polonus
5561
Hi bob3160,
Not good for your US consumers, not good for your US businesses.
Opens up a box of Pandora of mischief, that will go on unnoticed until found out years later.
Those that start to throttle will be out of business sooner or later, that is predictable.
I wish you all good luck with it.
“When you in the States are feeling the rain, in Europe it starts to drip. ;D”.
Damian
polonus
5562
polonus
5563
NSA more than likely compromised encryption for surveillance targeting:
Read how hard it is to detect mathematical backdoors and much easier to inject these into export standards:
https://www.theregister.co.uk/2017/12/15/crypto_mathematical_backdoors/
This may come as shocking news for many after the “controlled” revelations by Snowden and Assange.
Read: https://www.theregister.co.uk/2013/09/23/rsa_crypto_warning/
and is blockchain as security chain coming to the rescue:
https://www.packtpub.com/big-data-and-business-intelligence/mastering-blockchain
The infrastructure is broken, trust is a thing of the past, we have landed in the middle of an insecure Interwebs swamp,
somehow.
Big Guv Surveillance sp**ks, we thank you for doing that to the global Internet community over the years.
We owe you, we really do :
polonus
ehmen
5564
DavidR
5565
Also see - https://forum.avast.com/index.php?topic=210852.msg1436360#msg1436360, why bother with just http as https isn’t guaranteed safe.
polonus
5566
Hi DavidR & ehmen,
The reason for the https everywhere campaign by google and also now firefox could be that loads and loads of folks have insecure wifi access points to go onto connections out, and in that way could have a HTTP-drive-by-download injection launched against them quite easily. Read background: https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns
But do not take it for granted you are safe for big guv surveillance on https: "“There’s now a thriving outsourced surveillance industry and they are there to meet the needs and wants of countries from around the world, including those who are more – and less – respectful to human rights.”
polonus
DavidR
5567
Then be ready for sites that whilst using https to also get stung (insecure) if all of that content isn’t https, the avast forums for instances. Some images, coming from http links, whilst this shouldn’t be an issue for attached images as these are held within the forums https content.
So you could end up with one page being just fine and another getting pinged as insecure, this is likely to confuse users.
polonus
5568
Hi DavidR,
The green padlock story, also is confusing to Joe and Jill Common from the average user base.
As long as there is mixed content while phasing out http,
and that is apparently what the big players want,
this will create a lot of confusion during the process.
If you want to change all that, do a good job of it and not half-heartedly,
like with all things on the Interwebs has been the case frequently.
Https and secure log-in and security headers implemented, no vulnerable nameservers anymore,
no more hosters that are in for the cheap money and less for security.
We have been in a patching full time circle from the start,
and what has this brought us from the turn of the century?
An infrastructure that looks more like a bandaged stuffed mummy full of plasters…
polonus
DavidR
5569
That’s the problem, the end user can do nothing about these issues, they just get the ‘insecurity’ flag flash up and worry there is something seriously wrong.
Whilst you can expand the information, it isn’t detailed enough for the average user, when the language used is ‘For instances images.’
polonus
5570
Another big scale brute force attack on Word Press sites going on.
In the past never that much of a success, but we still wanna warn against it:
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
pol
bob3160
5571
I just approached Screencast-O-Matic since the screenshots are uploaded to an http site. My question was about changing to a secure server so that the pictures don’t wind up being tagged as insecure.
bob3160
5572
I just received a reply:
Hello,
When you navigate to an uploaded screenshot link, it should redirect to https. We’ll update the Recorder soon so that the link created in the clipboard is https as well.
-Sam
It certainly didn’t take long.
polonus
5573
300.000 Word Press sites vulnerable through holed Captcha Plug-in:
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
polonus
polonus
5574
The involved botnet in these brute force attacks tries to install a cryptominer onto Word Press servers:
https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpress/
“Bitcoin the only coin whithout any social function”
polonus (volunteer website security analyst and website error-hunter)
polonus
5575
Another 123 million American user data-breach from an Amazon S-3-Bucket.
Re: https://www.upguard.com/breaches/cloud-leak-alteryx
S-3-Buckets should be secure unless you configure them improperly.
It was not publicly available, building an AWS account to get access to a misconfigured Amazon-S-3-Bucket was easy-peasy
and made this big data-breach possible. The data mean solid gold for both identity thieves, spammers and black hat marketeers alike.
polonus
polonus
5576
Rolling out Ubuntu 17.10 was halted, because it was corrupting the Lenovo computer bios.
Read: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734147
Someone created a non-tested bug in a production release.
All ubuntu flaws, also mint, privacy technically have leaks & backdoors.
Related info on that bug:
https://www.howtogeek.com/226308/the-windows-platform-binary-table-why-crapware-can-come-back-after-a-clean-install/
polonus (volunteer website security analyst and website error-hunter)
polonus
5577
Pondus
5579
Pondus
5580
