Do This Now: Disable Your Email PGP/GPG Plugin


Weekly Axis Of Easy #49


 

In this issue:

  • Do this now: Disable your email PGP/GPG plugin
  • Every O/S in existence hit by same security flaw
  • Reports of Cambridge Analytica’s  demise may have been premature
  • Welcome to the drone wars
  • Hardening Drupal: how to protect your sites
  • Best Black Mirror ever: China’s Sesame Credit system
  • Isis leaders captured using smartphone app
  • Over 100K users infected by malicious Chrome extension

From now until May 31st, get 6 months free web hosting when you register or transfer in a new domain. Click here for more info

Do this now: Disable your email PGP/GPG plugin

A rare “stop the presses” moment occurred when we saw the following this morning: The EFF has issued an urgent alert that new vulnerabilities have been discovered affecting email encryption plugins such as Enigmail, GPGtools and Gpg4Win which “pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”Full details will be published in a paper on Tuesday, 7am UTC (3am ET), in the meantime EFF is urgently recommending anybody using these tools to disable them right away.

 

Every O/S in existence hit by same security flaw

It looks like unclear or misinterpreted instructions from chip makers regarding previously disclosed CPU flaws has resulted in the introduction of more vulnerabilities. Affected operating systems include: Windows, OSX, Linux and BSD. The bugs allow a range of attacks from privilege escalation to reading arbitrary data from memory, and in the case of Windows, executing arbitrary code in kernel mode. So far hypervisors like VMWare and Xen have issued patches to fix.

Read: https://www.zdnet.com/article/microsoft-windows-apple-macos-linux-bsd-all-hit-by-same-serious-security-flaw/ 

Reports of Cambridge Analytica’s  demise may have been premature

Last we reported on the purported demise of Cambridge Analytica and I quipped “watch where the assets end up on liquidation”. What transpired in the days following seems to indicate that the disgraced data miner may have pulled a fast one and simply shed one corporate coil for another and is now reborn as “Emerdata”, a related company with common principles, addresses and directors.

Welcome to the drone wars

A couple of stories about drone usage, one to police the public and one to thwart the police: In Chicago legislation requires that a warrant be obtained before using a drone for surveillance. Mayor Rahm Emanuel wants to remove that requirement. Critics fear an onslaught of warrantless surveillance drones, equipped with facial recognition software patrolling the city 24 x 7.

Meanwhile, DefenseOne reports on an incident last winter wherein FBI agents were assailed by a swarm of drones during hostage rescue attempt. The criminals backpacked in a pile of drones in anticipation of FBI pursuit, and then deployed those drones to buzz the agents who had taken up an elevated position to observe the scene. The agents were pushed out from their vantage point and the drones were used to counter-surveil the law enforcement squads. An example of “how criminal groups are using small drones for increasingly elaborate crimes.”

Read: https://chicago.suntimes.com/opinion/police-drones-surveillance-red-squad-illinois-law/

And: https://www.defenseone.com/technology/2018/05/criminal-gang-used-drone-swarm-obstruct-fbi-raid/147956/

Hardening Drupal: how to protect your sites

In the wake of a couple serious Drupal vulnerabilities which we’ve been following here, security journalist Kim Crawley has released “A quick-and-dirty guide to hardening your Drupal” sites against compromise. Worth a quick review if you’re running Drupal anywhere in your environment.

Read: https://www.peerlyst.com/posts/a-quick-and-dirty-guide-to-security-hardening-drupal-kimberly-crawley

Best Black Mirror ever: China’s Sesame Credit system

I keep reporting on China’s Sesame Credit, a system which gamifies obedience to the State and that becomes compulsory for all citizens in 2020 because it’s like a slow motion car crash for me. This is where we’re headed, in our own way, in our own uniquely Western flavour. And we won’t care. That’s the scary part.As Charles Hugh Smith observes: The Chinese system aligns with all states’ desire for Total Information Awareness, but the rules in China are particularly Kafka-esque and may not be there to protect the public from threats as much as to protect the State itself from the public.

Read: https://www.oftwominds.com/blogmay18/social-control5-18.html

ISIS leaders captured using smartphone app

5 top ISIS leaders have been captured after authorities used the Telegram app on another captured ISIS member’s phone to lure them into proximity. “Intelligence services used a phone belonging to a detained aide to the group’s leader Abu Bakr al-Baghdadi, to contact the other commanders to set up a meeting in Iraq, Iraqi security adviser Hisham al Hashemi told the Telegraph.”

Read: https://www.telegraph.co.uk/news/2018/05/10/five-key-isil-leaders-captured-sting-iraqi-agents-lure-trap/

Over 100K users infected by malicious Chrome extension

Last week security firm Radware released their findings on 7 malicious Chrome extensions which made it into the Google Play store. The malware would snarf user login credentials and installed crypto-currency miners on their devices. At least 100,000 browsers were infected.

Read: https://arstechnica.com/information-technology/2018/05/malicious-chrome-extensions-infect-more-than-100000-users-again/


Reminder: until May 31st, get 6 months free web hosting when you register or transfer in a new domain. Click here for more info

Leave a Reply

Your email address will not be published. Required fields are marked *

Get in the know of what's up around the 'net weekly: #AxisOfEasy

x