Nicholas Fearn of Computing is reporting:
“A group of security researchers have found a new vulnerability in a generation of RSA encryption keys used by software libraries in cryptographic smartcards, security tokens and PC chipsets.”
https://www.computing.co.uk/ctg/news/3019314/pc-encryption-keys-targeted-in-new-security-vulnerability
DAN GOODIN from Ars Technica reports:
“One of iOS’ rougher edges are the popups it produces on a regular but seemingly random basis. These popups require users to enter their Apple ID before they can install or update an app or complete some other mundane task. The prompts have grown so common most people don’t think twice about them.”
Bruce Schneier is reporting on the new NIST password status:
“NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:
Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don’t help that much. It’s better to allow people to use pass phrases.
Stop it with password expiration. That was an old idea for an old way we used computers. Today, don’t make people change their passwords unless there’s indication of compromise.
Let people use password managers. This is how we deal with all the passwords we need.
These password rules were failed attempts to fix the user. Better we fix the security systems.”
https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html
“Equifax’s ability to manage the unimaginable mountains of compromising personally identifying information it had coerced, for free, from the American public was in crisis. Employees routinely mishandled sensitive information, and the security team at Equifax was sidelined as the company struggled with the IT challenges of integrating dozens of data-mining acquisitions who demanded unfettered access to the company’s databases.”
https://boingboing.net/2017/10/01/30-web-shells.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+boingboing%2FiBag+%28Boing+Boing%29
