mfioretti: security*

Bookmarks on this page are managed by an admin user.

137 bookmark(s) - Sort by: Date ↓ / Title / Voting / - Bookmarks from other users for this tag

  1. Well, yes. But it’s so 1950s. So analogue. Why not be really cool and have a proper networked timer socket, something that you can control from your smartphone from anywhere in the world? Something like the AuYou Wi-Fi Switch for example. Looks like it’s just the ticket. Plug it in, hold down the power button and it hooks up with the app on your (Android) smartphone, and – bingo! – job done. Now, where did you put that boarding pass?

    But, hang on. Maybe you should just check the product reviews, just to be sure. Ah, here’s one by a guy called Matthew Garrett. “There’s a lot to like about this hardware,” Matthew writes, “but unfortunately it’s entirely overwhelmed by everything there is to hate about it.”

    Yea, verily, toaster shall speak unto toaster and Amazon will know what you want before you can articulate it yourself

    Eh? Turns out that Mr Garrett knows a lot about computer security. And as he delves into how the AuYou switch works, he finds a real mess. Like all networked devices, the socket has a MAC address, a globally unique network address. You can set on/off times on the socket via the app on your phone and, if you’re in your house, that’s fine, because the command never leaves your wireless network. But if you’re on holiday in Spain, say, then the command goes via an intermediate server in China (where else?) The command is supposedly encrypted, but Mr Garrett found it laughably easy to crack.
    https://www.theguardian.com/commentis...er-made-things-smart-devices-security
    Tags: , , , by M. Fioretti (2018-03-31)
    Voting 0
  2. The idea is to use the Arc™ as a single manager for your passwords, encrypted notes, files and -all the secret things here- while hosting arcd yourself on some spare hardware like a Raspberry Pi and accessing arc from every device with a modern browser, so let’s see how to configure it on a Raspberry Pi Zero in order to have a secure and portable setup for your secrets! :D
    https://www.evilsocket.net/2017/12/07...the-ARC-Project/#.WimFjC49icA.twitter
    Voting 0
  3. Unlike the Passport Officer, the RTO, the Electoral Officer, the CEO of UIDAI does not take any legal liability to certify the number as a proof of anyone’s identity, address or existence. Furthermore no one has verified or audited the database to establish how many of the billion numbers that are linked to data submitted by the outsourced parties are real individuals.

    The resulting Aadhaar database is the database being used to “purify”, as described by Ajay Bhushan Pandey the CEO of UIDAI, all databases that are seeded with Aadhaar. The seeding of other databases with the Aadhaar number is also unlike any other identification document. This seeding threatens to exclude the genuine and include the fake into other existing databases by seeding Aadhaar to other databases. The case of over 13,000 fake employees in Satyam’s who got salaries every month for years before being exposed is still fresh in India.

    As the government embarks to link the entire Consolidated Fund of India’s receipts and expenditure to this database, is it not reasonable to establish some CAG certificate on the existence of every person in this database?

    Mr. Nilekani has often highlighted the use of biometric to authenticate who you are as the core strength of the Aadhaar database. What he fails to state is that even if biometric could uniquely establish your identity uniquely throughout your life, which it cannot, its use for authentication is absurd.

    Once stolen, your biometric can be used, in a multiple of ways differing in simplicity and ease, by the thief, to perpetuate crimes that will be attributed to you and may be difficult, if not impossible, for you to deny.

    It is precisely this difference between the enrolment and use models of the Aadhaar in comparison with any other ID are a threat to you as well as the nation.
    https://tech.economictimes.indiatimes...ts/how-does-aadhaar-threaten-you/2277
    Voting 0
  4. A year ago the Resilient Navigation and Timing Foundation published an analysis of the biggest threats to GPS (pdf), ranking them by vulnerability, potential damage, and the intent and capacity to carry them out. The top three threats were on-going “accidental” jamming like the truck at Newark airport and the potential use of powerful jamming devices by either a rival military or terrorist groups.

    Intentional or unintentional jamming could cause millions, even billions of dollars in damage; it could also lead to the loss of life.

    “The first thing that happens when GPS is disrupted, every mode of transportation slows down, becomes more dangerous,” Goward tells me. “Then the clocks in the different networks in the affected area begin to desynchronize. Because they are all such a different quality, it’s impossible to say which networks are going to degrade where and in what order, but we know after some period of time, cell phone networks will start to fall apart, IT, financial—stock exchanges will have to shut down because they can’t reconcile the trades, ATMs won’t work because the banks can’t verify the money is there, eventually even the electrical grid. Lord knows how quickly this will unfold.”

    To prepare for such threats, experts urge laws that would require toughening up critical infrastructure so it would be able to maintain its own high-quality timing for at least thirty days if GNSS vanishes.
    https://qz.com/1106064/the-entire-glo...d-its-shockingly-vulnerable-to-attack
    Voting 0
  5. What if your smartphone starts making calls, sending text messages, and browsing malicious websites on the Internet itself without even asking you?

    This is no imaginations, as hackers can make this possible using your smartphone's personal assistant like Siri or Google Now.

    A team of security researchers from China's Zhejiang University have discovered a clever way of activating your voice recognition systems without speaking a word by exploiting a security vulnerability that is apparently common across all major voice assistants.
    http://thehackernews.com/2017/09/ai-digital-voice-assistants.html
    Tags: , , , , by M. Fioretti (2017-09-08)
    Voting 0
  6. he same data-richness that interests police departments should also give us pause: it's never been the case that a cop busting a low-level, nonviolent offender would be allowed to probe that person's entire network of friends and relations; read all the correspondence between the arrestee and their doctors, lawyers, kids and spouse; get a neat list of all the places the person had visited; and be able to look at everything from bank balances to spending history.

    The major provider of mobile forensic tools is the Israeli firm Cellebrite, who made headlines when the FBI revealed that they'd used a Cellebrite tool to crack the San Bernadino shooters' phones, and then again when a hacker dumped 900GB worth of internal Cellebrite info, revealing that the company routinely repackaged hacking tools from the darkweb and sold them to police departments without first verifying that these weren't leaking data to third parties or otherwise creating risks for their users and their targets.
    https://boingboing.net/2017/06/07/uni...A+boingboing%2FiBag+%28Boing+Boing%29
    Voting 0
  7. -
    https://attivissimo.blogspot.it/2017/05/wanacryptor-attacco-ransomware.html
    Voting 0
  8. 8. Quello che ha fatto Trump non è illegale solo perché Trump è il presidente, e il presidente ha il potere di “declassificare” quello che vuole: può decidere liberamente quali informazioni diffondere e quali no, anche tra quelle col più alto livello di segretezza. Se qualsiasi altra persona negli Stati Uniti avesse diffuso informazioni con quel livello di segretezza, sarebbe stata licenziata e processata; se le avesse rivelate intenzionalmente, sarebbe condannata a molti anni di carcere per alto tradimento.

    9. In tutto questo, venerdì Trump lascerà gli Stati Uniti per il primo viaggio internazionale della sua presidenza: visiterà alcuni tra i più solidi alleati degli Stati Uniti, come Arabia Saudita e Israele, e incontrerà i più importanti leader mondiali durante il G7 di Taormina. Questo viaggio era considerato da tempo come un test importante, vista l’esperienza nulla di Trump nelle relazioni internazionali; questo guaio lo renderà ancora più delicato. «Non c’è in ballo solo la reputazione del presidente», ha scritto Stephen Collinson sul sito di CNN; «è la credibilità degli Stati Uniti, il più potente paese al mondo e il garante della sicurezza dell’Occidente, che si sta pubblicamente erodendo».
    http://www.ilpost.it/2017/05/16/spiegazione-trump-russia
    Voting 0
  9. The CIA declined to comment, and the NSA did not respond to requests for comment.

    But officials expressed concern about Trump’s handling of sensitive information as well as his grasp of the potential consequences. Exposure of an intelligence stream that has provided critical insight into the Islamic State, they said, could hinder the United States’ and its allies’ ability to detect future threats.

    On Russia, Trump and his top national security aides seem to be at odds »

    “It is all kind of shocking,” said a former senior U.S. official who is close to current administration officials. “Trump seems to be very reckless and doesn’t grasp the gravity of the things he’s dealing with, especially when it comes to intelligence and national security. And it’s all clouded because of this problem he has with Russia.”
    https://www.washingtonpost.com/world/..._trumpintel-0504pm%3Ahomepage%2Fstory
    Voting 0
  10. To a remarkable degree, the United States relies on liaison relationships with other powers with whom it shares information. If Trump has indeed compromised a source of information, it is not merely a betrayal of an ally’s trust: It is an act that will jeopardize a whole range of relationships. After all, the Director of Central Intelligence cannot very well say, “Don’t worry, we won’t share that with the president.” So now everybody—even our closest allies like the United Kingdom—would be well-advised to be careful with what they share with us. That is a potential intelligence debacle for us, but the danger goes beyond that. If any foreign government harbored lingering illusions about the administration’s ability to protect any information, including sensitive but non-intelligence matters like future foreign-policy initiatives or military deployments, they no longer do. They will be even more apprehensive about sharing sensitive information of any kind because…
    https://www.theatlantic.com/politics/...ps-disclosures/526818/?utm_source=twb
    Voting 0

Top of the page

First / Previous / Next / Last / Page 1 of 14 Online Bookmarks of M. Fioretti: Tags: security

About - Propulsed by SemanticScuttle