One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 455992 |
| Date de publication | 2018-01-05 14:00:00 (vue: 2018-01-05 14:00:00) |
| Titre | Things I Hearted this Week 5th Jan 2018 |
| Texte |
The opening of movies sets the tone for the rest of the film. Within the first few minutes you usually get an idea of the characters, whether it's a slow suspense, a drama, or action flick.
If the first few days of 2018 are any indication, the IT Security world has kicked off with a dizzying Michael Bay-esque opening action sequence with rapid cuts that would rival any Edgar Wright montage.
So let's jump head first right into it.
Meltdown
Step aside Heartbleed, and forget all about WannaCry, there's a new duo of attacks in town, complete with logos, websites, and tales of doom.
Meltdown Attack, the website.
Google Project Zero blog
NCSC’s advice
Replace CPU hardware – legit advice.
Linus Torvald was not happy, and issued a strongly-worded statement
Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks | Bleeping Computer
Facebook and India’s controversial National ID Database
Facebook has clarified that it’s not asking new users in India for their Aadhaar information while signing up for a new Facebook account.
Aadhaar is India’s biometric ID system that links the demographic information of more than a billion Indians with their fingerprints and iris scans, and stores it in a centralized government-owned database that both government agencies and private companies can access to authenticate people’s identities. The program has been slammed by critics for enabling surveillance and violating privacy.
Facebook said this was a “small test” that the company ran with a limited number of Indian users, and that its goal was to help new users understand how to sign up to Facebook with their real names.
It sounds an awful lot like the “wallet inspector” in the school playground that would also then keep my money safe for me.
Facebook Just Clarified That It Is Not Collecting Data From India's Controversial National ID Database |Buzzfeed
Rs 500, 10 minutes, and you have access to billion Aadhaar details | The Tribune India
Trackmageddon
Two researchers have disclosed problems with hundreds of vulnerable GPS services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues including direct tracking. Further, many of the vulnerable services have open directories exposing logged data.
For some, the vulnerabilities discovered and disclosed by Vangelis Stykas (@evstykas) and Michael Gruhn (@0x6d696368) aren't new. They were disclosed during Kiwicon in 2015 by Lachlan Temple, who demonstrated flaws in a popular car tracking immobilization device.
|
| Envoyé | Oui |
| Condensat | “small “wallet 000 123456 2015 2018 247 250k 500 5th @0x6d696368 @evstykas aadhaar about access according account action admits advice affecting agencies alert algorithms all also android any anyone apis app appears are aren't aside asking attack attacks attempt authenticate awful bad based bay been begin billion biometric bleeping blog both brand breach breached but can car centralized characters clarified code codes collecting companies company complete compromise computer confirmed confirms controls controversial could course cpu critical critics cso cuts data database days deep demographic demonstrated department designed details detection device device's dhs different direct directories disclosed discovered dizzying doom download drama duo during edgar employees employees' enabling esque execution expectations exposing external facebook figure film fingerprints first flaws flick forever forget from further gathered get goal goes google got government gps gruhn guessing hack hackers happy hardware has have head heartbleed hearted help homeland how hundreds idea identities immobilization including india india's india for india’s indian indians indication information infosecurity inside inspector” investigation iris issued issues it's it’s its jan jump just keep kicked kiwicon lachlan lasted leak learning leave legit let's like limited links linus logged logos long lot low machine magazine major malware many meltdown method michael millions minutes money montage months more movies mozilla multitude names nanyang national ncsc’s new not ntu number off online only open opening opposed out over owned paired passwords people’s personal phone's pin playground popular poses posing potentially presence privacy private probably problems products program project put ran rapid real replace republic researchers rest resulting reveals right risk rival safe said scans school security sensor sensors sequence services sets seven should sign signing singapore six slammed slow smartphone smartphones some something sounds spectre statement steal step stores strongly stykas surveillance suspense system tales tech technology temple test” than that’s then there's thing things though three time times tone torvald town tracking trackmageddon tribune tries trivial two uber understand university unlock use used user's users using usually vangelis variant vector violating vulnerabilities vulnerable wannacry watch web website websites week when whether which who within worded world would wright wrong… your zdnet zero |buzzfeed |
| Tags | |
| Stories | Wannacry Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.