Tuesday, January 30, 2018

‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown - Bloomberg

‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown - Bloomberg: "like Prescher more than a year later, the Graz team was skeptical this was a real flaw. Gruss recalls telling Fogh that the chipmakers would have uncovered such a glaring security hole during testing and would never have shipped chips with a vulnerability like that.



"Despite Fogh’s encouragement, the Graz researchers still didn’t think attacks would ever work in practice. "That would be such a major f*ck-up by Intel that it can’t be possible," Schwarz recalled saying. So the team didn’t dedicate much time to it."



'via Blog this'

How the industry-breaking Spectre bug stayed secret for seven months - The Verge

How the industry-breaking Spectre bug stayed secret for seven months - The Verge: "“In the ‘90s we used to think one-vulnerability, one-vendor, and that was the majority of the vulnerabilities you saw. Now, almost everything has some multi-party coordination element.” says Moussouris. “This is just what multi-party disclosure looks like.”"



'via Blog this'

How the industry-breaking Spectre bug stayed secret for seven months - The Verge

How the industry-breaking Spectre bug stayed secret for seven months - The Verge: "(Fogh said it was clear from the beginning that any workable bug would be disastrous. “When you start looking into something like this, you know already that it’s really bad if you succeed,” he told me. After the Meltdown and Spectre releases and the ensuing chaos, Fogh has decided not to publish any of his further research on the topic.)"



'via Blog this'

How the Meltdown Vulnerability Fix Was Invented - IEEE Spectrum

How the Meltdown Vulnerability Fix Was Invented - IEEE Spectrum: "And here, thanks to the gang at Graz is Meltdown in action:"



'via Blog this'

Interactive map shows which San Diego areas have the worst air quality

Interactive map shows which San Diego areas have the worst air quality

http://www.sandiegouniontribune.com/news/data-watch/sd-me-ozone-map-20180130-story.html

Thursday, January 25, 2018

Key Changes with the General Data Protection Regulation

Key Changes with the General Data Protection Regulation: "Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement."

'via Blog this'

How Hedge Funds (Secretly) Get Their Way in Washington - Bloomberg

Meltdown & Spectre: Computing's 'Unsafe at Any ...

B&O speakers

Forgot to mention this  - some of the guys at work are saying the speakers are very good - so I googled them. They cost $160! So yes, they should be good!

Tuesday, January 23, 2018

PayPal to Pay $7.7 Million to U.S. Over Alleged Sanctions Violations - WSJ

PayPal to Pay $7.7 Million to U.S. Over Alleged Sanctions Violations - WSJ: The U.S. Treasury Department disclosed on Wednesday a $7.7 million settlement with eBay Inc. EBAY 0.48% unit PayPal Inc. over alleged sanctions violations by the electronic payments company.

Cybersecurity | Homeland Security

Cybersecurity | Homeland Security: On January 5, 2017, the U.S. Department of Commerce and the U.S. Department of Homeland Security released a draft report to President Trump in response to the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure issued on May 11, 2017.

The Unfalsifiability of Security Claims - Microsoft Research

The Unfalsifiability of Security Claims - Microsoft Research: "when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions"



'via Blog this'

Privacy Rules for Uber | HuffPost

Privacy Rules for Uber | HuffPost: "But the recent outcry over privacy, news of the “God View,” and the threats to journalists reveal a problem that will not solve itself: There should be privacy law to regulate Uber and other companies in the ride-sharing industry." 2014



'via Blog this'

Monday, January 22, 2018

Android Malware in gaming apps on Play Store downloaded 4 million times

Android Malware in gaming apps on Play Store downloaded 4 million times

https://www.hackread.com/android-malware-in-gaming-apps-on-play-store/

Too much business travel can lead to depression, anxiety and trouble sleeping, study says - LA Times

Too much business travel can lead to depression, anxiety and trouble sleeping, study says - LA Times

http://www.latimes.com/business/la-fi-travel-briefcase-health-study-20180113-story.html

Echoes of History: Understanding German Data Protection | Bertelsmann Foundation

Echoes of History: Understanding German Data Protection | Bertelsmann Foundation

http://www.bfna.org/research/echos-of-history-understanding-german-data-protection/

GDPR, Part I: History Of European Data Protection Law - Data Protection - Worldwide

GDPR, Part I: History Of European Data Protection Law - Data Protection - Worldwide

http://www.mondaq.com/unitedstates/x/643052/data+protection/GDPR+Part+I+History+of+European+Data+Protection+Law

Call For Papers – 12th international CARO Workshop

Call For Papers – 12th international CARO Workshop: The 12th International CARO Workshop will be held on�the 23rd and 24th of May 2018 in Portland, OR, USA (*). The main theme of the workshop will be:

WANNA SHARE…? No? Privacy data is not for sharing either…

Hacker Infects Gas Pumps with Code to Cheat Customers | Threatpost | The first stop for security news

Hacker Infects Gas Pumps with Code to Cheat Customers | Threatpost | The first stop for security news

https://threatpost.com/hacker-infects-gas-pumps-with-code-to-cheat-customers/129599/

Sunday, January 21, 2018

The Truth About The Deloitte Security Breach

The Truth About The Deloitte Security Breach 

"A single administrator account with access to the Azure implementation was guarded only by a username and password, without any two-factor-authentication(2FA). Attackers stole this administrator's credentials and used them to leverage access to the entire email system."

https://blog.safe-t.com/truth-about-deloitte-security-breach

Saturday, January 20, 2018

10 Insanely Good Reasons You Should Publish On Medium | WordStream

10 Insanely Good Reasons You Should Publish On Medium | WordStream: "However, publishers are still finding and adding new contributors to their sites. How? By scouting for popular authors on Medium."



'via Blog this'

You can now unlock your iPhone 5S for free — Quartz

You can now unlock your iPhone 5S for free — Quartz: "As long as the AT&T locked iPhone hasn’t been reported stolen, hasn’t been “associated with fraudulent activity,” and isn’t currently active on a different AT&T customer’s account you can unlock the phones through its website here."

Someone is touting a mobile, PC spyware platform called Dark Caracal to governments • The Register

Someone is touting a mobile, PC spyware platform called Dark Caracal to governments • The Register: "The EFF and Lookout are trying to find out who exactly is running and using the Dark Caracal network. An update is expected in the summer, once attribution can be made with some certainty"



'via Blog this'

Tuesday, January 16, 2018

The Problems with Seeking and Avoiding True Attribution to Cyber Attacks – Robert M. Lee

The Problems with Seeking and Avoiding True Attribution to Cyber Attacks – Robert M. Lee: Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns.

DROWN Attack

DROWN Attack: DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

MIT And BU Researchers Uncover Critical Security Flaw In $2B Cryptocurrency IOTA

MIT And BU Researchers Uncover Critical Security Flaw In $2B Cryptocurrency IOTA: IOTA, a�$2 billion cryptocurrency that�supports Internet of things (IoT) transactions, was�shown to have “serious weaknesses” according to a report�recently released by researchers at MIT and Boston University

Juniper Firmware: New Crypto Flaw Found - BankInfoSecurity

Juniper Firmware: New Crypto Flaw Found - BankInfoSecurity: Eight years after a crypto backdoor was added to the ScreenOS firmware that runs Juniper Networks' NetScreen firewalls, among other devices, the U.S. networking giant has promised to eliminate the vulnerability and moved to reassure customers that its products are now safe to use (see Juniper Devices Are Under Attack).

50 Amazing Internet Security Blogs You Should Be Following [Updated]

50 Amazing Internet Security Blogs You Should Be Following [Updated]: If you are concerned about your online security (and you should), it’s essential to know which are the best cyber security blogs that could help you stay informed about the most recent trends in the threat landscape.



Now 69!

Friday, January 12, 2018

Intel Unveils 'Breakthrough' Quantum Computer - ExtremeTech

Criminologists Are Asking Jeff Sessions To Release FBI Crime Data | FiveThirtyEight

Criminologists Are Asking Jeff Sessions To Release FBI Crime Data | FiveThirtyEight

https://fivethirtyeight.com/features/criminologists-are-asking-jeff-sessions-to-release-fbi-crime-data/

AFRL/RIK Division and Branch Offices > Wright-Patterson Air Force Base > Display

AFRL/RIK Division and Branch Offices > Wright-Patterson Air Force Base > Display:



"AFRL/RIKD - Information Grid and Systems Contracting Branch

Mission Statement
The R&D Contracts Branch reviews adequacy of assigned purchase request packages for contract action. Assists engineering personnel in finalizing Statements of Work, specification and data requirements. Publishes "Notices of Contract Action," and/or "Notice of Award" in the FEDBIZOPPS as required by regulation. Selects sources for solicitation and prepares Request for Proposals (RFPs), receives and evaluates proposals, negotiates, request final proposal revisions or makes awards without discussion if possible, performs source selection and awards appropriate contractual instruments. Negotiates and awards contracts resulting from Broad Agency Announcements (BAAs), the Small Business Innovation Research (SBIR) national solicitation, and the Small Business Minority 8A Program. Conducts Contract and Business Clearance Approval for all contractual actions within the approved thresholds. Distributes all contractual documents. Performs contract management of all contracts issued. Terminates assigned contracts as required. Performs final contract closeout and all contract retirement functions. Inputs appropriate acquisition data into the AFMC automated management system database."



'via Blog this'

Monday, January 8, 2018

macos - Stop Pulse Secure from opening at startup Mac - Stack Overflow

Worked for me: macos - Stop Pulse Secure from opening at startup Mac - Stack Overflow: "There is no system configuration switch on the Mac to prevent auto startup of Pulse Secure.

So we have to using Automater, create an app to run the following script during system boot:"



'via Blog this'

Facial recognition...

Solved: xr11 v3 remote - program 30 second skip - Xfinity Help and Support Forums - 2800046

Pinterest wall ideas

Thursday, January 4, 2018

What’s the Best Way to Take an Afternoon Nap? - WSJ

Cybersecurity in 2018: What will the new year bring?

Cybersecurity in 2018: What will the new year bring?: "David Harley, senior research fellow at ESET, explained that the number of networked devices, from fridges to toys, could create more opportunities for bad actors, widening the attack surface."



'via Blog this'

Long Jail Terms for Sexual Offenders Do Little Good - The Chronicle of Higher Education

Long Jail Terms for Sexual Offenders Do Little Good - The Chronicle of Higher Education

https://www.chronicle.com/article/Long-Jail-Terms-for-Sexual/236858

Toxic masculinity is probably destroying the planet. | Grist

Toxic masculinity is probably destroying the planet. | Grist

If gender roles are toxic for people and the planet, it's time to rethink them.

Taming Cybersecurity Regulation Mayhem

Meltdown and Spectre

Meltdown and Spectre: These hardware bugs allow programs to steal data which is currently processed on the computer.