Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Sep 11, 2022,

updated Sep 11, 2022

=> Games: Doom, Quake, and More | Sharing Dual-Licensed Drivers between Linux and FreeBSD

=> ↺ Google Collisions Visualized

The Challenges of IoT, TLS, and Random Number Generators in the Real World

=> ↺ The Challenges of IoT, TLS, and Random Number Generators in the Real World

IoT (Internet of things) is now a first-class member of the Internet, communicating with cloud infrastructure. With this come additional requirements to ensure confidentiality, integrity, and authentication for every customer's data. The IETF TLS (Transport Layer Security) protocol is used for almost all Internet traffic security, but TLS is not as secure as the general public believes it to be. The current TLS protocol has been proven secure, but do IoT implementations live up to that promise? IoT does not always have the luxury of hardware RNGs (random number generators) or other features typically found on servers, laptops, or even phone processors. The history of RNGs that have not been as random as expected has led to this question.

[A repeat] roguelazer's website: SSH MITM at Best Western

=> ↺ [A repeat] roguelazer's website: SSH MITM at Best Western

I'm currently staying in a Best Western hotel in Eureka, CA, avoiding the Bay Area heat wave, and I noticed something remarkable: the hotel's free WiFi network performs automatic man-in-the-middle interception of all SSH traffic. I've literally never seen this before on public WiFi… Check it out...

[...]

Based on traceroutes, it really does look like all of my traffic is being routed through some central facility in Texas that's doing god knows what DPI on it.

Major security bugs are a long-term threat: Here’s why and what’s next

=> ↺ Major security bugs are a long-term threat: Here’s why and what’s next

The technology world is entering a new phase where code complexity and widespread use of global software tools have opened the door for a damaging security flaw that can last for years.

Google rolls out update for high-severity vulnerability in Chrome

=> ↺ Google rolls out update for high-severity vulnerability in Chrome

Google LLC has begun rolling out an update for Chrome to fix a high-severity vulnerability that is being actively targeted by hackers.

The vulnerability is found in the Windows, Mac and Linux versions of Chrome, the search giant detailed in a blog post Friday. The update that Google’s engineers have created to fix the issue is set to roll out over the coming weeks.

Navigating the path to passwordless authentication

=> ↺ Navigating the path to passwordless authentication

Yves Audebert is chairman, president and co-CEO of Axiad IDS, a trusted identity solutions provider for government and financial organizations. He previously founded ActivCard / ActivIdentity, one of the lead providers of the Defense Department’s Common Access Card and HSPD12 FIPS 201 credentialing systems.

If you have been in business long enough, you have probably heard the quote often cited from Lewis Carroll’s Through the Looking Glass: “If you don’t know where you’re going, any road will lead you there.” And while this quote isn’t verbatim from the book (or the subsequent movie Alice in Wonderland), the sentiment has stood the test of time because it appropriately captures an important strategic premise — that it’s important to be clear on your destination and desired business goals before kicking off a strategic initiative.

=> gemini.tuxmachines.org