DevOps, Security, Whatever
Estonia sues Gemalto for €152M over ID card flaws. According to an article, some keys were NOT generated on a smartcard due to a scaling issue. Well, looks like they are not affected by ROCA vulnerability, just compromised by Gemalto:)
Posted
#Weekly-News
Linux had officially committed to implementing and obeying the Code of Conduct — which is immediately misused to remove top Linux coders. Some of the Linux developers are now threatening to withdraw the license to all of their code.
Posted
#Weekly-News
Purism project introduced their own security token called the Librem Key. They have partnered with the Nitrokey manufacturer, but the firmware provides additional functionality, like a challenge response mode where the key informs you if the bios running on a PC has validated itself to the key.
Posted
#Weekly-News
Tesla model S is using a 40bit challenge response scheme broken back in 2005. Researchers stole a car in ~6 seconds with precomputed tables.
Posted
#Weekly-News
USB media shipped with the Schneider Electric Conext ComBox and Conext Battery Monitor solar products were infected with malware.
Posted
#Weekly-News
Google started selling their Titan Security Key bundle that support FIDO standards for secure authentication. They have written the firmware by themselves, but the price should be lower for this kind of hardware.
Posted
#Weekly-News
If you are running Linux machines in Microsoft Azure, you should disable built-in wa-linux-agent backdoor that enable root access from Azure console.
Posted
#Weekly-News
There is an OpenSSH user enumeration attack against all software versions on all operating systems. It's a timing attack with proof of concept already published.
Posted
#Weekly-News
A Comcast security flaws exposed more than 26 millions of customers’ personal information. Basically, an attacker could spoof IP address using 'X-forwarded-for' header on a Comcast login page and reveal the customer’s location.
Posted
#Weekly-News
Reddit got hacked. According to the investigation, it looks like hackers accessed employees 2FA protected accounts. An attacker 'compromised a few of Reddit's accounts with cloud and source code hosting providers by intercepting SMS 2FA verification codes'.
Posted
#Weekly-News