Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmCritical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag2020-02-09T22:37:24+00:00
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
jmOn Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm).
On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon.
]]>bluetooth android security exploits wormshttps://pinboard.in/https://pinboard.in/u:jm/b:cde9173e7c66/The World Is Getting Hacked. Why Don’t We Do More to Stop It? - The New York Times2017-05-15T09:09:01+00:00
https://www.nytimes.com/2017/05/13/opinion/the-world-is-getting-hacked-why-dont-we-do-more-to-stop-it.html
jmFirst, companies like Microsoft should discard the idea that they can abandon people using older software. The money they made from these customers hasn’t expired; neither has their responsibility to fix defects. Besides, Microsoft is sitting on a cash hoard estimated at more than $100 billion (the result of how little tax modern corporations pay and how profitable it is to sell a dominant operating system under monopolistic dynamics with no liability for defects).
At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, “pay extra money to us or we will withhold critical security updates” can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more.
Microsoft should spend more of that $100 billion to help institutions and users upgrade to newer software, especially those who run essential services on it. This has to be through a system that incentivizes institutions and people to upgrade to more secure systems and does not force choosing between privacy and security. Security updates should only update security, and everything else should be optional and unbundled.
More on this twitter thread: https://twitter.com/zeynep/status/863734133188681732]]>security microsoft upgrades windows windows-xp zeynep-tufekci worms viruses malware updates softwarehttps://pinboard.in/https://pinboard.in/u:jm/b:5288449ba31e/Schneier on Security: Internet Worm Targets SCADA2010-07-23T19:45:48+00:00
http://www.schneier.com/blog/archives/2010/07/internet_worm_t.html
jmwow malware worms passwords security schneier policies defaultshttps://pinboard.in/u:jm/b:ae034eb0990f/