Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (ffmpeg, ghostscript, libsepol, openjdk-11, openjdk-17, perl, and python-sql), Oracle (389-ds-base, buildah, containernetworking-plugins, edk2, httpd, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, python-setuptools, skopeo, and webkit2gtk3), Red Hat (buildah), Slackware (openssl), SUSE (apache2, firefox, libopenssl-3-devel, podman, and python310-starlette), and Ubuntu (cups-browsed, firefox, libgsf, and linux-gke).
-
Windows TCO
-
Scoop News Group ☛ SEC hits four companies with fines for misleading disclosures around SolarWinds hack
As part of the agreement, the companies have agreed to pay fines without acknowledging wrongdoing. Unisys will pay $4 million, Avaya $1 million, Check Point $995,000 and Mimecast $990,000.
-
The Record ☛ Four cyber companies fined for SolarWinds disclosure failures
The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result of a years-long investigation into public companies potentially impacted by the compromise of SolarWinds’ Orion software and by other related activity.
-
-
Confidentiality
-
Bruce Schneier ☛ No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer - Schneier on Security
No, it’s not true.
This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn’t bad but was taken widely out of proportion.
-
Forbes ☛ Debunking Hype: China Hasn't Broken Military Encryption With Quantum
While advancements have indeed been made, the progress represents incremental steps rather than a paradigm-shifting breakthrough that renders current cryptographic systems obsolete.
“This kind of overstatement does more harm than good,” Dr. Garcell said. “Misrepresenting current capabilities as 'breaking military-grade encryption' is not just inaccurate—it's potentially damaging to the field's credibility."
-