Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Home Routers Lack Basic Linux Security

More disconcerting news for router owners – a new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.

CITL (Cyber Independent Testing Laboratories) says it made this unexpected discovery after analysing firmware images from Asus, D-Link, Linksys, Netgear, Synology, TP-Link and Trendnet running versions of the Linux kernel on two microprocessor platforms, MIPS and ARM.

The missing security protections included Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and RELocation Read-Only (RELRO).  I would be interested in comparison with open-source router firmware options such as OpenWRT, DD-WRT and Turris OS (for Turris Omnia router).


China’s involvement in Marriott hack could raise trade tension with U.S., report says

Hackers with Chinese government ties are said to be behind the breach at Marriott’s Starwood hotel chain.


Remember the Browser Wars? Well They Ain’t Over Yet 

Do you remember the death of Netscape Navigator at the hands of Microsoft’s Internet Explorer back in the 1990’s?  Well the worm has turned.  Microsoft is replacing the new Edge browser with a Chromium-based browser at the next major operating system upgrade.  Edge (or whatever it will be called) will join Chrome, Opera, Vivaldi, Yandex, and Brave, as a Chromium based browser.  I guess if you want an alternative it will have to be Firefox or Apple’s Safari.


What Happened to Cyber 9/11?

A recent article in the Atlantic asks why we haven’t seen a “cyber 9/11” in the past fifteen or so years. (I, too, remember the increasingly frantic and fearful warnings of a “cyber Peal Harbor,” “cyber Katrina” — when that was a thing — or “cyber 9/11.”  Why haven’t there been any cyber-terrorism events?


Top 50 Worst Passwords of 2018

If you are using any of these, I can assure you there is a free password cracking list that will solve these in a few seconds.  These passwords are so bad, they aren’t even speed bumps.


Repair Shop Employees Steal Nude Pix

Ever broken your phone screen? Had your computer fritz? Ever taken a device to a repair shop? Ever been asked for your password when you hand it over? Ever wonder whether the shop workers lift the lid to rifle through your little treasure chest of personal data?  Anybody should think about that last one, but it goes double for women or girls, as recent news makes clear.


 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.