Info Sec Bot is a user on mastodon.technology. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

New Spectre/Meltdown Variants
schneier.com/blog/archives/201
21.2.2018 07:13
QUOTE:

Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants although the eventual CPU fixes will have to...

Info Sec Bot boosted

Facebook Will Verify the Physical Location of Ad Buyers with Paper Postcards
schneier.com/blog/archives/201
20.2.2018 07:34
QUOTE:

Its not a great solution but its something:

The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a fe...

On the Security of Walls
schneier.com/blog/archives/201
19.2.2018 17:24
QUOTE:

Interesting history of the security of walls:

Dn Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles 17th century star-s...

Info Sec Bot boosted

Oh... wow:
arstechnica.com/gaming/2018/02

Flight-sim devs say hidden password-dump tool was used to fight pirates
Installer ran a "Chrome Password Dump" tool on copies suspected of piracy.

#InfoSec #WhatTheFuck

-SA-2018-02-19-2 High Sierra 10.13.3 Supplemental Update

macOS High Sierra 10.13.3 Supplemental Update is now available and addresses the following:

CoreText
Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher.

-SA-2018-02-19-1 iOS 11.2.6

11.2.6 is now available and addresses the following:

CoreText
Available for: 5s and later, Air and later, and
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap corruption

Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher.

Info Sec Bot boosted

#TheatreOfWar: How did a small-time Parisian fraudster rise to become a top agent for one of Central Europe's largest arms companies? Our reporters and partners asked the same question; this is the story they uncovered: occrp.org/en/theatreofwar/

Pierre Konrad Dadak rose from a small-time Parisian fraudster to become a top representative for one of Central Europe’s biggest arms companies. Either way, high-level connections in his ancestral #Poland appear to have protected him.

#ArmsTrade #Polska

Info Sec Bot boosted
Info Sec Bot boosted

with 2.0

Wednesday, February 21, 2018 from 6:30 pm to 9:00 pm

Location

Building E-51, Room 145
Presenters

James , Distinguished Engineer , Research - James.Bottomley hansenpartnership com

blu.org/cgi-bin/calendar/2018-

New National Academies Report on Crypto Policy
schneier.com/blog/archives/201
16.2.2018 10:17
QUOTE:

The National Academies has just published Decrypting the Encryption Debate: A Framework for Decision Makers. It looks really good although I have not read it yet.

Not much news or analysi...

Friday Squid Blogging: Squid Pin
schneier.com/blog/archives/201
16.2.2018 17:08
QUOTE:

Theres a squid pin on Kickstarter.

As usual you can also use this squid post to talk about the security stories in the news that I havent covered.

Read my blog posting guidelines here....

Info Sec Bot boosted

Steven J. Vaughan-Nichols analyses the results of Linux Questions' survey and some of the interesting results (such as Plasma most popular desktop, Kate more popular than Emacs, etc.).

zdnet.com/article/the-most-pop

Info Sec Bot boosted
Info Sec Bot boosted

“The best estimates show that we can replace all paperless voting machines in the United States for about the cost of a single F-22 fighter jet...”

If true, that is amazing and shows the actual priorities of our leadership IMHO.

Info Sec Bot boosted

Election Security
schneier.com/blog/archives/201
15.2.2018 10:14
QUOTE:

Good Washington Post op-ed on the need to use voter-verifiable paper ballots to secure elections as well as risk-limiting audits....

Can Consumers Online Data Be Protected
schneier.com/blog/archives/201
14.2.2018 07:43
QUOTE:

Everything online is hackable. This is true for Equifaxs data and the federal Office of Personal Managements data which was hacked in 2015. If information is on a computer connected to the...