Security Leftovers and Proprietary Burden
- 
            Alan Pope: A virus for the BBC MicroAbout a year ago, I left a comment on a Nostalgia Nerd video about Viruses. It’s a good video, worth a watch, like most of their content. Here’s my silly comment. 
- 
            FBI, Federal Judge Agree Fighting Botnets Means Allowing The FBI To Remotely Install Software On People’s ComputersThe ends aren’t always supposed to justify the means. And a federal agency that already raised the hackles of defense lawyers around the nation during a CSAM investigation probably shouldn’t be in this much of hurry to start sending out unsolicited software to unknowing recipients. 
- 
            MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down SystemsThe incident began sometime on Sunday and affected hotel reservation systems throughout the United States and other IT systems that run the casino floors. 
- 
            Save the Children feared hit by ransomware, 7TB stolenBianLian added that its victim, "the world's leading nonprofit," operates in 116 countries with $2.8 billion in revenues. The extortionists claim to have stolen 6.8TB of data, which they say includes international HR files, personal data, and more than 800GB of financial records. They claim to also have email messages as well as medical and health data. 
- 
            Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities MatterWindows arbitrary file deletion vulnerabilities should no longer be considered mere annoyances or tools for Denial-of-Service (DoS) attacks. Over the past couple of years, these vulnerabilities have matured into potent threats capable of unearthing a portal to full system compromise. This transformation is exemplified in CVE-2023-27470 (an arbitrary file deletion vulnerability in N-Able’s Take Control Agent with a CVSS Base Score of 8.8) demonstrating that what might initially seem innocuous can, in fact, expose unexpected weaknesses within your system. 
- 
            Exploring the impact of PQC on Cryptography Key ManagementSofía shares a short presentation on Post-Quantum Cryptography's (PQC) development. PQC is special and different in how it uses complex problems with no efficient quantum solution to satisfy security goals. The panel commences on several topics and a few prompts from the audience. The competition should provide multiple solutions for exchanging keys and digital signatures so that when one solution is no longer secure, applications can change to another. The largest concern is how the performance characteristics will affect applications that need key exchange and digital signatures. Google will be testing key exchange at scale, but there is a gap for digital signatures. Cryptographic agility gets redefined with an emphasis on updating applications and hard to reach hardware like TPMs and satellites. This talk summary is part of my DEF CON 31 series. The talks this year have sufficient depth to be shared independently and are separated for easier consumption. 
- 
            Taxpayer information is potentially at risk due to IRS oversight weaknesses, watchdog saysThe review found other weaknesses, specifically those involving information systems, contractor oversight, information sharing, etc. The report also said that the IRS does not employ overall oversight efforts related to unauthorized access of contractors, even though multiple IRS offices oversee said contractors. 
- 
            Security of Taxpayer Information: IRS Needs to Address Critical Safeguard Weaknesses: GAO-23-105395In this review, we found weaknesses in training, information systems, contractor oversight, information-sharing, and more. Of the related recommendations we've made since 2010, 77 haven't been implemented as of March 2023. We're also making 16 new recommendations, including one for Congress to consider.