Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Home Routers Lack Basic Linux Security

More disconcerting news for router owners – a new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.

CITL (Cyber Independent Testing Laboratories) says it made this unexpected discovery after analysing firmware images from Asus, D-Link, Linksys, Netgear, Synology, TP-Link and Trendnet running versions of the Linux kernel on two microprocessor platforms, MIPS and ARM.

The missing security protections included Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and RELocation Read-Only (RELRO).  I would be interested in comparison with open-source router firmware options such as OpenWRT, DD-WRT and Turris OS (for Turris Omnia router).


China’s involvement in Marriott hack could raise trade tension with U.S., report says

Hackers with Chinese government ties are said to be behind the breach at Marriott’s Starwood hotel chain.


Remember the Browser Wars? Well They Ain’t Over Yet 

Do you remember the death of Netscape Navigator at the hands of Microsoft’s Internet Explorer back in the 1990’s?  Well the worm has turned.  Microsoft is replacing the new Edge browser with a Chromium-based browser at the next major operating system upgrade.  Edge (or whatever it will be called) will join Chrome, Opera, Vivaldi, Yandex, and Brave, as a Chromium based browser.  I guess if you want an alternative it will have to be Firefox or Apple’s Safari.


What Happened to Cyber 9/11?

A recent article in the Atlantic asks why we haven’t seen a “cyber 9/11” in the past fifteen or so years. (I, too, remember the increasingly frantic and fearful warnings of a “cyber Peal Harbor,” “cyber Katrina” — when that was a thing — or “cyber 9/11.”  Why haven’t there been any cyber-terrorism events?


Top 50 Worst Passwords of 2018

If you are using any of these, I can assure you there is a free password cracking list that will solve these in a few seconds.  These passwords are so bad, they aren’t even speed bumps.


Repair Shop Employees Steal Nude Pix

Ever broken your phone screen? Had your computer fritz? Ever taken a device to a repair shop? Ever been asked for your password when you hand it over? Ever wonder whether the shop workers lift the lid to rifle through your little treasure chest of personal data?  Anybody should think about that last one, but it goes double for women or girls, as recent news makes clear.


 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.