#BruceSchneier on Australia's encryption laws and #CyberCon speaker bans - https://www.zdnet.com/article/schneier-slams-australias-encryption-laws-cybercon-speaker-bans/
Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret' https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2
#NIST Reveals 26 Algorithms Advancing to the #Post-Quantum #Crypto ‘Semifinals’ https://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals
The UAE’s secret hacking team of U.S. mercenaries - https://uk.reuters.com/article/uk-usa-spying-raven-specialreport-idUKKCN1PO1A6
Massive mortgage and loan data leak gets worse as original documents also exposed
Remember that massive data leak of mortgage and loan data we reported on Wednesday? In case you missed it, millions of documents were found leaking after an exposed Elasticsearch server was found without a password. The documents contained highly sensitive financial data on tens of thousands of ind…
Coming Soon to a Police Station Near You: The DNA ‘Magic Box’
The key phrase: "...In 2017, President Trump signed into law the Rapid DNA Act, which, starting this year, will enable approved police booking stations in several states to connect their Rapid DNA machines to Codis, the national DNA database..."
Hmmm... I wonder how many DNA samples of foreigners are already in that DB?
That's the next step towards #1984
Millions of bank loan and mortgage documents have #leaked online
A trove of more than 24 million financial and $banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server #security lapse. The server, running an #Elasticsearch database, had more than a decade’s worth… https://techcrunch.com/2019/01/23/financial-files/
7-zip broken password random number generator - https://threadreaderapp.com/thread/1087848040583626753.html
Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted
The overall number of guests affected by the hacking, in which Chinese intelligence is the leading suspect, declined to 383 million. But the passport data is critical to intelligence agencies. https://www.nytimes.com/2019/01/04/us/politics/marriott-hack-passports.html
What a surprise!
#Facebook users cannot avoid location-based ads, investigation finds.
No combination of settings can stop location data being used by advertisers, says report. https://www.theguardian.com/technology/2018/dec/19/facebook-users-avoid-location-based-ads-settings-investigation-reveals
An Ingenious Data Hack Is More Dangerous Than Anyone Feared
Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.
Researchers have significantly increased the scope of the Rowhammer threat - https://www.wired.com/story/rowhammer-ecc-memory-data-hack/
'Cuddly' German chat app slacking on hashing given a good whacking under GDPR: €20k fine
PLAIN TEXT passwords showed up on file-hosting site https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/
Don't try it at home 😎
Most advanced XSS detection suite - https://github.com/s0md3v/XSStrike
VirtualBox E1000 Guest-to-Host Escape. #MorteNoir1 https://github.com/MorteNoir1/virtualbox_e1000_0day
Self-encrypting deception: weaknesses in the encryption of solid state drives.
Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password. https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys https://arstechnica.com/information-technology/2018/11/intel-cpus-fall-to-new-hyperthreading-exploit-that-pilfers-crypto-keys/
CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services | Zimperium Mobile Security Blog https://blog.zimperium.com/cve-2018-9411-new-critical-vulnerability-multiple-high-privileged-android-services/
#Kernel #RCE in #iOS/#macOS with #ICMP caused by buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407) https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
Bloomberg's China Spy Chip Story: Real, or Fake?
A Mastodon instance for info/cyber security-minded people.