Security Leftovers

posted by Roy Schestowitz on Sep 20, 2022

• Security buzzwords to avoid and what to say instead | Opensource.com

  Technology is a little famous for coming up with "buzzwords." Other industries do it, too, of course. "Story-driven" and "rules light" tabletop games are a big thing right now, "deconstructed" burgers and burritos are a big deal in fine dining. The problem with buzzwords in tech, though, is that they potentially actually affect your life. When somebody calls an application "secure," to influence you to use their product, there's an implicit promise being made. "Secure" must mean that something's secure. It's safe for you to use and trust. The problem is, the word "secure" can actually refer to any number of things, and the tech industry often uses it as such a general term that it becomes meaningless.

  Because "secure" can mean both so much and so little, it's important to use the word "secure" carefully. In fact, it's often best not to use the word at all, and instead, just say what you actually mean.

• Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords

  Chrome's enhanced spellcheck & Edge's MS Editor are sending data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, to sites you're logging into from either of those browsers when the features are enabled. Furthermore, if you click on "show password," the enhanced spellcheck even sends your password, essentially Spell-Jacking your data.

• ChipWhisperer-Husky is a palm-sized power analysis and fault injection tool (Crowdfunding) - CNX Software

  NewAE Technology’s ChipWhisperer-Husky is a compact tool designed for side-channel power analysis and fault injection with features such as a high-speed logic analyzer used to visualize glitches, real-time data streaming for attacking asymmetric algorithms, and support for JTAG/SWD programming.

• Security updates for Tuesday [LWN.net]

  Security updates have been issued by Fedora (dokuwiki and rizin), SUSE (libcontainers-common, permissions, sqlite3, and wireshark), and Ubuntu (tiff, vim, and xen).

• How hashing and cryptography made the internet possible | Red Hat Developer

  A lot of technologies, business choices, and public policies gave us the internet we have today—a tremendous boost to the spread of education, culture, and commerce, despite its well-documented flaws. But few people credit two deeply buried technologies for making the internet possible: hashing and cryptography.

  If more people understood the role these technologies play, more money and expertise would go toward uncovering and repairing security flaws. For instance, we probably would have fixed the Heartbleed programming error much earlier and avoided widespread vulnerabilities in encrypted traffic.

  This article briefly explains where hashing and cryptography come from, how they accomplish what they do, and their indelible effect on the modern internet.