Items tagged with: security
Gleich zwei Fehler in Googles Angebot für Unternehmenskunden G Suite speicherten Passwörter im Klartext. Ein Fehler ist bereits 14 Jahre alt.
#Google #Datensicherheit #Passwort #Sicherheitslücke #Internet #Security
Debian Security Advisory DSA-4449-1 email@example.com [url=https://www.debian.org/security/]https://www.debian.org/security/[/url] Moritz Muehlenhoff May 22, 2019 [url=https://www.debian.org/security/faq]https://www.debian.org/security/faq[/url] - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : CVE-2018-15822 CVE-2018-1999011 CVE-2019-9718 CVE-2019-11338 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the stable distribution (stretch), these problems have been fixed in version 7:3.2.14-1~deb9u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at:
#ffmpeg #libav #Linux #Debian #Security
Android and iOS devices impacted by new sensor calibration attack | ZDNet
A new device fingerprinting technique can track Android and iOS devices across the Internet by using factory-set sensor calibration details that any app or website can obtain without special permissions.#technology #mobile #Android #security
via dandelion* client (Source)
The #admin #console stored a copy of the unhashed password. This practice did not live up to our standards. To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.#cloude #security #internet #news #Software #warning
Ultra-private Tor browser officially arrives on Android | Engadget
VPNs and incognito modes can help, but if you want to jump to a whole 'nother privacy level, there's the infamous Tor Browser. It has finally come out of beta and arrived on Android in a stable release, the Tor Project announced.#technology #mobile #Android #privacy #security
Сегодня утром один из хороших заказчиков прислал выдержку из только что полученного письма от #Google.
We are writing to inform you that due to legacy functionality that enabled customer Domain Admins to view passwords, some of your users’ passwords were stored in our encrypted systems in an unhashed format. This primarily impacted system generated or admin generated passwords intended for one-time use.Из чего следует, что они, во-первых, хранят пароли в plain text, а, во-вторых, их административный персонал имеет к ним доступ. О причинах такого решения мы можем лишь догадываться, но что-то мне подсказывает что они не столько (только) технологические, сколько юридические. Я расцениваю это как признание факта выдачи пользовательских паролей по запросу государственных органов и спецслужб.
Кстати, напомню, что не так давно был аналогичный скандал с #Facebook, когда выяснилось что их система не только хранит пароли открытым текстом, но и доступ к ним имеют (имели?), как минимум, свыше 1000 сотрудников компании.
#russian #lang ru #security #privacy #law #internet
Good example of reliable Content Security Policy (CSP) implementation by @nextclouders https://www.immuniweb.com/websec/?id=N1gz6Agh&ts=1558035022 #infosec
It happened again: Google announced today that it's the latest tech giant to have accidentally stored user passwords unprotected in plaintext. G Suite users, pay attention.#Security #Passwords #Privacy
Google says that the bug affected "a small percentage of G Suite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords on its servers in a cryptographically scrambled state known as a hash. But a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of a control panel, called the admin console. Google has disabled the features that contained the bug.
When you visit a website, your web browser provides a range of information to the website, including the name and version of your browser, screen size, fonts installed, and so on. Website authors can use this information to provide an improved user experience. Unfortunately this same information can also be used to track you. In particular, this information can be used to generate a distinctive signature, or device fingerprint, to identify you.#Security #Privacy #Sensors
We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Our attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you. The attack takes less than one second to generate a fingerprint which never changes, even after a factory reset. This attack therefore provides an effective means to track you as you browse across the web and move between apps on your phone.
#Intel Tried to #Bribe Dutch #University to Suppress Knowledge of #MDS #Vulnerability
Dutch publication Nieuwe Rotterdamsche Courant reports that Intel offered to pay the researchers a USD $40,000 "reward" to allegedly get them to downplay the severity of the vulnerability, and backed their offer with an additional $80,000. The team politely refused both offers.#crime #news #Technologie #cpu #security
The US Military-Industrial Complex Is a Virus Eating Away at Actual American Military Power....It's concerned only with self-preservation and expansion, and perfectly happy to do so at the expense of actual US military effectivness
For a country that spends such vast sums on its national security apparatus—many times more than the enemies that supposedly threaten it do—the United States has a strangely invisible military establishment.
Military bases tend to be located far from major population centers. The Air Force’s vast missile fields, for instance, are hidden away in the plains of the northern Midwest. It is rare to see service uniforms on the streets of major cities, even Washington.
#USA #Military Industrial Complex #national #security #conspiracy #fraud #theft #disinformation #military
How the United States threatens our security
US is intensifying its economic war and dragging the rest of the world and us into it
#usa #China #Huawei #trade #TradeWar #technology #google #android #LineageOS #PureOS #Sailfish #UbuntuTouch #politics #security #aosp
Seven questions we still have about Huawei’s US blacklisting | The Verge
President Trump sent shockwaves throughout the tech industry last week with an executive order that declared a national emergency and barred American companies from doing business with companies deemed a national security risk. Days later, the effects have started to become apparent as companies from Google to Intel have taken action to comply, shutting Huawei out of supply chains and stopping it from using US software.A few things have occurred to me:
This development could have major, long-lasting repercussions for the entire tech industry, but there are still several questions without definite answers.
1) If Huawei can't produce Android devices which can get all kinds of updates, then Google have effectively killed off one competitor to its Pixel line.
2) At the same time, Google have probably made a lot more enemies, given Huawei's position in the global market.
3) If this can happen to Huawei, it can possibly happen to other companies.
4) If a US-Chinese trade deal can eventually be made to work, the restrictions might be lifted.
5) Even if a deal is made, Huawei might still be seen as a security risk, despite a) their claim that they're not, and b) no (publicly-available) evidence that they are (and I'm not about to consider an open telnet port evidence of wrongdoing).
6) If this situation isn't sorted some time soon, China could possibly consider it an act of war.
#technology #mobile #Google #Huawei #security
I've heard the argument that these are Chinese companies and that technically Chinese government controls all Chinese companies... but I mean is there really any proof the Huawei has done anything? This all seems like yet another USA false flag tactic to me. The risk posed merely from a government POSSIBLY intervening in a company is the same risk posed by any US company. If the NSA subpoenas a US company to do something they do it and shut their mouths about it. This HAS been documented in the past.
#huawei #malware #FalseFlag #trump #security #exploit #china #tradewar #trumpstradewar
HN Discussion: https://news.ycombinator.com/item?id=19958899
Posted by kowabit (karma: 51)
Post stats: Points: 104 - Comments: 97 - 2019-05-20T10:13:55Z
#HackerNews #how #our #security #states #the #threatens #united
HackerNewsBot debug: Calculated post rank: 101 - Loop: 75 - Rank min: 100 - Author rank: 127
HN Discussion: https://news.ycombinator.com/item?id=19956512
Posted by Elof (karma: 1945)
Post stats: Points: 119 - Comments: 72 - 2019-05-20T00:21:48Z
#HackerNews #become #bluetooths #complexity #has #risk #security
HackerNewsBot debug: Calculated post rank: 103 - Loop: 181 - Rank min: 100 - Author rank: 47
#anonymity #dataprivacy #infosec #opsec #privacy #security #snooping #spying #surveillance #zombieload
#intel #cloud #linux #mac #windows
Nothing Is Truly Secure...
Zombieload affects almost every Intel chip since 2011
and only new CPUs can truly fix it!
ZombieLoad attack lets hackers steal data from Intel chips