The National Security Agency (NSA) has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants. “NSA recommends that only TLS 1.2 or TLS 1.3 be used and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS1.1 not be used.” Links NSA Release […]
About: John
Posts by John:
California Privacy Rights Act (CPRA)
Note that in 2023 the California Privacy Rights Act (CPRA) will go into effect on January 1 2023 as Proposition 24 was voted in. Its going to be awhile before it comes into play but be aware of that it will have impact globally. Dark Reading put some details together on it. – LINK
Singapore Police can access the COVID-19 contact Tracing
LINK For those that believe that data like this would not be accessible to law enforcement, think again. In this case 78% of Singapore residents have it on their phones. So think about this, the police know where 78% of the populace are AT ALL TIMES.
REMINDER: Adobe Flash is EOL – Get rid of it now
I posted a little something on this earlier – HERE
Backdoor Account found in Zyxel Products
Another hardcoded account was found in a prodcut. This time in Zyxel. CVE-2020-29583 The undocumented account (“zyfwp”) comes with an unchangeable password (“PrOw!aN_fXp“) How and why does this keep happening? I find it perplexing…(unless its intentional)
Ticketmaster needs to burn in Hell
Well, Ticketmaster was fined a whopping $10 million (sarcasm is being laid on thick here) for illegally accessing a competitor’s systems (CrowdSurge). Ticketmaster hired a former employee and then started using credentials that he brought with him and started using those credentials in business practices and even used the passwords at a division wide summit. […]
Home IoT Audio/Video Devices hacked and attackers swatted the locations to watch
So it seems that attackers have been exploiting IoT smart devices so they can then SWAT the location and watch the authorities attack the house. LINK Call me a bit paranoid. This is why I will never have any of these devices in my house…ever.
Apple looses its lawsuit – Good for Security
Apple just got slapped down with a lawsuit against a startup called Corellium. LINK Apples was suing Corellium claiming is virtualization of iOS constituted copyright infringement. If Apple would have won this, it would have been a HUGE legal risk for all security researchers in the future.
Bill and Melinda Gates Foundation are schooled in security with almost 1million kids details stolen
I am at a loss of words on the irony here. The Bill and Melinda Gates Foundation founded an initiative called GetSchooled. Well it seems they were schooled in the ways of proper securing of customers data. LINK 930k individuals had the following information stolen: full addresses, schools, full student PII including student phone numbers […]
Evidence of Adobe Flash…
So Adobe Flash is officially dead now (or will be in a few days…I just know its not getting any more updates). The question is, how to ENSURE its gone. We both know, people will keep using it if its still there. Besides using automated tools to rip it off desktops, how can we be […]