Heart of Cheney
Apparently Dick Cheney (one our former Veeps and President of the Senate) fearing for his life, decided to terminate the in-built wireless capabilities of his lifeline. In this case, none other than his implanted heart defibrillator.
We are bound to discover more of this behavior going forward given the paucity of medical device security, and the need to access telemetry from these life giving, and sustaining machines, without invasive measures.
2014/11/07: As an addendum to this post, it behooves me to add I have great respect for Mr. Cheney. His efforts to control his own destiny, medically and otherwise, are exceedingly admirable.
Identity, An Internet Building Block? →
Sure to be a fascinating debate, the Internet Society is hosting “Is Identity an Internet Building Block?” slated during the IETF 91 in Honolulu, Hawaii. If you are in the Information Security racket, and interested in Identity Management this is sure to be a must attend event. The debate will also be web and audio-cast for your remote attendance.
Wait, What..., Again?
In not-unsurprising-cruft-news, additional, vulnerability-laden, Unix and Unix-like (read Linux) utilities have been detected, requiring updates. The list, enumerated by HD Moore, the CTO of Rapid7 (and of Metasploit fame) includes wget, tnftp, symlink issues and others. Questions have arisen, as to why these utilities have not been scrutinized earlier...
' “wget versions prior to 1.16 are vulnerable to a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target,” said HD Moore, the chief research officer at Rapid7 who found the vulnerability, in a blog post Tuesday...' - via PCWorld's Lucian Constantin
Team Players →
Fascinating screed via the eponymous Salted Hash column's author Steve Ragan, targeting social engineer teaming, in this case emphasizing enhanced results as the sum 'social-ness' of the effort..
Yesterday's Gestation →
via Paleofuture's Matt Novak. The inception date of our beloved interweb is generally assumed to be the date of the first electronic message transmitted via the packet switched network, that was to become the ARPANET, and at that time managed by BBN.
Ristić: On The Demise of SSL v3 →
Quite likely, the authoritative post on the Poodle attack - via Ivan Ristić at SSL Labs, and Today's Must Read [a snippet follows].
"You can look at this problem from two perspectives. As a user, you want to protect yourself from attacks, and the best way to do that is to disable SSL 3 in your browser. (Instructions are easy to find online.) The updated SSL Labs Client Test will tell you if your change was successful. As a web site operator, you should disable SSL 3 on your servers as soon as possible. You need to do this even if you support the most recent TLS version because an active MITM attacker can force browsers to downgrade their connections all the way down to SSL 3, which can then be exploited. In normal operation, SSL 3 shouldn't needed by the vast majority of sites..." - Ivan Ristic
Concept, Proof of
Bad news for Network Attached Storage users, as a newly devised POC now exists. Should you be concerned? Probably.
It's Bigger Inside
Spry's Internet in a Box, via Sean Gallagher, writing at Ars Technica.
Spotlight Privacy Fail
In a privacy reversal, Apple Inc.'s (NasdaqGS:AAPL) Spotlight search utility now mingles your search queries with millions of others, and forwards those sweet, sweet nuggets of data to Microsoft Corporations' (NasdaqGS: MSFT) Bing search engine.
While, on the surface, this data collection does not appear to violate any of http://www.apple.com/privacy, it is quite simply a terrible decision, and certainly muddies the waters for MAC OS X users world wide.. Simply astonishing...
Apple's statement, culled from the Spotlight application on Yosemite, otherwise known as Apple Mac OS X 10.10:
About Spotlight Suggestions & Privacy
When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services.If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac.
You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on “Details” next to System Services and then deselecting “Spotlight Suggestions”. If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region.
Information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy.
OpenStack Juno, The Release
News, via Renee Yao [with guest writer Mark Voelker, technical lead at Cisco] writing at Cisco Blogs, of the newly released OpenStack 2014.2 (aka Juno). Fundamentally, OpenStack open-source software targets the creation of cloud compute infrastructure, both private and public. Absolutely Outstanding.