On June 12th 2019 we wrote a blog post about a new GnuPG server being launced (keys.openpgp.org).
Yesterday Robert J Hansen published a text about vulnerabilities in the widely used SKS keyserver network. As far as we understand the new key server at keys.openpgp.org will solve many of the vulnerabilities found in the SKS keyservers.
We guess we will publish more posts on this subject the coming days! Until then it is up to each and one to read the text by Robert and to take action acordingly! If you are not subscribing to the firstname.lastname@example.org e-mail list we strongly recommend you to do so now to get updates on the subject!
Electronic Frontier Foundation
Communities and lawmakers across the country are waking up to the fact that using face recognition for government surveillance is a troubling trend, particularly when used with cameras that police officers wear. On Thursday, Axon—a major police body-worn camera maker—added its voice to calls to press the pause button on this type of face surveillance, saying it will no longer be “commercializing face matching products on our body cameras at this time.”
Axon’s decision follows strong opposition to government use of face surveillance. San Francisco in May banned city use of face surveillance. This month, Oakland, California and Somerville, Massachusetts have both taken crucial steps toward adopting similar bans, with both measures now headed for full city council votes.
Insufficient vetting of parameters passed with the
Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user’s computer.
Full security note
For anyone who’s worried that their phone might be hacked to track their location, who they call and when, and other metadata that describes the intimate details of their life, one cyberespionage group has provided a reminder that hackers don’t necessarily even need to reach out to your device to gain that access. It may be far easier and more efficient for sophisticated stalkers to penetrate a mobile provider, and use its data to surveil whichever customers they please.
A report published this week by the NASA Office of Inspector General
reveals that in April 2018 hackers breached the agency’s network and
stole approximately 500 MB of data related to Mars missions.
The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.
Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
The New York Times
The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.
As protests erupted in the streets of Hong Kong this week, over a proposed law that would allow criminal suspects to be extradited to mainland China, the secure messaging app Telegram was hit with a massive DDoS attack. The company tweeted on Wednesday that it was under attack. Then the app’s founder and CEO Pavel Durov followed up and suggested the culprits were Chinese state actors. He tweeted that the IP addresses for the attackers were coming from China.