-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Sep 12, 2023
> About a year ago, I left a comment on a Nostalgia Nerd video about Viruses. It’s a good video, worth a watch, like most of their content.
> Here’s my silly comment.
> The ends aren’t always supposed to justify the means. And a federal agency that already raised the hackles of defense lawyers around the nation during a CSAM investigation probably shouldn’t be in this much of hurry to start sending out unsolicited software to unknowing recipients.
> The incident began sometime on Sunday and affected hotel reservation systems throughout the United States and other IT systems that run the casino floors.
> BianLian added that its victim, "the world's leading nonprofit," operates in 116 countries with $2.8 billion in revenues. The extortionists claim to have stolen 6.8TB of data, which they say includes international HR files, personal data, and more than 800GB of financial records. They claim to also have email messages as well as medical and health data.
> Windows arbitrary file deletion vulnerabilities should no longer be considered mere annoyances or tools for Denial-of-Service (DoS) attacks. Over the past couple of years, these vulnerabilities have matured into potent threats capable of unearthing a portal to full system compromise. This transformation is exemplified in CVE-2023-27470 (an arbitrary file deletion vulnerability in N-Able’s Take Control Agent with a CVSS Base Score of 8.8) demonstrating that what might initially seem innocuous can, in fact, expose unexpected weaknesses within your system.
> Sofía shares a short presentation on Post-Quantum Cryptography's (PQC) development. PQC is special and different in how it uses complex problems with no efficient quantum solution to satisfy security goals. The panel commences on several topics and a few prompts from the audience. The competition should provide multiple solutions for exchanging keys and digital signatures so that when one solution is no longer secure, applications can change to another. The largest concern is how the performance characteristics will affect applications that need key exchange and digital signatures. Google will be testing key exchange at scale, but there is a gap for digital signatures. Cryptographic agility gets redefined with an emphasis on updating applications and hard to reach hardware like TPMs and satellites.
> This talk summary is part of my DEF CON 31 series. The talks this year have sufficient depth to be shared independently and are separated for easier consumption.
> The review found other weaknesses, specifically those involving information systems, contractor oversight, information sharing, etc. The report also said that the IRS does not employ overall oversight efforts related to unauthorized access of contractors, even though multiple IRS offices oversee said contractors.
> In this review, we found weaknesses in training, information systems, contractor oversight, information-sharing, and more. Of the related recommendations we've made since 2010, 77 haven't been implemented as of March 2023. We're also making 16 new recommendations, including one for Congress to consider.
-- Response ended
-- Page fetched on Sat Jun 1 06:14:25 2024