Microsoft Patch Alert: January 2020 patches look relatively benign

Credit to Author: Woody Leonhard| Date: Thu, 23 Jan 2020 07:17:00 -0800

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

To read this article in full, please click here

Read more

Galaxy users, take note: Samsung's probably selling your data

Credit to Author: JR Raphael| Date: Wed, 22 Jan 2020 03:00:00 -0800

Relying on Google services, as most of us Android-carrying primates do, comes with a certain tradeoff. It’s no big secret or anything: Google makes its money by selling ads, which are more effective when they’re catered to our interests — the subjects we tend to search about, the things we buy (when Google knows about ’em, at least), and often even the places we go with our location-enabled phones in tow (and/or in toe, for the monkeys among us).

That’s all par for the course, as I frequently say — part of the deal we all accept when we use Google services. That’s what makes it possible for Google to give us top-notch apps for free, and it’s also what opens the door to certain advanced features that wouldn’t be possible without that information’s presence.

To read this article in full, please click here

Read more

Don’t worry about CurveBall just yet — get your Citrix systems patched

Credit to Author: Woody Leonhard| Date: Tue, 21 Jan 2020 08:03:00 -0800

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.” 

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781. 

To read this article in full, please click here

Read more

Kadena launches a hybrid platform to connect public, private blockchains

Credit to Author: Lucas Mearian| Date: Thu, 16 Jan 2020 12:10:00 -0800

Brooklyn-based spinoff Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts – and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

“Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains,” said Avivah Litan, a vice president of research at Gartner. “That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain.”

To read this article in full, please click here

Read more

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.

Credit to Author: Woody Leonhard| Date: Fri, 17 Jan 2020 06:42:00 -0800

If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor’s nine-year-old, even the bleeping NSA. It’s a little patch. Why not just install it and be done with it?

To read this article in full, please click here

Read more

Feds may already have found a way to hack into Apple iPhones

Credit to Author: Lucas Mearian| Date: Thu, 16 Jan 2020 14:05:00 -0800

After Apple turned down a request by U.S. Attorney General William Barr this week to unlock two iPhones used by a terrorist suspect in a recent deadly shooting, the FBI appears to already have the tools needed to access the smartphones.

Apple turned down a request from U.S. Attorney General William Barr saying it would  not help unlock two iPhones used by the shooter, 21-year-old Mohammed Saeed Alshamrani. He is believed to have acted alone when he shot and killed three service members and wounded several others at the Naval Air Station in Pensacola, Fla. last month.

To read this article in full, please click here

Read more