Always Providing You With Ongoing Information

Posts tagged ‘Internet’

Google & Mozilla Changing What You See in Chrome & Firebox Address Bars

Snapshot24_002

Chrome 77, which is due out in September, sites that use Extended Validation (EV) certificates will no longer have a space in the address bar to display the site owner’s name.

Something similar is happening in desktop Firefox 70, scheduled for an October release, will be the same.

Mozilla and Google are moving the EV information to behind the padlock icon, which users can click on to view certificate information. Mozilla says its change to EV indicators is about “reducing the exposure of EV information while keeping it easily accessible”.

Certificate vendors could charge more for EV certificates to owners of HTTPS websites, such banks and e-commerce sites, which would undergo an extended validation process.

Google explains that its new approach to EV certificate indicators in Chrome 77 is because the Chrome Security UX team “has determined that the EV UI does not protect users as intended”.

“Users do not appear to make secure choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection,” Google says.

Additionally, EV indicators are an example of “positive indicators”, such as the padlock that still Chrome uses to indicate an HTTPS site.

Chrome will eventually remove the padlock icon for HTTPS sites and has already started instead to emphasize a red ‘Not secure’ warning for all HTTP sites. Firefox 77 will also follow Google Chrome’s lead on ‘not secure’ alerts for HTTP sites.

Researchers Found 35 Election Voting Systems Have Been Connected To The Internet

Snapshot6_001

A group of election security experts have found what they believe to be nearly three dozen backend election systems in 10 states connected to the internet over the last year, including some in critical swing states. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties—all states that are perennial battlegrounds in presidential elections.

Some of the systems have been online for a year and possibly longer. Some of them disappeared from the internet after the researchers notified an information-sharing group for election officials last year the researchers told Motherboard.

Votes are generally stored on memory cards inside the voting machines at polling places. After an election, poll workers remove these and they’re driven to county election offices. However, some counties want to get their results faster, so they use wireless modems, either embedded in the voting machines or externally connected to them, to transmit the votes electronically. The system that receives these votes, called an SFTP server, is connected to the internet behind a Cisco firewall.

For security reasons, the SFTP server and firewall are only supposed to be connected to the internet for a couple of minutes before an election to test the transmission, and then for long enough after an election to transmit the votes. But the researchers found some of the systems connected to the internet for months at a time, and year-round for others, making them vulnerable to hackers.

1565282528251-image3

ES&S diagram showing the configuration for the Cisco ASA firewall that sits on the internet in front of an FTP server that receives votes transmitted from voting machines. (The FTP server is labeled here as Data Comm RMS, for Results Management System). The diagram also shows the backend election-management system (EMS), which is used in some jurisdictions to program voting machines before each election, and the reporting system (EMS client) that collects votes from the FTP server and tabulates the results. Eleven states use ES&S’s DS200 optical scan machines with modems to transmit results on election night (the number of counties in a state that do this varies). Image: ES&S
Although no one is suggesting that any of these systems have been manipulated or hacked, the findings reveal how little local and federal election officials understand how these critical election systems are really configured and connected, and the extent to which they are beholden to what the vendors tell them.

Senator Ron Wyden (D-Oregon) said the findings are “yet another damning indictment of the profiteering election vendors, who care more about the bottom line than protecting our democracy.” It’s also an indictment, he said, “of the notion that important cybersecurity decisions should be left entirely to county election offices, many of whom do not employ a single cybersecurity specialist.”

“Not only should ballot tallying systems not be connected to the internet, they shouldn’t be anywhere near the internet,” he added.

1565282731675-image2

An ES&S document supplied to Rhode Island and dated 2015, which clearly shows the modem transmission of votes from the company’s DS200 optical scan voting machines going over the internet.

DEF CON 27 IoT

Snapshot23_002

The DEF CON 27 IoT Village, organized by security consulting and research firm Independent Security Evaluators (ISE) will highlight the significant challenges of security and privacy within this universe of devices on August 8-10, Eldorado Ballroom at the Las Vegas Flamingo Hotel.

IoT Village is now the premier platform for the IoT hacking community to inform manufacturers and consumers about new vulnerabilities research. The past six years, IoT Village has established a worldwide reputation at DEF CON, the largest gathering for hackers, and has showcased over 50 speakers who have exposed more than 300 vulnerabilities. IoT Village has educated countless attendees and sponsors about the most innovative techniques to both hack and secure IoT.

 

WIDESPREAD INTERNET OUTAGES !

dress2_001

A week ago Verizon caused a major BGP misroute that took out huge chunks of the Internet, including CDN company Cloudflare, partially down for a day.

Cloudflare went down again for half an hour yesterday, and this time, it was the company’s own fault— Javascript spiked the firewalls’ CPU usage, crippling throughput and causing widespread HTTP 502 errors. Microsoft’s Office365 also seems to have experienced a multi-hour partial outage yesterday, with the service working over some ISPs and routes but not others for about four hours.

Facebook and its properties WhatsApp and Instagram have suffered widespread outages relating to image display for most of today. The problem seems to be bad timestamp data being fed to the company’s content delivery network (CDN) in some image tags.

Twitter has suffered some as-yet-unexplained disturbances as well. The outages appear to be mostly in the Eastern United States and Europe, with few or no reports shown in other regions on several third-party outage-tracking sites.

Twitter DM outage spike on July 3, as shown at https://outage.report/twitter-direct-messages.

Twitter DM outage spike on July 3, as shown at https://outage.report/twitter-direct-messages.

 

The State Of Social Media, Facebook & Twitter Testify Before Congress

The Senate Intelligence Committee hosted the morning session, focusing on efforts being made to keep elections safe.

The Obamas & Netflix

pinkblouse4_001

Netflix states the partnership has the potential to include scripted, unscripted, and documentary series, as well as stand-alone documentaries and feature films. The Obamas created their own production company, Higher Ground Productions, for the announced (and likely future) projects.

The Obamas hope to cultivate and curate the talented, inspiring, creative voices who are able to promote greater empathy and understanding between peoples, and help them share their stories with the entire world. Sources close to the deal indicated at the time that the series might focus on inspirational stories or feature moderated discussions of the topics that were highlights of the Obamas’ time in the White House. The report also indicates that some episodes could feature conversations on health care or voting rights moderated by Barack Obama, while Michelle Obama might moderate a show focusing on nutrition, for example.

Executives from Apple and Amazon have also reportedly been in talks with the former president and first lady. Financial terms of the Netflix deal are unknown at this point, but the streaming service’s recent surge in spending on original content could give us a hint.

One thing the Obamas’ content on Netflix reportedly won’t do, however, is directly respond to his current critics in the White House, Congress, or right-wing media.

 

Senate Overturns Ajit Pai’s Net Neutrality Repeal

Snapshotlightman_001

The US Senate today voted to reverse the Federal Communications Commission’s repeal of net neutrality rules, with all members of the Democratic caucus and three Republicans voting in favor of net neutrality.

The Senate approved a Congressional Review Act (CRA) resolution that would simply undo the FCC’s December 2017 vote to deregulate the broadband industry. If the CRA is approved by the House and signed by President Trump, Internet service providers would have to continue following rules that prohibit blocking, throttling, and paid prioritization.

FCC Chairman Ajit Pai has scheduled his repeal to take effect on June 11. If Congress doesn’t act, the net neutrality rules and the FCC’s classification of ISPs as common carriers would be eliminated on that date.

Tag Cloud

%d bloggers like this: