Vulnerabilities

FGD135 · December 23, 2019, 4:43pm

RickMycroft · January 2, 2020, 2:02am

Don’t you hate when you leave the keys in the ignition?

Gyrofrog · January 2, 2020, 6:18pm

IIRC that was a while back. Or, they’ve had another one?

BakaNeko · January 2, 2020, 7:43pm

RickMycroft · January 3, 2020, 5:54pm

Time’s up! That’s all they wrote. Once that final patch comes out the pipe, zero-day exploits will be forever-day exploits. I’ve already moved the links for python and pip to 3. Next, I’ll see if anything I need still uses 2, and purge it anyway. (One less set of libraries to update!)

eta: Mopidy was using 2.7, but they very recently changed to 3. Updated that. Some of the plug-ins haven’t been updated yet.

FGD135 · January 4, 2020, 8:23am

Snakes on a wane: Python 2 development is finally frozen in time, version 3 slithers on

The Register - come for the info, stay for the headlines.

dorgar · January 7, 2020, 1:45am

Slightly off topic:

RickMycroft · January 11, 2020, 11:54pm

Make sure your Firefox is up to date: 72.0.1.

FGD135 · January 12, 2020, 12:47am

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why?

RickMycroft · January 15, 2020, 1:42am

Malware finally does what it’s always been blamed for.

Skeptic · January 15, 2020, 2:38am

Ha, that sounds like the kind of malware people would download deliberately after posting something unforgivably offensive gets them in trouble.

“See, it was the malware!!! I told you!!!”

GoatCheezInfrno · January 15, 2020, 12:43pm

Or autocorrect, for that matter.

FGD135 · January 17, 2020, 11:28pm

‘Friendly’ hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind

ficuswhisperer · January 21, 2020, 10:29pm

FGD135 · February 9, 2020, 2:08pm

LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer… slowly

FGD135 · February 12, 2020, 10:02pm

Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks

NoThisIsPatrick · February 13, 2020, 4:11am

We’ll let you know if Digicert, which now owns the outfit that signed the driver for Gigabyte, has any comment or has revoked the software’s digital certificate to prevent it from running.

Certainly worth checking back with this one later. … nice find.

FGD135 · February 19, 2020, 10:24pm

Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners

FGD135 · February 20, 2020, 10:33am

When the air gap is the space between the ears: A natural gas plant let ransomware spread from office IT to ops

I am so stealing the first bit of that headline for future use.

RickMycroft · February 26, 2020, 5:34pm

Ruh Roh!

According to ESET, Kr00k affects all WiFi-capable devices running on Broadcom and Cypress Wi-Fi chips. These are two of the world’s most popular WiFi chipsets, and they are included in almost everything, from laptops to smartphones, and from access points to smart speakers and other IoT devices.

ESET researchers said they personally tested and confirmed that Kr00k impacts devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), but also access points from Asus and Huawei.

In a press release today, ESET said it believes that more than a billion devices are vulnerable to Kr00k, and they consider this number “a conservative estimate.”

Topic		Replies	Views
Lavabit Redux? links	5	1009	February 18, 2017
UK Snooper's Charter "would put an invisible landmine under every security researcher" boing	3	1115	November 16, 2015
Vulnerability in recorders used by 70+ CCTV systems has been known since 2014 boing	13	1698	March 29, 2016
Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network boing	19	2509	March 5, 2016
UK schools' "anti-radicalisation" software lets hackers spy on kids boing	11	2073	July 21, 2015