Security Leftovers
-
Internet Wide Scan Fingerprinting Confluence Servers, (Wed, Feb 22nd)
-
A Device to Turn Traffic Lights Green
-
The 5×5—Strengthening the cyber workforce
Experts provide insights into ways for the United States and its allies to bolster their cyber workforces.
-
Why You Should Listen to Twitter on Two-Factor Authentication
Elon Musk was right: Text messages are not the most secure way to protect your account.
-
Cyberwar Lessons from the War in Ukraine
The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense Assistance Imperative Lessons from Ukraine.”
-
Russian national accused of developing, selling malware appears in U.S. court [iophk: Windows TCO]
Pankov stands accused of developing NLBrute — also known as nl.exe or nlbrute.exe — and advertising it for sale on an underground forum as early as June 2016, according to an indictment unsealed this week. During that time he also sold more than 35,000 compromised login credentials for access to systems around the world, including in the United States, France, the United Kingdom, Italy and Australia. At least two of those sales were to undercover U.S. law enforcement officers, according to the indictment, and involved login credentials for two separate Florida-based law firms.
-
How Microsoft Became Phishing's Biggest Enabler
It might sound strange to hear that Microsoft, a company who goes to great lengths to protect computers and networks, is one of the biggest contributors to phishing and fraud on the planet. It's true unfortunately.
They aren't actually committing the acts themselves of course, but they are enabling the problem by withdrawing support for standards designed to help stop it. Here's why this is such a big deal.
-
The Cyber Defense Assistance Imperative – Lessons from Ukraine [iophk: Windows TCO]
Informed by the ongoing work of a variety of organizations providing operational cyber support to Ukrainian institutions through the Cyber Defense Assistance Collaborative, this paper seeks to define cyber defense assistance, outline its primary component parts, and identify key lessons learned that can help inform how such assistance can be provided in future geopolitical conflicts. It also makes the case that an effective national security toolkit requires the ability to deliver cyber defense assistance to allies.
-
The web single sign on versus availability problem
A SSO system is very convenient when it works, but if and when it's down for some reason, it's a single point that prevents you from using anything else (unless you happen to be lucky). Many of the staff things that we could protect with SSO are in fact exactly the things we most want to be available when the rest of our systems are falling over; for example, it would be pretty bad if our metrics system's dashboards weren't accessible during an outage. Grafana Loki? Our searchable archive of our worklogs? All things that we really, really want to have access to if at all possible, and that need access restrictions.
-
How I Broke Into a Bank Account With an AI-Generated Voice
Banks in the U.S. and Europe tout voice ID as a secure way to log into your account. I proved it's possible to trick such systems with free or cheap AI-generated voices.