Phishing Phish, Unicode Style →
Graham Cluley, writing at his eponymous blog, educates us in protecting the browser from Unicode Phishing Attacks. Today's MustRead.
Graham Cluley, writing at his eponymous blog, educates us in protecting the browser from Unicode Phishing Attacks. Today's MustRead.
Kelby Ludwig - writing at Duo Lab's has just posted a fascinating blog entry detailing their recent discovery of SAML vulns potentially affecting a range of implementations and deployments. In this case, the vulnerability appears to be a zero knowledge scenario (of the attributes of the target's password). H/T
"This blog post describes a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password. - via Duo Lab's Kelby Ludwig
Oops.
Seemingly yearly, we see new printer vectored network attacks due to slovely written code in the printer or the offending machine's drives. Here's the latest debacle courtesy of Hacker Noon on their Medium blog.
'Hacking unsecured printers is easy. Unfortunately, according to a Spiceworks survey only 16% of IT industry respondents think printers are at high risk of a security breach! 43% of surveyed companies ignore printers in their endpoint security approach. Well, what adminstrators don’t know will hurt them. Corporations invest in securing their computing devices. Why not printers?' - via Hacker Noon on Medium
Not the Alice and Bob we know running and frolicking along and about various and sundry paths to Security Nirvana, oh no me prtetties, but the Alice and Bob of mathematics, blackholes, paradoxes and whatnot... Examine - if you will - what happens when the pair meet the ultimate firewall - Today's Must Read.
via Cagle.com comes this thought-provoking editorial cartoon entitled 'Russian Troll'by the eponymous Steve Sack.
Where does all of that data gathered by car manfacturers while we drive? Perhaps Jonathan M. Gitlin, reporting for everyone's beloved Ars Technica can fulfill that data request in a speedy manner! Shouldn't the driver/owner of the vehicle make that decision? Enjoy.
News, of the release of OpenSnitch - the GNU/ Linux port of Object Development's much beloved LittleSnitch - a native macOS Application Firewall is the big news around our locale today. As of the date of this post, OpenSnitch is in Alpha release state, with the caveat: 'Warning: This is still alpha quality software, don't rely on it (yet) for your computer security.' Additional information is available via the OpenSnitch GitHub Readme. H/T
via Peter Cao - writing at 925Mac, details a Reuters screed of Intel's efforts to hide the true scope of Meltdown/Spectre from Federal investigators at US-CERT. Good to know.