We at Privacy Now 2.0 finds a lot of articles about Best Cyber Monday VPN deals.
Disclosure: BleepingComputer has partnered with this vendor to promote special offers and discounts to our visitors. If a visitor purchases a product through a link in this article, BleepingComputer.com will earn a commission.
In 2015, when we transferred our hobby project Crypto Stick to the professional company Nitrokey, it was clear to us from the beginning that we would carry out the serial production of Nitrokeys in Germany. Of course we also buy components on the world market. But the final production of all Nitrokeys takes place in Germany. So we can ensure that the production meets our safety requirements. In addition, production remains flexible, so that we can produce customer-specific firmware and logos on request, even for relatively small quantities.
For us as a small company, it is a special challenge to produce manageable quantities in a high-priced country while keeping production costs competitive. We have successfully mastered this challenge through a high degree of automation. Instead of using high-priced or unsuitable industrial robots, we have developed tailor-made automation systems ourselves.
A self-developed three-axis automatic machine programs and tests up to 250 nitrokeys sequentially and fully automatically. Compared to manual work, only four minutes of working time are required instead of four hours. Thus we can produce up to 8000 Nitrokeys in one day.
Initializing the encrypted mass storage of the Nitrokey storage with random numbers is a lengthy process that takes up to 1.5 hours per Nitrokey. A sequential processing would take several weeks. Therefore we have developed a system that initializes 49 Nitrokeys in parallel and can be easily enlarged if necessary.
It is time to update WordPress to version 5.4.2 released on June 10th, 2020.
Five security issues are fixed in the new version together with twenty-two bug and regression fixes.
The security issues affect WordPress versions 5.4 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.
Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation
Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.
The introduction today of passwordless authentication support in Nextcloud Hub is a big step forward for organizations that want to reduce or even eliminate the use of passwords. In addition to Windows Hello, Nextcloud Hub is the 2nd popular service (we are aware of) supporting passwordless logins. What does that look like, a password-less world with WebAuthn and Nitrokeys? Read on!
What’s wrong with passwords?
Let’s first, quickly, revisit the problem with passwords. XKCD’s take on password strength is probably overly familiar by now, but it still sums up what is wrong with many passwords. Passwords don’t scale with the large amount of accounts everybody possesses nowadays. Therefore passwords need to be “enhanced” by the usage of password managers and second factor authentication methods. But those can be complicated to use and therefore lack acceptance. How to do better?
A security issue affects these releases of Ubuntu and
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Several security issues were fixed in Thunderbird.
- thunderbird: Mozilla Open Source mail and newsgroup
It was discovered that Message ID calculation was
based on uninitialized data. An attacker could
potentially exploit this to obtain sensitive
Mutiple security issues were discovered in
Thunderbird. If a user were tricked in to opening
a specially crafted message, an attacker could
potentially exploit these to cause a denial of
service, obtain sensitive information, or execute
arbitrary code. (CVE-2020-6793, CVE-2020-6795,
It was discovered that if a user saved passwords
before Thunderbird 60 and then later set a master
password, an unencrypted copy of these passwords
would still be accessible. A local user could
exploit this to obtain sensitive information.
Multiple security issues were discovered in
Thunderbird. If a user were tricked in to opening a
specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a
denial of service, conduct cross-site scripting (XSS)
attacks, obtain sensitive information, or execute
arbitrary code. (CVE-2019-20503, CVE-2020-6798,
CVE-2020-6800, CVE-2020-6805, CVE-2020-6806,
CVE-2020-6807, CVE-2020-6812, CVE-2020-6814,
CVE-2020-6819, CVE-2020-6820, CVE-2020-6821,
It was discovered that the Devtools’ ‘Copy as cURL’
feature did not fully escape website-controlled data.
If a user were tricked in to using the ‘Copy as cURL’
feature to copy and paste a command with specially
crafted data in to a terminal, an attacker could
potentially exploit this to execute arbitrary
commands via command injection. (CVE-2020-6811)
The problem can be corrected by updating your system
to the followingpackage versions:
Ubuntu 18.04 LTS:
After a standard system update you need to restart
Thunderbird to make all the necessary changes.
CVE-2019-20503, CVE-2020-6792, CVE-2020-6793,
CVE-2020-6794, CVE-2020-6795, CVE-2020-6798,
CVE-2020-6800, CVE-2020-6805, CVE-2020-6806,
CVE-2020-6807, CVE-2020-6811, CVE-2020-6812,
CVE-2020-6814, CVE-2020-6819, CVE-2020-6820,
CVE-2020-6821, CVE-2020-6822, CVE-2020-6825