A quick Saturday digest of cybersecurity news articles from other sources.
Home Routers Lack Basic Linux Security
More disconcerting news for router owners – a new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.
CITL (Cyber Independent Testing Laboratories) says it made this unexpected discovery after analysing firmware images from Asus, D-Link, Linksys, Netgear, Synology, TP-Link and Trendnet running versions of the Linux kernel on two microprocessor platforms, MIPS and ARM.
The missing security protections included Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and RELocation Read-Only (RELRO). I would be interested in comparison with open-source router firmware options such as OpenWRT, DD-WRT and Turris OS (for Turris Omnia router).
China’s involvement in Marriott hack could raise trade tension with U.S., report says
Hackers with Chinese government ties are said to be behind the breach at Marriott’s Starwood hotel chain.
Remember the Browser Wars? Well They Ain’t Over Yet
Do you remember the death of Netscape Navigator at the hands of Microsoft’s Internet Explorer back in the 1990’s? Well the worm has turned. Microsoft is replacing the new Edge browser with a Chromium-based browser at the next major operating system upgrade. Edge (or whatever it will be called) will join Chrome, Opera, Vivaldi, Yandex, and Brave, as a Chromium based browser. I guess if you want an alternative it will have to be Firefox or Apple’s Safari.
What Happened to Cyber 9/11?
A recent article in the Atlantic asks why we haven’t seen a “cyber 9/11” in the past fifteen or so years. (I, too, remember the increasingly frantic and fearful warnings of a “cyber Peal Harbor,” “cyber Katrina” — when that was a thing — or “cyber 9/11.” Why haven’t there been any cyber-terrorism events?
Top 50 Worst Passwords of 2018
If you are using any of these, I can assure you there is a free password cracking list that will solve these in a few seconds. These passwords are so bad, they aren’t even speed bumps.
Repair Shop Employees Steal Nude Pix
Ever broken your phone screen? Had your computer fritz? Ever taken a device to a repair shop? Ever been asked for your password when you hand it over? Ever wonder whether the shop workers lift the lid to rifle through your little treasure chest of personal data? Anybody should think about that last one, but it goes double for women or girls, as recent news makes clear.
Share
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com