Weekend Reads 110422

The recent rise of HTTP request smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessible systems with a reverse proxy front-end… until now.

Eternity typically keeps its activities on the down low—in the Dark Web. Still, we sought to determine if LilithBot and Eternity also engaged in dealings on the Surface Web.

The Financial Conduct Authority, the UK’s financial services regulator, has begun discussions with the aim of understanding the impact of Big Tech on industry competition.

You really shouldn’t be trying to manage your own passwords when high-performance graphics cards featuring GPUs as powerful as Nvidia’s GeForce RTX 4090 could be in use by hackers.

The U.S. Federal Trade Commission enforcement action against Drizly demonstrates how the agency plans to give teeth to its new emphasis on data minimization.

In October 2020, the Global Privacy Control was created to allow consumers to exercise their privacy rights with the click of a mouse.

Finding new ways to collect information about a network and limit the meta-data exposed to others is a constant struggle we see in research as this data can be used for both benign and malicious intentions.

BlackEnergy first appeared in 2007. Designed to launch distributed denial-of-service (DDoS) attacks or download customized spam or banking data-stealer plug-ins, it was again used to target the State Bar of Georgia last May.

Over the last two years, office workers of the world have gotten a tantalizing taste of either fully remote work or partially remote hybrid work. Many don’t want to go back to commuting to a workplace full-time, no matter the cost.

An issue with this approach is that it assumes the recommended resolvers offer improved protection versus the one currently being used. In reality, the existing resolver may support one or more encrypted DNS protocols and the connection may already be encrypted.

Comcast has a problem—it isn’t signing up many new broadband customers. But Comcast also has a solution—get more money from existing subscribers.

There are many opinions about encryption and its role in our society, and many of those opinions are contradictory. Still, the general public is largely unaware of the nuances of this issue, which can lead to confusion or misunderstanding about what encryption really is and why it is crucial to all internet users.

Most pressingly, there is a general lack of demand for 5G services from enterprises. This means that service providers, eager to place themselves at the head of the race to deliver 5G services, are struggling to sell the potential benefits to their customers.

LastPass today released findings from its fifth annual Psychology of Password findings, which revealed even with cybersecurity education on the rise, password hygiene has not improved.

Some room-temperature takes on yesterday’s not-quite-RCE vulnerabilities in OpenSSL 3.0, and on what there is to learn about safe cryptography engineering.

Mondelez International, maker of Oreos and Ritz Crackers, has settled a lawsuit against its cyber insurer after the provider refused to cover a multimillion-dollar clean-up bill stemming from the sprawling NotPetya ransomware attack in 2017.