Security, Encryption, and More

posted by Roy Schestowitz on Mar 08, 2024

• MIT Technology Review ☛ How open source voting machines could boost trust in US elections

  These New Hampshire officials currently use AccuVote machines, which were made by a company that’s now part of Dominion Voting Systems. First introduced in 1989, they run on an operating system no longer supported by Microsoft, and some have suffered extreme malfunctions; in 2022, the same model of AccuVote partially melted during an especially warm summer election in Connecticut.

  Many towns in New Hampshire want to replace the AccuVote. But with what? Based on past history, the new machines would likely have to last decades — while also being secure enough to satisfy the state’s election skeptics. Outside the event, those skeptics held signs like “Ban Voting Machines.” Though they were relatively small in number that day, they’re part of a nationwide movement to eliminate voting technology and instead hand count every ballot — an option election administrators say is simply not feasible.

• The Register UK ☛ Securing open source software: Whose job is it, anyway?

  The US government and some of the largest open source foundations and package repositories have announced a series of initiatives intended to improve software supply-chain security, while also repeating calls for developers to increase support for such efforts.

  On the government side of things, this includes a voluntary threat intelligence sharing program between the Feds and open source software developers and operators, which the US Cybersecurity and Infrastructure Security Agency (CISA) will lead.

• The Register UK ☛ VMware urges emergency action to blunt hypervisor flaws

  The nastiest two – CVE-2024-22252 and 22253 – are rated 9.3/10 on VMware's Workstation and Fusion desktop hypervisors and 8.4 on the ESXi server hypervisor.

• Android Linux Wi-Fi Vulnerabilities: Protect Devices Today!

  Recent cybersecurity research has unveiled critical vulnerabilities in open-source Wi-Fi software, impacting a wide range of devices, including Android smartphones, Linux systems, and ChromeOS devices. These Android security vulnerabilities, if exploited, could enable attackers to deceive users into connecting to malicious networks or gain unauthorized network access without passwords. In this blog, we’ll explore the critical Android Linux Wi-Fi vulnerabilities, exploring their implications and offering essential tips to protect your devices.

• US News And World Report ☛ 2024-03-02 [Older] Germany Investigates Eavesdropping on Officers After Russian Media Play Recording

• Deutsche Welle ☛ 2024-03-07 [Older] Baerbock and Cameron to meet in Berlin after Russian leak

• Deutsche Welle ☛ 2024-03-06 [Older] Russian propaganda makes the most of German army call leak

• CBC ☛ 2024-03-05 [Older] A German officer used an unsecured line for a military call. Russian hackers leaked it

• US News And World Report ☛ 2024-03-04 [Older] A Look at Taurus Missiles, the Weapon at the Heart of a Leaked Audio and Russian-German Tensions

• US News And World Report ☛ 2024-03-03 [Older] Germany Accuses Russia of 'Information War' After Military Recording

• Deutsche Welle ☛ 2024-03-03 [Older] Germany accuses Russia of 'information war' after spy leak

• Deutsche Welle ☛ 2024-03-06 [Older] Russia's spy leak reveals military communications risk

• The Local SE ☛ 2024-03-05 [Older] Pro-Russian hackers claim responsibility for cyber attack on Swedish privacy agency

• US News And World Report ☛ 2024-03-05 [Older] Russian Spy Chief Calls Macron's Comments About NATO Soldiers in Ukraine Dangerous

• Confidentiality

  • EFF ☛ Should Caddy and Traefik Replace Certbot?

    We started development on Certbot in the mid-2010s with the goal of making it as easy as possible for website operators to offer HTTPS. To accomplish this, we made Certbot interact the best we could with existing web servers like Apache and Nginx without requiring any changes on their end. Unfortunately, this approach of using an external tool to provide functionality beyond what the server was originally designed for presents several challenges. With the help of open source libraries and hundreds of contributors from around the world, we designed Certbot to try to reparse Apache and Nginx configuration files and modify them as needed to set up HTTPS. Certbot interacted with these web servers using the same command line tools as a human user, and then waiting an estimated period of time until the server had (probably) finished doing what we asked it to. 

    All of this worked remarkably well. Today, Certbot is used to maintain HTTPS for over 30 million domain names and it continues to be one of the most popular ways for people to interact with Let’s Encrypt, a free certificate authority, which has been hugely successful by many metrics. Despite this, the ease of enabling HTTPS remains hindered by the need for people to run Certbot in addition to their web server. 

    That's where software like Caddy and Traefik are different. They are designed with easy HTTPS automation in mind. Caddy even enables HTTPS by default. They both implement the ACME protocol internally, allowing them to integrate with services like Let’s Encrypt to automate regularly obtaining the certificates needed to offer HTTPS. Since this support is built into the server, it completely avoids problems that Certbot sometimes has as an external tool, such as not parsing configuration files in the same way that the software it's trying to configure did. Most importantly, there's less effort required for a website operator to turn on HTTPS, further lowering the barrier to entry, making the internet more secure for everyone. 

• Integrity/Availability/Authenticity

  • Mandiant ☛ Delving into Dalvik: A Look Into DEX Files

    During the analysis of a banking trojan sample targeting Android smartphones, Mandiant identified the repeated use of a string obfuscation mechanism throughout the application code. To fully analyze and understand the application's functionality, one possibility is to manually decode the strings in each obfuscated method encountered, which can be a time-consuming and repetitive process.

    Another possibility is to use paid tools such as JEB decompiler that allow quick identification and patching of code in Android applications, but we found that the ability to do the same with free static analysis tools is limited. We therefore explored the possibility of finding and modifying the obfuscated methods by inspecting the Dalvik bytecode.

• Windows TCO

  • The Register UK ☛ Ransomware halts production at Belgian beer brewery Duvel

    Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage.

    Spokesperson Ellen Aarts had a statement on tap for local media on Wednesday: "At 0130 last night, the alarms went off in Duvel's IT department because ransomware had been detected. Production was therefore immediately stopped. It is not yet known when it could start again. We hope today or tomorrow.

  • NL Times ☛ Thousands of Dutch passports stolen in ransomware attacks available on dark web

    The documents were stolen in ransomware attacks on Dutch companies. Ransomware is a type of malware that encrypts the data on infected computers. Victims have to pay a ransom to get their data back. If the company refuses to pay the ransom, the criminals publish the stolen data.

  • Axios ☛ Change cyberattack spawns threat of patient lawsuits

    Driving the news: Gibbs Law Group is thought to be the first to test the waters, by seeking out patients who were forced to pay out of pocket for prescriptions or delay their refills.

  • Le Monde ☛ The Swedish peninsula is caught under a wave of ransomware attacks

    Initially, Bjuv thought it had avoided the worst: "We had to reinstall several hundred computers and bolster security measures, but we were able to rely on document backups that had been encrypted, and by Monday everything was back and running," said Alexandersson. Except that, on February 26, a message from Akira appeared on the dark web: Unless the municipality paid a ransom, the hackers threatened to publish 200 gigabytes of "confidential documents, contracts, agreements, and personnel files." Since then, Bjuv has been holding its breath.