Tux Machines

Security: Microsoft Breaches and More

Posted by Roy Schestowitz on Sep 29, 2023

Programming Leftovers
Open Hardware: Arduino and More

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

↺ Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system.

US State Department Says 60,000 Emails Taken in Alleged Chinese Hack [Ed: Microsoft ruins nations]

↺ US State Department Says 60,000 Emails Taken in Alleged Chinese Hack
The US State Department said that hackers took around 60,000 emails in an attack which Microsoft has [falsely] blamed on China.
[...]
“It was approximately 60,000 unclassified emails that were exfiltrated as a part of that breach,” State Department spokesman Matthew Miller told reporters.
“Classified systems were not [breached]. These only related to the unclassified system,” he said.

Government Shutdown Could Bench 80% of CISA Staff [Ed: Not much of value would be lost]

↺ Government Shutdown Could Bench 80% of CISA Staff
↺ Not much of value would be lost
Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown.

Cyberattacks hit military, Parliament websites as India-based group targets Canada [Ed: Windows TCO]

↺ Cyberattacks hit military, Parliament websites as India-based group targets Canada
The attacks seem to have hit institutions controlled by the government, but not the core infrastructure from which federal departments and agencies operate.

Millions of files with potentially sensitive information exposed online, researchers say

↺ Millions of files with potentially sensitive information exposed online, researchers say
Researchers with Censys, a service that indexes devices connected to the [Internet] and the services they’re running, recently indexed nearly 314,000 distinct [Internet]-connected devices and web servers with open directory listings and at least one file. The scanner then took note of file names, paths, file sizes and last-modification timestamps, creating what the company calls “one of the most comprehensive databases of all open directories on the internet.”

Passkeys, Crypto, and Signing AI Content

↺ Passkeys, Crypto, and Signing AI Content
Under the hood, it’s just crypto (as in cryptography). There’s a public and private key pair that’s generated. The private keys are used to sign log-in challenges sent by the authenticating service. We’ve had hardware security keys and WebAuthn for a while but mostly used them as a second-factor authentication. They required you to buy an additional device (usually USB). They weren’t used as primary authentication because if you lost the device, you couldn’t recover your account.
gemini.tuxmachines.org