Aaaaand more security concerns with #Zoom.
Some encryption with a hard coded passphrase, crash reports potentially sending screen captures to Zoom, and a bunch of outdated libraries with known vulnerabilities:
Please someone (who knows about #infoSec more than I do) update the Wikipedia page.
Phishing is still the preferred attack vector for attackers, and it's done on a massive, automated scale.
That's the topic for today's One Time Pad which is public on Mon, Wed, and Friday. Free subscribers get the OTP every day.
#Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking - ProPublica
"The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct."
After banning working cryptography and raiding whistleblowers, Australia's spies ban speakers from national infosec conference http://feeds.boingboing.net/~r/boingboing/iBag/~3/cQVLeLSRupo/political-officers.html #boingboing #acsc #aisa #auspol #censorcon #censorship #crypto_wars #disgraceful #infosec #schneier #whistleblowers
VeraCrypt 1.24 available:
– The maximum length of passwords is 128 bytes in UTF-8 encoding for non-system volumes now (previously limited to 64 bytes).
– Many new features are for Windows only, e.g. optional RAM encryption of keys/passwords (using ChaCha12), or erasing encryption keys from memory to prevent cold boot attacks.
New York's WBAI Pacifica Radio affiliate has shut down, orphaning 2600's Off the Hook, the Hour of the Wolf, and many other beloved mainstays http://feeds.boingboing.net/~r/boingboing/iBag/~3/KSZ_ubmIreg/sorely-missed.html #boingboing #2600 #happy_mutants #infosec #new_york_city #pacifica #radio #science_fiction #wbai
"There *was* a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up."
Researchers think that adversarial examples could help us maintain privacy from machine learning systems http://feeds.boingboing.net/~r/boingboing/iBag/~3/E3m1g6dronI/mockingbird-and-attriguard.html #boingboing #adversarial_examples #anonymity #cat_and_mouse_games #computer_science #infosec #machine_learning #security
So the Comodo forum was breached due to the vBulletin vulnerability that goes around recently.
They started their statement with:
“At Comodo we take security very seriously and it is our highest priority.”
I imagine the conversation like this: "We screwed up, …" *lawyer checks the text* "We can't write this, we would make us liable in some way for this problem"
Why does our legal system (create the illusion to) punish those who tell the truth?