Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2896174 times)

polonus · « **Reply #5670 on:** May 04, 2018, 01:27:38 PM »

https://www.androidpolice.com/2018/05/02/google-amazon-closing-domain-fronting-loopholes-used-bypass-web-censorship/ (N.B. this link is being canvas fingerprinted for you, secure your last vestiges of online privacy).

First Google and now AWS (Amazon) close "domain fronting" service for Moxie Marlinspike's chat-app Signal.

For Google and AWS their core-business to Arab censorship states weighs heavier
than e2e encryption chat-app end-user security.
In the process we loose more and more of our Internet freedoms!

Als we need such large CDNs to facilitae "domain fronting", where to turn to now?

Now Signal developers have to look for other ways to circumvent state surveillance.

polonus

polonus · « **Reply #5671 on:** May 04, 2018, 07:27:07 PM »

Also Microsoft announced to stop providing this technique to circumvent state surveillance.

Re: https://blog.torproject.org/domain-fronting-critical-open-web

Just the independant journalist that depends for his or her security on it (out on tor, signal etc.)
are placed at jeopardy, thanks to the Big Brother Big Imperium State sp**ks that want to hack, block
and oversee all and everything.

And Google, AWS & also Microsoft now even better facilitate them sp**ks
(however sometimes urged forcefully under gag order).

To-morrow will be our Dutch Liberation Day, but can we still celebrate to have a really free Internet
or should we all be fearful inside the online panopticum that sees and hears all?

polonus

polonus · « **Reply #5672 on:** May 04, 2018, 11:41:33 PM »

All twitter users are urged to change their passwords
A breach through a bug leaked all plain txt passwords, gold for password hackers!

https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html

polonus

polonus · « **Reply #5673 on:** May 07, 2018, 01:05:56 PM »

Russia now blocks 50 vpn services as a Moscow court blocked access to the cloud-based instant messaging service Telegram in Russia. Google, Amazon and Microsoft now no longer will offer "domain fronting",
which also endangers users of tor and other similar software.

More:
http://tass.com/economy/1002762

We do not know what VPN services are affected.

polonus

polonus · « **Reply #5674 on:** May 07, 2018, 01:39:37 PM »

In the line of this all: https://blog.torproject.org/domain-fronting-critical-open-web

polonus

polonus · « **Reply #5675 on:** May 14, 2018, 12:37:57 PM »

Researchers find a very serious hole in PGP and S/MIME -
Journalists, political activists or whistleblowers are at risk!
And another time it is on the client-side!

What to trust and has everything now been thoroughly and utterly pn*wed by the Forces that Be?

Read: https://forums.theregister.co.uk/forum/1/2018/05/14/pgp_s_mime_flaws_allow_plaintext_email_access/
also very interesting read here: https://efail.de/

polonus (volunteer website security analyst and website error-hunter)

Pondus · « **Reply #5676 on:** May 15, 2018, 08:53:36 AM »

Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patch-tuesday-for-may-includes-updates-for-actively-exploited-vulnerabilities-2/

Pondus · « **Reply #5677 on:** May 15, 2018, 08:54:36 AM »

Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-traffic-in-port-7001-surges-as-cryptominers-target-patched-2017-oracle-weblogic-vulnerability/

Asyn · « **Reply #5678 on:** May 15, 2018, 10:55:19 AM »

Security updates available for Adobe Acrobat and Reader | APSB18-09
https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

Asyn · « **Reply #5679 on:** May 16, 2018, 06:32:38 AM »

Hacking attempt on central.owncloud.org
https://central.owncloud.org/t/hacking-attempt-on-central-owncloud-org/13535

polonus · « **Reply #5680 on:** May 23, 2018, 10:16:24 PM »

VPNFilter-malware infects 500.000 routers and NAS'es:

https://blog.talosintelligence.com/2018/05/VPNFilter.html

Vulnerable are Linksys, MikroTik, NETGEAR, TP-Link routers & Qnap built NAS.

Ukranian systems are being infested now like wildfire.

Providers are being asked to reset their customer's routers.

polonus

Asyn · « **Reply #5681 on:** May 24, 2018, 11:40:06 AM »

VMware Security Advisories - VMSA-2018-0013
https://www.vmware.com/security/advisories/VMSA-2018-0013.html

Pondus · « **Reply #5682 on:** May 25, 2018, 05:23:18 PM »

Pornhub launches its own VPN

https://www.theverge.com/2018/5/24/17382144/pornhub-launches-vpn-vpnhub

https://thenextweb.com/apps/2018/05/25/pornhub-launches-a-vpn-for-discreet-browsing-on-mobile-and-desktop/

alanb · « **Reply #5683 on:** May 25, 2018, 05:29:25 PM »

Next we'll have Facebook VPN

=Snake= · « **Reply #5684 on:** May 25, 2018, 10:44:52 PM »

Quote from: alanb on May 25, 2018, 05:29:25 PM

Next we'll have Facebook VPN

I didn't need Facebook. So I'm not interested in 'Facebook VPN'