Security Leftovers
-
How malicious extensions hide running arbitrary code
Two days ago I wrote about the malicious extensions I discovered in Chrome Web Store. At some point this article got noticed by Avast. Once their team confirmed my findings, Google finally reacted and started removing these extensions. Out of the 34 extensions I reported, only 8 extensions remain. These eight were all part of an update where I added 16 extensions to my list, an update that came too late for Avast to notice.
-
Security advisory: Qt Network
A recent buffer overflow issue in Qt Network has been reported and has been assigned the CVE id CVE-2023-33285.
-
Matt Brown: Calling time on DNSSEC: The costs exceed the benefits
I’m calling time on DNSSEC. Last week, prompted by a change in my DNS hosting setup, I began removing it from the few personal zones I had signed. Then this Monday the .nz ccTLD experienced a multi-day availability incident triggered by the annual DNSSEC key rotation process. This incident broke several of my unsigned zones, which led me to say very unkind things about DNSSEC on Mastodon and now I feel compelled to more completely explain my thinking: [...]
-
Growing hacking threat to satellite systems compels global push to secure outer space
An international group of experts are working to build the next generation of secure-by-design space systems.
-
After 28 years, SSLv2 is still not gone from the internet... but we're getting there, (Thu, Jun 1st)
Although the SSL/TLS suite of protocols has been instrumental in making secure communication over computer networks into the (relatively) straightforward affair it is today, the beginnings of these protocols were far from ideal.
-
Gigabyte Rolls Out Firmware Update to Mend Firmware Backdoor
New firmware to mitigate the recently discovered backdoor in over 250 Gigabyte AMD and Intel motherboard models is now available for download.
-
A Confession Exposes India’s Secret Hacking Industry
The country has developed a lucrative speciality: cyberattacks for hire.