says Intel Needs To Admit It Has Issues With CPUs (itwire.com)

Chinese companies just put in backdoors for the Chinese government, organised crime, your Chinese competitors and so on.

https://thehackernews.com/2015...

http://www.zdnet.com/article/f...

http://www.securityweek.com/ap...

http://www.businessinsider.com...

https://tvnewswatch.blogspot.c...

Please no spoofing of GPS... by ClarkMills · 2018-01-04 19:13 · Score: 5, Insightful · on SpaceX's Latest Advantage? Blowing Up Its Own Rocket, Automatically (qz.com)

I'm sure it's been sorted but this comes to mind:

Reports Say U.S. Drone was Hijacked by Iran Through GPS Spoofing.

(The nabbing of a drone by spoofed GPS signals)

Is Google on the List by number17 · 2017-11-23 06:24 · Score: 1 · on Firefox Will Warn Users When Visiting Sites That Suffered a Data Breach (bleepingcomputer.com)

Will I receive a warning every time I perform a search in Firefox's default search field? That will get annoying fast.
Google Employees Hit by Sabre Breach - http://www.securityweek.com/go...

What about submitting a Firefox bug? They've been breached too.
Mozilla admits bug-tracker breach led to attacks against Firefox users - https://www.computerworld.com/...

CIA impersonated Kaspersky? by Mr307 · 2017-11-14 07:50 · Score: 1 · on About 15 Percent of US Agencies Detected Kaspersky Software on Networks (reuters.com)

http://www.securityweek.com/wi...

If we did a fair comparison of who has broken more 'trust', I wonder who would come out on top. I dont recall the last time the 'am I secure' landscape looked so uncertain.

Not extortion, but currency manipulation by Anonymous Coward · 2017-06-08 07:00 · Score: 0 · on What the Hell Is Happening To Cryptocurrency Valuations? (techcrunch.com)

One explanation of Wannacry is that the purpose is not the direct collection of ransoms, but to manipulate the value of Bitcoin by causing a surge in the number of new users. Note that the value of Bitcoin doubled over the period in question.

Entries for hosts that block this by Anonymous Coward · 2016-12-28 10:45 · Score: 0 · on Destructive KillDisk Malware Turns Into Ransomware (securityweek.com)

0.0.0.0 lelantos.org
0.0.0.0 srv70.putdrive.com
0.0.0.0 api.telegram.org
0.0.0.0 putdrive.com
0.0.0.0 telegram.org
0.0.0.0 smtp-mail.outlook.com
0.0.0.0 api.telegram.org
0.0.0.0 telegram.org

* Per source article(s) from https://www.incapsula.com/blog/650gbps-ddos-attack-leet-botnet.html/ http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/ https://cyberx-labs.com/en/blog/new-killdisk-malware-brings-ransomware-into-industrial-domain/ http://www.securityweek.com/destructive-killdisk-malware-turns-ransomware/ as this malware/botnet descends from others before it...

APK

P.S.=> Those are it's C&C's + other compromised sites/hosts/domains-subdomains & THIS IS THE 10th BOTNET HOSTS CONQUER IN THE PAST 2++ WEEKS - here's the others (many before it, but not as many as recently so fast & clustered together) https://news.slashdot.org/comments.pl?sid=10020701&cid=53529963/

Re:Missing an M? by Anonymous Coward · 2016-05-18 16:42 · Score: 1 · on Updated Skimer Malware Infects ATMs Worldwide (thestack.com)

What's a Skimer?

Using the magical oracle known as "Google", we find the answer to that question is...
ATM malware
ATM malware
ATM malware
ATM malware
ATM malware
ATM malware
(you probably get the idea by now: "Skimer" is ATM malware)

Re:Michael Jace was several years ago. by macs4all · 2016-05-06 04:00 · Score: 1 · on LAPD Hacked An iPhone 5s Before The FBI Hacked San Bernardino Terrorist's iPhone 5c (latimes.com)

This is a complex proprietary system, so it's already less secure than mature industry standards.

Oh, you mean like those "Mature industry standards" ssl and ssh?

Wrong subsequent links by kav2k · 2016-03-17 01:46 · Score: 4, Informative · on Pwn2Own Day 1: Hackers Earn $280k For Hacking Chrome, Flash, Safari (securityweek.com)

All three links lead to the same article, which seems to be a copy&paste oversight.

I believe the second link was meant to be http://www.securityweek.com/ha... and the third http://www.securityweek.com/re...

Wrong subsequent links by kav2k · 2016-03-17 01:46 · Score: 4, Informative · on Pwn2Own Day 1: Hackers Earn $280k For Hacking Chrome, Flash, Safari (securityweek.com)

All three links lead to the same article, which seems to be a copy&paste oversight.

I believe the second link was meant to be http://www.securityweek.com/ha... and the third http://www.securityweek.com/re...

Re:Is that by Parafilmus · 2016-02-23 13:19 · Score: 1 · on Bill Gates Sides With FBI In Apple Spat (ft.com)

You can show that actual harmful data is being sent and not just the telemetry that MS claims, right?

How about this:

When you encrypt a disk using Windows Home, Microsoft silently transmits the key to themselves, in case they ever need to decrypt your disk in the future. http://www.securityweek.com/mi...

Does that count as harmful? The data is not anonymous. Its transmitted silently, and it can be used to compromise the user's privacy. That at least lands in the "potentially harmful" category, right?

Re:No mention of the merchants? by gstoddart · 2016-02-16 08:23 · Score: 1 · on Year-Old Critical Magento Flaw Still Exploited, Payment Info Stolen

I'd like to avoid those merchants since they're potentially putting me at risk.

Are they on the internet? Then they're probably putting you at risk.

If big players like Amazon can get security breeches, that mom and pop shop which had a college student build them an e-commerce site hasn't got a chance.

Plan accordingly. Small security holes on the internet tend to get magnified into big, giant, widespread security holes.

Ads steal our speed & infect us #1/2... apk by Anonymous Coward · 2016-02-10 13:54 · Score: 0 · on Why Stack Overflow Doesn't Care About Ad Blockers

SMALL partial only sample of OpenBid/realtime bidding & other ad networks malware makers have taken advantage of to infect you with:

Domain: securityweek.com

Comments · 144