Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?




Britain’s hospitals have been brought to a standstill because of ransomware infecting obsolete and unpatched Windows XP systems. The same obsolete operating system is powering Britain’s nuclear weapons arsenal. Is it prudent to ask if the British nuclear weapons submarines have been patched against this ransomware, or even hit by it? As reported in January … Continue reading “Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?”

1

Current wave of ransomware not written by ordinary criminals, but by the NSA




A lot of computers, including those at hospitals and other critical institutions, are being hit by a new wave of ransomware. The weaponized parts of this software were developed by – and inevitably leaked from – the National Security Agency. This shows again that the NSA’s mission, keeping a nation safe, is in direct conflict … Continue reading “Current wave of ransomware not written by ordinary criminals, but by the NSA”

2

OpenVPN 2.4.2 fixes critical issues discovered in OpenVPN audit reports




Private Internet Access is happy to release the results of our OpenVPN audit. In concurrence with the release of this report, OpenVPN has released OpenVPN 2.4.2 which is the latest update to the recently released OpenVPN 2.4 technology. The privacy and security community has banded together behind this open source technology to use the Internet openly … Continue reading “OpenVPN 2.4.2 fixes critical issues discovered in OpenVPN audit reports”

0

  • May 11, 2017
  • Caleb Chen
  • Networking, Privacy, Programming, Security,

OpenVPN 2.4 Evaluation Summary and Report




Contents 1 Executive Summary 2 Introduction 2.1 Scope 2.2 Approach 2.3 Classification and Severity Rating 3 Findings 3.1 Summary of Findings 3.2 Static Analysis Results 3.3 Dynamic Analysis Results 3.4 Detailed Findings 3.4.1 OVPN-01: Sensitive authentication token not wiped on certain TLS auth errors 3.4.2 OVPN-02: Potentially flawed TLS control channel encryption 3.4.3 OVPN-03: Insecure … Continue reading “OpenVPN 2.4 Evaluation Summary and Report”

0

The Intel remote vulnerability is much, much worse than you thought




The Intel remote vulnerability which was recently disclosed has been discussed in more detail, and it’s much, much worse than you thought. It’s not just that the Intel servers are vulnerable to remote access. It’s that it’s trivial to invoke it, and that the access happens over the regular network line. A few days ago, … Continue reading “The Intel remote vulnerability is much, much worse than you thought”

7

  • May 4, 2017
  • Caleb Chen
  • Governments, News, Privacy, Security,

UK government seeks expansion of mass surveillance “technical capabilities” via the Investigatory Powers Act




The UK government is seeking an expansion to their mass surveillance powers on the Internet. The plans were leaked and released by the Open Rights Group. The draft rules were only officially circulated to a short list of companies, mostly telecommunication companies and internet service providers (ISPs) according to The Register. The proposed bulk surveillance rules will force telecoms … Continue reading “UK government seeks expansion of mass surveillance “technical capabilities” via the Investigatory Powers Act”

0

  • May 3, 2017
  • Caleb Chen
  • Governments, News, Privacy, Security,

Florida judge rules that compelling a suspect to reveal smartphone pin passcodes doesn’t violate the Fifth Amendment




A Florida judge has granted a motion to compel two suspects in an ongoing case to reveal their smartphone passcodes. Prosecutors were granted a motion to compel two defendants to give up their smartphone pin passcodes to search for evidence related to an extortion allegedly carried out by a couple, Victor and Voigt. The two devices in … Continue reading “Florida judge rules that compelling a suspect to reveal smartphone pin passcodes doesn’t violate the Fifth Amendment”

1

  • May 1, 2017
  • Caleb Chen
  • Linux, News, Security,

Intel confirms remote code execution hole in Intel CPUs since 2008




According to security researchers, media, and now Intel themselves, a security hole allowing remote code execution (RCE) has been present in Intel CPUs since 2008. The exploit was usable on Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability (SM). Those are present in most every computer with an Intel CPU from the last … Continue reading “Intel confirms remote code execution hole in Intel CPUs since 2008”

1

  • Apr 24, 2017
  • Caleb Chen
  • News, Privacy, Security,

Lyrebird.ai is a new site that will allow anyone to “copy the voice of anyone”




Lyrebird.ai, a new tech startup out of Montreal, Canada, promises to let you recreate anyone’s voice with just a single minute of recording data. They even promise to be able to parse voices and allow you to imitate the voice of a target, much like a lyrebird does in nature. While the technology is still … Continue reading “Lyrebird.ai is a new site that will allow anyone to “copy the voice of anyone””

1

  • Apr 22, 2017
  • Caleb Chen
  • Governments, News, Security,

USPTO site downgrades to HTTP despite US federal government promise to adopt HTTPS on all websites




The US Patent Office’s (USPTO) website is now unusable with HTTPS as of April 21st, 2017. This has happened despite a 2015 policy from the White House that promised an HTTPS only standard on all federal websites by Spring 2017. HTTPS provides encryption and is recommended by everyone from the United Nations to (previously at least) the United States … Continue reading “USPTO site downgrades to HTTP despite US federal government promise to adopt HTTPS on all websites”

1