Security Leftovers
-
Security updates for Monday [LWN.net]
Security updates have been issued by Debian (chromium, commons-configuration2, graphicsmagick, heimdal, inetutils, ini4j, jackson-databind, and varnish), Fedora (drupal7-i18n, grub2, kubernetes, and python-slixmpp), Mageia (botan, golang, kernel, kernel-linus, radare2/rizin, and xterm), Red Hat (krb5, varnish, and varnish:6), SUSE (busybox, chromium, erlang, exiv2, firefox, freerdp, ganglia-web, java-1_8_0-openj9, nodejs12, nodejs14, opera, pixman, python3, sudo, tiff, and xen), and Ubuntu (libice and shadow).
-
Computer Repair Technicians Are Stealing Your Data - Schneier on Security
A few notes. One: this is a very small study—only twelve laptop repairs. Two, some of the results were inconclusive, which indicated—but did not prove—log tampering by the technicians. Three, this study was done in Canada. There would probably be more snooping by American repair technicians.
The moral isn’t a good one: if you bring your laptop in to be repaired, you should expect the technician to snoop through your hard drive, taking what they want.
-
Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica
If you’ve ever worried about the privacy of your sensitive data when seeking a computer or phone repair, a new study suggests you have good reason. It found that privacy violations occurred at least 50 percent of the time, not surprisingly with female customers bearing the brunt.
Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device. Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information.
[...]
Half of the laptops were configured to appear as if they belonged to a male and the other half to a female. All of the laptops were set up with email and gaming accounts and populated with browser history across several weeks. The researchers added documents, both sexually revealing and non-sexual pictures, and a cryptocurrency wallet with credentials.
-
An Enterprise’s Guide To Strengthening Linux Cloud Security
Technology, in many ways, has changed the way people do business. Modern society is highly digitalized, thanks to technological advancements in the Internet of Things (IoT).
Along with it, cloud computing has garnered much attention, too. More and more cloud-based solutions emerge on the market; in fact, businesses worldwide are looking to or have already invested in cloud-based storage solutions.
Cloud storage is an effective way of streamlining a business’s operations. It’s also relatively secure in some respects. However, this doesn’t mean that cloud systems are infallible. Their exposure to the IoT and the Internet makes them vulnerable to cyberattacks, which are reported to have drastically increased recently. So, businesses need to bolster their cloud security. Fortunately, this is something with which cybersecurity experts can help you.
Data is now a major asset for most companies. Therefore, some companies can’t afford to have a data breach at any point. This is especially true for any company that handles a lot of personal customer information. That said, here’s a guide on how businesses can strengthen their cloud and data security.