Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that’s used in countless apps, including those used by large enterprise organizations, several websites reported last Thursday.
The Tuesday outage at an Amazon Web Services data center affected services from several collaboration software vendors, highlighting how reliant companies have become on cloud providers for a variety of workplace tools.
Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device’s Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip, putting billions of electronic devices at risk of stealthy attacks.
In late 2021, the term Web3 began to increasingly appear in mainstream media outlets. This does not refer, however, to a sudden increase in interest in the Semantic Web as defined by Tim Berners-Lee, but rather to something entirely different.
It also found affected hospitals had tens of thousands of outdated Windows 7 systems, and that the health system’s IT administrators failed to respond to multiple warning signs that a massive attack was imminent.
At 10:30 p.m. PST on Oct. 6, Twitch released the following statement on its corporate blog: “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.”
The Technical Marketing role is often misunderstood—or simply forgotten—in the vendor world. What does the TME do, and why? What value does the TME bring to the development and release of new products? Pete Lumbis joins Tom Ammon and Russ White to discuss the importance and value of the TME.
In a highly anticipated decision, a judge of the United States International Trade Commission ruled in August that Google infringed five patents owned by speaker maker Sonos. The case charged Google with copying Sonos’ patented technology in its Google Home smart speakers.
Americans, and not just Americans, are well aware of how deep the dysfunction of the ruling factions runs. Many older ones remember the abuses of the Intelligence Community and the warnings against the Military-Industrial Complex; they have lived long enough to see the political resistance to the Community and the Complex shift, under pressure of deliberate policies, from the Left to the Right.
The rumors spread like wildfire: Muslims were secretly lacing a Sri Lankan village’s food with sterilization drugs. Soon, a video circulated that appeared to show a Muslim shopkeeper admitting to drugging his customers — he had misunderstood the question that was angrily put to him.
Antitrust has not had its moment since the 1911 breakup of Standard Oil. But this past year, policymakers and government leaders around the globe have been taking a hard look at the technology markets.
For well over a decade, I have been arguing that governments should create IT accident investigation boards for the exact same reasons they have done so for ships, railroads, planes, and in many cases, automobiles.
Yet risks remain, and once the genie is out of the bottle, they are often difficult to manage and contain—they range from unintended consequences and side effects to threats to privacy and loss or misdirection of control.
How can we change the field of computing so that ethics is as central a concern as growth, efficiency, and innovation? There is no one intervention to change an entire field: instead, broad change will take a combination of guidelines, governance, and advocacy.
The dominant regime of the electric age—“democracy” mediated and managed by corporate journalists, academics, experts—is being slowly eaten by a new cybernetic order, mediated by algorithm and increasingly not managed at all.
The metaverse is, as they say, happening. Mark Zuckerberg announced last month that Facebook’s parent company, now called Meta, will take the lead in building out an immersive, interactive, and ubiquitous network of virtual environments that he envisions as the next phase of the Internet.
When Google introduced Manifest V3 in 2019, web extension developers were alarmed at the amount of functionality that would be taken away for features they provide users. Especially features like blocking trackers and providing secure connections.
In preventing people like me from accessing Twitter despite plainly qualifying under their own terms of service — and in failing to provide the kind of communication Dorsey testified under oath occurs in situations like mine — Twitter is arguably engaging in fraud, telling the public one thing while engaging in the opposite.
Privacy law is manifested in practice as a litany of “Agree” buttons to consent to data collection and a series of long, convoluted statements of data collection practices that are supposed to give users enough notice about what companies do with our data to enable us to make informed decisions.
It’s been 24 hours since Jack’s resignation, and while I’m not really interested in the evolving loser drama surrounding the new CEO’s decade-old tweets, it is worth noting that Twitter has already updated its content policy in a manner that effectively makes citizen journalism impossible.
In one of the more unusual cybersecurity policing stories of the past year, the FBI announced in June that it had created its own company, called ANOM, to sell devices with a pre-installed encrypted messaging app to criminals.
In its response to Stossel’s defamation claim, Facebook responds on Page 2, Line 8 in the court document (download it below) that Facebook cannot be sued for defamation (which is making a false and harmful assertion) because its ‘fact checks’ are mere statements of opinion rather than factual assertions.
It is refreshing to find instances in the IT sector where competing groups with their own agendas work together for the common good and the improvement of systems everywhere. So it is with the absorption of the Gen-Z Consortium by the CXL Consortium.
From the recent writeup of the DNS work at the IETF its clear that there is a large amount of attention being focused on the DNS. It’s not just an IETF conversation, or a DNS OARC conversation, but a conversation that involves a considerable amount of research activity as well.
It seems like Antarctica’s McMurdo Station could be getting high-speed internet—a modern day luxury feature that could connect its remote laboratories (and seasonal tourist hub) to the rest of the world. The station is located on an island just off the northwestern part of the continent and is the largest US research hub on Antarctica.
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network.
Let’s say you’re tasked with selecting a strong authentication solution for your organisation. Where do you begin? This article is the first of a series that will explore authentication and authorisation technologies in the context of recent exploits and developing trends.
At the University of California, Riverside, we found the current design and implementation of modern OSes can lead to side-channel-based DNS cache poisoning attacks, namely SAD DNS (Side-channel AttackeD DNS).
If you’re looking for a rugged case for your phone or tablet, you’ve probably seen the terms MIL-SPEC or MIL-STD. But what do they mean? It’s a simple standard, but its appearance on product packaging is a complex topic.
Web 1.0 was from 1991 to 2004 when web users were consumers of content, and the web was a series of static websites. Web 2.0 emerged in 2004 as user-created content overtook static content. The big winners in this era have been the huge social media platforms that became some of the biggest companies on the planet.
Manifest V3, Google Chrome’s soon-to-be definitive basket of changes to the world of web browser extensions, has been framed by its authors as “a step in the direction of privacy, security, and performance.”
Machine Learning (ML) and Artificial Intelligence (AI) are all the rage in the network engineering world. Where might these technologies be useful, as opposed to mere hype? The two most obvious areas where AI and ML would be useful are failure reaction and security. Micah Mussler joins Tom Ammon and Russ White to discuss the possibilities of using AI and/or ML in the broader security market—and focusing in on the network.
Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads.
As telehealth and digital platforms cement their role in the post-pandemic future, it’s imperative for the digital health ecosystem to find ways of enhancing support networks, marking the transition from telehealth to tele-wellbeing.
One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.
Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks.
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control.
Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.
A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it’s possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users.
No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users’ credentials and carrying out further follow-on attacks.
SRv6, a form of source routing, is the new and interesting method being created by the IETF to allow traffic engineering and traffic steering. This is not the first time the networking world has tried source routing, however—and in the spirit of rule 11, we should ask some questions. How and why did source routing fail last time? Have we learned those lessons and changed the way we’re doing things to overcome those limitations? Security seems to be one area where problems arise in the source routing paradigm.
Andrew Alston joins Tom Ammon and Russ White to discuss security in SRv6.