In an unprecedented move, Twitter has alerted some users that nation-state sponsored attackers may have attempted to steal their account information -- such as email address, IP address, and phone numbers. None of the small number of Twitter user accounts targeted appear to have been successfully breached, however, according to the alert.
I predict that this will soon be a new status symbol. People will have I was hacked by Bunfuckistan badges on their various social media accounts. That's how you will know who is worth following.
The Register - 'Devastating' flaw found in Windows' authentication system -
The flaw results from how the third-party authentication system creates secret keys: by using the password associated with a disabled username (krbtgt). That password is rarely changed, making it possible to bypass the authentication system altogether and allow an attacker to grant themselves admin privileges, as well as create secret passwords for existing users and new users that don't exist.A slightly more in-depth explanation is found here:
“Well, we just encrypt current timestamp with our secret key. That's what a normal process looks like. So, if we have an access to the key – we can repeat this process on behalf of the user and gain legitimate Kerberos tickets and thus access. Essentially skipping the part of Kerberos authentication, where user secret key is created from his password,” he asserts.
...
“The attacker can control every aspect of the forged ticket including the Ticket's user identity, permissions and ticket life time. Attackers typically set Golden Tickets to have an unusually long lifetime, which allows the possessing entity to keep using them for a long period without renewal. In addition to the lifetime, other important attributes of the ticket are typically forged to achieve other nefarious goals, such as assigning very high permissions, impersonating other users and even using non-existing user names,” write Be'ery and Cherny.It seems to me I have heard about this problem before, but I may be mis-remembering. I haven't seen a response from Microsoft yet.
Gizmodo - Applying for a US Visa? Expect DHS to Look at Your Facebook Posts -
This new push dovetails with amplified fears about extremist immigrants. The day that she and her husband killed 14 people in San Bernadino, Ca., Tashfeen Malik “pledged allegiance” to ISIS on Facebook. Today, the Wall Street Journal reports that DHS is working on a new strategy for scouring social media posts in the wake of that attack.
Let's not forget the multi-year history of pro-jihad comments she had made before immigration. This wasn't just one post made the morning she went off to kill 14 people.
Hacker News - Hacker-Friendly Search Engine That Lists Every Internet-Connected Device -
At the end of last month, security researchers from SEC Consult found that the lazy manufacturers of home routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking.Now you know who to blame when your internet connected refrigerator tries to kill you, as CSI Cyber assures me it will.
NY Times - The Experts Were Wrong About the Best Places for Better and Cheaper Health Care -
All of the attention stemmed from academic work showing that Grand Junction spent far less money on Medicare treatments – with no apparent detriment to people’s health. The lesson seemed obvious: If the rest of the country became more like Grand Junction, this nation’s notoriously high medical costs would fall.
But a new study casts doubt on that simple message.
The research looked not only at Medicare but also at a huge, new database drawn from private-insurance plans – the sorts used by most Americans for health care. And it shows that places that spend less on Medicare do not necessarily spend less on health care over all. Grand Junction, as it happens, is one of the most expensive health care markets in the country for the privately insured – despite its unusually low spending on Medicare.
Imagine that.
Washington Post - The 10 most liberal and conservative cities in the U.S. — as judged by campaign donors -
No comments:
Post a Comment