Friday Squid Blogging: Chilean Squid Producer Diversifies
In another symptom of climate change, Chile’s largest squid producer “plans to diversify its offering in the future, selling sea urchin, cod and octopus, to compensate for the volatility of giant squid catches….”
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • April 14, 2017 4:30 PM
ShadowBrokers: The NSA compromised the SWIFT Network
“It is by far the most powerful cache of exploits ever released…” “it is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it. A number of these attacks appear to be 0day exploits which have no patch and work completely from a remote network perspective.”
https://medium.com/@msuiche/the-nsa-compromised-swift-network
https://www.lawfareblog.com/shadow-brokers-redux-dump-nsa-tools-gets-even-worse
https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
http://www.wired.com/2017/04/major-leak-suggests-nsa-deep-middle-east-banking-system/
https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/
http://threatpost.com/shadowbrokers-expose-nsa-access-to-swift-service-bureaus/124996/
https://motherboard.vice.com/en_us/article/the-latest-shadow-brokers-dump-of-alleged-nsa-tools-is-awful-news-for-the-internet
Security vulnerability in Drupal References contrib module puts 120000 sites at risk
http://drupal.sh/vulnerable-drupal-contrib-module-puts-120000-sites-at-risk
Breaking Signal: A Six-Month Journey
“We don’t see why Signal can’t address some of these flaws. I’m guessing it’s not going to cost them anything…”
https://threatpost.com/breaking-signal-a-six-month-journey/124888/
https://pwnaccelerator.github.io/2016/signal-part1.html
https://pwnaccelerator.github.io/2016/signal-part2.html
Why Banker Bob (still) Can’t Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps
http://fc17.ifca.ai/preproceedings/paper_83-2.pdf
What Every Developer Must Know About HTTPS
https://www.troyhunt.com/new-pluralsight-course-what-every-developer-must-know-about-https/
Certificate Authority Authorization
CAA is a new mechanism that will allow site owners to specify which Certificate Authorities are authorised to issue certificates for their domain name.
https://scotthelme.co.uk/certificate-authority-authorization/
Using a web ad blocker could identify you – to advertisers
https://www.theregister.co.uk/2017/04/14/ad_blockers_identify_you_to_advertisers/
You can try out the browser extension and login-leak experiment here.
https://extensions.inrialpes.fr/
Random thoughts on the use of breach data for protection of accounts
https://www.troyhunt.com/random-thoughts-on-the-use-of-breach-data/
Microsoft Joins Other Tech Companies by Releasing 2014 National Security Letter
https://www.lawfareblog.com/microsoft-joins-other-tech-companies-releasing-2014-national-security-letter
EFF’s “Spying on Students” Report
https://www.eff.org/press/releases/effs-spying-students-report-highlights-tech-companies-data-collection-parents
https://www.eff.org/files/2017/04/13/student-privacy-report.pdf
Germany’s Crypto Past and Hacking Future
https://www.lawfareblog.com/germanys-crypto-past-and-hacking-future
saltpack – a modern crypto messaging format
https://saltpack.org/
https://news.ycombinator.com/item?id=14067003
Free, open source screen capture, file sharing and productivity tool
It has numerous features but the one which readers on here may be interested in is the ability to upload text directly and anonymously to sites like Pastebin, Paste.ee, OneTimeSecret, Paste2, GitHub Gist, Paste, Slexy, uPaste, Pastee.org, Hastebin, File uploader etc.
https://getsharex.com/
HIPAA Compliance with Microsoft Windows 10 Enterprise
http://www.hipaaone.com/wp-content/uploads/2017/02/HIPAA-Compliance-with-Microsoft-Windows-10-Enterprise.pdf
Why one Republican voted to kill privacy rules: “Nobody has to use the Internet”
https://arstechnica.com/tech-policy/2017/04/dont-like-privacy-violations-dont-use-the-internet-gop-lawmaker-says/
Latest version of Denuvo’s DRM cracked yet again
https://arstechnica.com/gaming/2017/04/latest-version-of-denuvos-drm-cracked-yet-again/
Legal Implications of Brexit
http://iielaw.org/wp-content/uploads/2015/08/Brexit-PDF-APRIL-REVISION-COMPLETE.pdf
http://iielaw.org/wp-content/uploads/2015/08/Full-Roadmap-April.pdf
Happy Easter all