Search: [security] - ervin's web review

ChatGPT Is Ingesting Corporate Secrets - Schneier on Security

Are we surprised? Not really no... you don't own any of the data you're feeding it. Keep it away from your secrets.

tech · ai · security · gpt

February 16, 2023 at 6:28:07 PM GMT+1 * · permalink

·

https://www.schneier.com/blog/archives/2023/02/chatgpt-is-ingesting-corporate-secrets.html

·

dns0.eu — The European public DNS that makes your Internet safer

Looks very interesting, I guess I will switch some of my devices to using this and we'll see how it goes.

tech · dns · security

February 8, 2023 at 10:33:10 AM GMT+1 * · permalink

·

https://www.dns0.eu/

·

New T-Mobile Breach Affects 37 Million Accounts – Krebs on Security

That's really a massive leak again! The amount of personal data in the wild... will likely help with identity theft too.

tech · security

January 20, 2023 at 9:56:56 AM GMT+1 * · permalink

·

https://krebsonsecurity.com/2023/01/new-t-mobile-breach-affects-37-million-accounts/

·

U.S. No Fly List Left on Unprotected Airline Server

That's an "interesting" leak, both for how it happens and what it contains. I shows serious biases in the "no fly list" used by airlines.

tech · airline · security

January 20, 2023 at 9:22:05 AM GMT+1 * · permalink

·

https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/

·

I scanned every package on PyPi and found 57 live AWS keys

This is apparently a somewhat common mistake. Something is apparently not easy enough to handle and error prone.

tech · security · secrets · python

January 8, 2023 at 1:13:16 AM GMT+1 · permalink

·

https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/

·

IDN is crazy | daniel.haxx.se

International Domain Names indeed opened a whole can of worms. This creates plenty of opportunities for confusions and mistakes waiting to happen... or to be exploited.

tech · security · dns

December 24, 2022 at 5:00:20 PM GMT+1 · permalink

·

https://daniel.haxx.se/blog/2022/12/14/idn-is-crazy/

·

Stranger Strings: An exploitable flaw in SQLite | Trail of Bits Blog

Interesting bug in SQLite. In particular look for the conclusion regarding tests and coverage. It's something I often have to remind people of.

tech · sql · sqlite · security · tests · coverage

October 26, 2022 at 11:08:37 AM GMT+2 * · permalink

·

https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

·

How Tor is fighting—and beating—Russian censorship | Ars Technica

It's nice to see Tor is still winning even in difficult countries.

tech · tor · security · censorship

August 1, 2022 at 8:36:43 AM GMT+2 * · permalink

·

https://arstechnica.com/information-technology/2022/07/how-tor-is-fighting-and-beating-russian-censorship/

·

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit | Securelist

This is an interesting (and concerning) type of rootkits. Hard to tell how much of it really is in the wild at the moment.

tech · security

July 27, 2022 at 8:27:46 AM GMT+2 * · permalink

·

https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/

·

Symbiote, a nearly-impossible-to-detect Linux malwareSecurity Affairs

Alright, this one looks somewhat concerning...

tech · linux · security

June 12, 2022 at 8:46:13 AM GMT+2 * · permalink

·

https://securityaffairs.co/wordpress/132113/malware/symbiote-linux-malware.html

·

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

Interesting forensic of a supply chain attack targetting crates.io. Especially fascinating to me is how it then tries to target CI build environments as preparation for larger attacks.

tech · security · supply-chain · rust · ci

May 21, 2022 at 1:24:24 PM GMT+2 * · permalink

·

https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/

·

Scapy: low level packet hacking toolkit for Python – Trickster Dev

Looks like a very interesting toolkit for low level network related or security related operations.

tech · python · networking · security

May 9, 2022 at 7:48:43 AM GMT+2 * · permalink

·

https://www.trickster.dev/post/scapy-low-level-packet-hacking-toolkit-for-python/

·

How Go Mitigates Supply Chain Attacks - The Go Programming Language

Admittedly, the go toolchain seems to handle supply chain problems in a neat way. I especially like the VCS as the source of truth.

tech · go · supply-chain · security

April 1, 2022 at 8:45:16 AM GMT+2 * · permalink

·

https://go.dev/blog/supply-chain

·

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

Also a good reminder of why the fact that it's proprietary makes things harder security wise.

tech · zoom · security

January 24, 2022 at 10:33:15 AM GMT+1 * · permalink

·

https://thehackernews.com/2022/01/google-details-two-zero-day-bugs.html

·

The curious case of the Raspberry Pi in the network closet

Interesting forensic of a device left around to spy a network.

tech · raspberry-pi · security

January 18, 2022 at 11:18:04 AM GMT+1 * · permalink

·

https://blog.haschek.at/2019/the-curious-case-of-the-RasPi-in-our-network.html

·

You (probably) don’t need ReCAPTCHA | nearcyan

Indeed, don't use this by default. This is likely overkill and has terrible side effects. Look up for the alternatives proposed in this article first.

tech · web · security · captcha · gafam

January 3, 2022 at 12:04:01 PM GMT+1 * · permalink

·

https://nearcyan.com/you-probably-dont-need-recaptcha/

·

The Internet is Held Together With Spit & Baling Wire – Krebs on Security

Always amazed when such important routing systems are reached through very insecure means.

tech · internet · security · routing

November 27, 2021 at 3:45:11 PM GMT+1 * · permalink

·

https://krebsonsecurity.com/2021/11/the-internet-is-held-together-with-spit-baling-wire/

·

Your Fingerprint Can Be Hacked For $5. Here’s How. - Kraken Blog

Good reminder of why fingerprint readers are really a poor security device.

tech · security

November 23, 2021 at 11:42:20 AM GMT+1 * · permalink

·

https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/

·

‘Trojan Source’ Bug Threatens the Security of All Code – Krebs on Security

Now this one is really nasty...

tech · security · compiler · supply-chain

November 2, 2021 at 7:43:46 AM GMT+1 * · permalink

·

https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/

·

No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders - Lumen

Fascinating attack vector. It was just a matter of time I guess, the more you use blurry frontiers (be it between OSes or other important domains) the more opportunities for exploits show up.

tech · security · windows · linux

September 23, 2021 at 12:40:22 PM GMT+2 * · permalink

·

https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/

·