Google Mending Another Crack in Widevine

Credit to Author: BrianKrebs| Date: Mon, 26 Oct 2020 23:54:08 +0000

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated.

Read more

The Now-Defunct Firms Behind 8chan, QAnon

Credit to Author: BrianKrebs| Date: Thu, 22 Oct 2020 21:48:35 +0000

Some of the world’s largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan’s current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators. In practical terms, what this means is that the legal contracts which granted these companies temporary control over large swaths of Internet address space are now null and void, and American Internet regulators would be well within their rights to cancel those contracts and reclaim the space.

Read more

Microsoft Patch Alert: October 2020

Credit to Author: Woody Leonhard| Date: Thu, 22 Oct 2020 04:32:00 -0700

October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here

Read more

(Insider Story)

Read more

A phenomenal Android privacy feature you probably forget to use

Credit to Author: JR Raphael| Date: Tue, 20 Oct 2020 08:51:00 -0700

It’s amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it’s also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it’s only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate “AHAH!” in this rusty ol’ noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It’s a little somethin’ called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here

Read more

Zoom's new encryption approach is incremental, but better

Credit to Author: Evan Schuman| Date: Mon, 19 Oct 2020 04:46:00 -0700

Just like their consumer counterparts, enterprise IT execs have flocked to Zoom for all manner of meetings. But security has invariably taken a backseat to convenience and availability, as anyone who has endured a Zoom intruder knows all too well.

Zoom this week (it hasn’t yet said exactly when) will roll out its upgraded encryption option. But it comes at the cost of surrendering various popular features. And it also does not come with improved authentication and identification of users, a capability Zoom now is promising to deliver sometime in 2021.

Zoom describes its current encryption offering as adequate, but not ideal:

To read this article in full, please click here

Read more

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday

Credit to Author: Greg Lambert| Date: Mon, 19 Oct 2020 04:09:00 -0700

This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final “change” for this release was a relatively minor update to Visual Studio – leading to no change in our recommendations in this benign update.)

To read this article in full, please click here

(Insider Story)

Read more

QAnon/8Chan Sites Briefly Knocked Offline

Credit to Author: BrianKrebs| Date: Mon, 19 Oct 2020 04:03:45 +0000

A phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. Following a brief disruption, the sites have come back online with the help of an Internet company based in St. Petersburg, Russia.

Read more