Friday Squid Blogging: 1887 Animal-Combat Print with Giant Squid
Great Victorian animal-combat scene featuring a giant squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • March 31, 2017 4:32 PM
Yet another LastPass “major flaw”
In addition to the LastPass and 1Password leaks uncovered last week a “major flaw” has been discovered by by Tavis Ormandy which allows malicious code execution. No patch is available.
Stop using online, closed-source password maangers and use tried, tested and trusted open source software like Bruce’s Password Safe or KeePass.
https://www.theregister.co.uk/2017/03/27/lastpass_confirms_major_flaw/
https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/
Huge data breach sees thousands of MPs’ staff personal data published online
In the same week the UK Home Secretary was lecturing technology companies about the dangers of encryption the government have inadvertently published “names, salaries, rewards, working patterns and holiday entitlements of the more than 3,000 staff.”
http://www.mirror.co.uk/news/politics/huge-data-breach-sees-thousands-10135238
Amber Rudd’s ‘showdown’ talks with tech firms on extremism are pure PR
…the tech companies get called in for their ritual berating, hang their heads and say they’re sorry. The government gets to say it’s tough, without losing its powerful friends. And the whole thing goes on as it was before.
https://www.theguardian.com/technology/2017/mar/30/uk-government-tech-firms-extremism-pr-win-facebook-amber-rudd
Setting a custom FileVault (macOS FDE) passphrase
“Overloading the login/unlock/sudo password is an understandable UX simplicity choice, but makes it very hard to manage the security tradeoff: you want an easy to type password for login (which can’t be bruteforced offline), but you want a complex long passphrase for FDE.”
https://blog.filippo.io/filevault-2-custom-passphrase/
Android handsets could have soft-button fingerprint sensors by year-end
https://arstechnica.com/gadgets/2017/03/synaptics-new-fingerprint-sensors-support-force-sensitivity-soft-buttons-and-more/
Telegram now supports voice calls
General consensus is that it’s great [Telegram] despite their homebrew crypto for secret chats. Telegram’s available on almost all platforms including Windows, Mac, Linux, command line, web-version, Android, iPhone/iPad, Windows Phone.
Voice quality is improved using AI and instead of using verification words to detect a MITM they use emjois (to overcome any language barriers – neat concept.)
https://telegram.org/blog/calls
https://core.telegram.org/techfaq#q-how-are-voice-calls-authenticated
https://news.ycombinator.com/item?id=13994154
Wikileaks releases CIA’s Marble: Malware obfuscation tools
https://wikileaks.org/ciav7p1/cms/page_14588467.html?marble=1
https://www.theregister.co.uk/2017/03/31/wikileaks_cia/
Reverse Engineering Malware 101
https://securedorg.github.io/RE101/
Is this a solution to Trump signing away your digital privacy? We give Invizbox Go a go
You’re stuck with one VPN provider and they don’t support OpenVPN
https://www.theregister.co.uk/2017/03/30/invizbox_solution_for_digital_privacy/
Thinking about switching to Windows 10? Now’s the time to act
Windows 10 Creators Update is due to be released and it’ll likely wreak havoc on users’ systems.
http://www.infoworld.com/article/3186869/microsoft-windows/thinking-about-switching-to-windows-10-nows-the-time-to-act.html
The American M-209 cipher machine
https://chris-intel-corner.blogspot.co.uk/2012/06/american-m-209-cipher-machine.html