Haven’t I heard this before, you may ask. No, this is a different hack from the earlier one. It’s deja vu all over again.
Back in the days Yahoo was like Google or Facebook now. It’s hard to imagine how a company in such a superior position can end up in this state. Yahoo’s story serves as a cautionary tale for the current Internet darlings.
The company says the attack was separate from the breach that led to an earlier disclosure that 500 million accounts were hacked.
A long form article on the earlier story about NSO Group’s iPhone Zero-Days. Pretty long but easy to follow.
Last summer, Bill Marczak stumbled across a program that could spy on your iPhone’s contact list and messages—and even record your calls. Illuminating shadowy firms that sell spyware to corrupt governments across the globe, Marczak’s story reveals the new arena of cyber-warfare.
Cybersecurity expert Bruce Schneier’s take and warning of the current state of the Internet, particularly IoT. While he is coming from a neutral position, some fear that people with agenda will use this to create regulations that restrict freedom and make the current situation worse.
As the chairman pointed out, there are now computers in everything. But I want to suggest another way of thinking about it in that everything is now a computer: This is not a phone. It’s a computer that makes phone calls. A refrigerator is a computer that keeps things cold. ATM machine is a computer with money inside. Your car is not a mechanical device with a computer. It’s a computer with four wheels and an engine… And this is the Internet of Things, and this is what caused the DDoS attack we’re talking about.
Source: Bruce Schneier: ‘The internet era of fun and games is over’
The IoT botnet is gaining both speed as well as volume. A security researcher had a CCTV hacked within minutes of setup. The worm was also smart enough to close the loophole to prevent other worms from infecting it.
The love for Linux continues under Nadella’s stewardship. Microsoft SQL Server now available on Linux. Who would have thought. In separate news, Microsoft joins Linux foundation.
Microsoft’s announcement that it was bringing its flagship SQL Server database software to Linux came as a major surprise when the company first announced..
Source: Microsoft announces the next version SQL Server for Windows and Linux
Survival skills in the modern digital world. Someone should turn this into a mandatory course in school.
Tips, Tools and How-tos for Safer Online Communications
Source: Surveillance Self-Defense
Modern computers and web browsers have gotten powerful enough to allow you to enjoy those old DOS games in your browser! No need to download anything.
Archon for DOS
Source: Play DOS games online
IoT is increasingly becoming a dirty word for botnet.
Researchers have found ways to hijack a specific type of IoT device – the popular Philips Hue lamp – via ZigBee to do what they want, and make the attack spread wirelessly.
The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack.
LOL. Microsoft accidentally “DDoS” npmjs.org in the new VS Code release. This is due to a feature in VS Code 1.7 sending a lot of non-cacheable requests. Thankfully they responded quickly and reverted VS Code to the old version.
These typings files drive the IntelliSense (code completions) experience in VS Code. The feature was so great that we started to overload the npmjs.org service.
This is serious. Dubbed “Dirty Cow“, there are already exploit kits out there for Android and possibly others.
Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.
Source: “Most serious” Linux privilege-escalation bug ever is under active exploit (updated)