Sat.Sep 14, 2019 - Fri.Sep 20, 2019

article thumbnail

Another Side Channel in Intel Chips

Schneier on Security

Not that serious, but interesting : In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO­short for Data-Direct I/O­increased input/output bandwidth and reduced latency and power consumption.

244
244
article thumbnail

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against.

Banking 235
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Before He Spammed You, this Sly Prince Stalked Your Mailbox

Krebs on Security

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these old fashioned “advance fee” or “419” scams predate email and have circulated via postal mail in various forms and countries over the years.

Scams 211
article thumbnail

MY TAKE: What everyone should know about the promise and pitfalls of the Internet of Things

The Last Watchdog

Internet 201
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

A Feminist Take on Information Privacy

Schneier on Security

Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us confused and blaming ourselves. Here are some of the ways our unequal relationship with our smartphones is like an abusive relationship: They isolate us from deeper, competing relationships in favour of sup

Media 232
article thumbnail

Yahoo data breach settlement means affected users may get $100

Tech Republic Security

If you had a Yahoo account between January 1, 2012 and December 31, 2016, you may be entitled to a bit of money.

More Trending

article thumbnail

MY TAKE: SMBs can do much more to repel ransomware, dilute disinformation campaigns

The Last Watchdog

Local government agencies remain acutely exposed to being hacked. That’s long been true. However, at this moment in history, two particularly worrisome types of cyber attacks are cycling up and hitting local government entities hard: ransomware sieges and election tampering. Related: Free tools that can help protect elections I had a deep discussion about this with Todd Weller, chief strategy officer at Bandura Cyber.

article thumbnail

Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago

Schneier on Security

Earlier this month I made fun of a company called Crown-Sterling, for.for.for being a company that deserves being made fun of. This morning, the company announced that they "decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer." Really. They did. This keylength is so small it has never been considered secure.

article thumbnail

A new type of DDoS attack can amplify attack strength by more than 15,300%

Tech Republic Security

By abusing a little-known multicast protocol, attackers can launch DDoS attacks of immense power, but there may be an easy fix.

DDOS 167
article thumbnail

Is There a Hacker in Your Wallet? Third Certainty Episode 2

Adam Levin

In the second episode of Third Certainty, Adam Levin explains how consumers can protect themselves in the aftermath of the Capital One data breach. The post Is There a Hacker in Your Wallet? Third Certainty Episode 2 appeared first on Adam Levin.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

MY TAKE: Poll shows senior execs, board members grasp strategic importance of cybersecurity

The Last Watchdog

article thumbnail

Revisiting Software Vulnerabilities in the Boeing 787

Schneier on Security

I previously blogged about a Black Hat talk that disclosed security vulnerabilities in the Boeing 787 software. Ben Rothke concludes that the vulnerabilities are real, but not practical.

Software 218
article thumbnail

Small businesses underestimate financial damage of cyberattacks

Tech Republic Security

The average breach causes an average of $149,000 in damages, yet most small-to-medium-sized businesses thought cyberattacks would cost them under $10,000, survey reports.

article thumbnail

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite

WIRED Threat Level

At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory.

Hacking 112
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Backup files for Lion Air and parent airlines exposed and exchanged on forums

Security Affairs

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air.

Backups 111
article thumbnail

Cracking Forgotten Passwords

Schneier on Security

Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency passwords (mostly Ethereum) for a cut of the recovered value.

Passwords 214
article thumbnail

Governments still struggling to contend with weaponized social media platforms

Tech Republic Security

A report from a former NSA operative says countries across the world are still adjusting to the new reality of sophisticated cyberwarfare.

Media 163
article thumbnail

A Password-Exposing Bug Was Purged From LastPass

WIRED Threat Level

Google Project Zero found and reported a flaw in the widely used password manager.

Passwords 109
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

A flaw in LastPass password manager leaks credentials from previous site

Security Affairs

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

article thumbnail

I'm Looking to Hire a Strategist to Help Figure Out Public-Interest Tech

Schneier on Security

I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology. All of the details are in the RFP. The selected strategist will work closely with me on a number of clear deliverables. This is a contract position that could possibly become a salaried position in a subsequent phase, and under a different agreement.

article thumbnail

Exposed RDP servers see 150K brute-force attempts per week: Here's how to protect them

Tech Republic Security

BlueKeep and DejaBlue renewed interest in brute-force scanning for vulnerable systems, which negatively impacts Windows Server performance. Cameyo has solutions to protect your Virtual Desktop server.

157
157
article thumbnail

A Brutal Murder, a Wearable Witness, and an Unlikely Suspect

WIRED Threat Level

Karen Navarra was a quiet woman in her sixties who lived alone. She was found beaten to death. The neighbors didn't see anything. But her Fitbit did.

108
108
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

More than 737 million medical radiological images found on open PACS servers

Security Affairs

Researchers at Greenbone Networks vulnerability analysis and management company discovered 400 Million medical radiological images exposed online via unsecured PACS servers. The experts at Greenbone Networks vulnerability analysis and management company discovered 600 unprotected servers exposed online that contained medical radiological images. The research was conducted between mid-July 2019 and early September 2019.

article thumbnail

New Biometrics

Schneier on Security

This article discusses new types of biometrics under development, including gait, scent, heartbeat, microbiome, and butt shape (no, really).

article thumbnail

Why businesses would rather lose revenue than data

Tech Republic Security

While businesses don't want to lose data, 66% of business decision makers said their current IT resources do not keep up with growing technological demands.

article thumbnail

After Six Years in Exile, Edward Snowden Explains Himself

WIRED Threat Level

In a new memoir and interview, the world’s most famous whistle-blower elucidates as never before why he stood up to mass surveillance—and his love for an internet that no longer exists.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

A bug in Instagram exposed user accounts and phone numbers

Security Affairs

Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information. The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name. ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional time to address the issue.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society in London on September 24, 2019. I'm speaking at Cyber Security Nordic in Helsinki, Finland on October 3, 2019. I'm speaking at the Australian Cyber Conference 2019 in Melbourne on October 9, 2019.

179
179
article thumbnail

Companies still unprepared for GDPR rule changes and potential EU data breaches

Tech Republic Security

A new survey finds many companies are still in the dark about GDPR compliance.

article thumbnail

'Simjacker' Attack Can Track Phones Just by Sending a Text

WIRED Threat Level

White house spying, North Korea sanctions, and more of the week's top security news.

107
107
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!