Tag Archive for: Page

Security Hacks | Hackaday | Page 86

/in


On February 20th, servers hosting the Linux Mint web site were compromised and the site was modified to point to a version of Mint with a backdoor installed. Very few people were impacted, fortunately; only those who downloaded Mint 17.3 Cinnamon on February 20th. The forum user database was also compromised.

What is most impressive here is not that Linux Mint was compromised, but the response and security measures that were already in place that prevented this from becoming a bigger problem. First, it was detected the same day that it was a problem, so the vulnerability only lasted less than a day. Second, it only affected downloads of a specific version, and only if they clicked a specific link, so anyone who was downloading from a direct HTTP request or a torrent is unaffected. Third, they were able to track down the names of three people in Bulgaria who are responsible for this hack.

As far as the forum compromise, the breech netted usernames, emails, and encrypted passwords, as well as personal information that forum users may have entered in signatures or private messages. It’s always nice to see when compromised sites are not storing passwords in plain text, though.

There is one security measure which should have protected against this and failed for a couple of reasons, and that’s the signature. Normally, the file download is accompanied by a signature which is generated from the file, like an MD5 or SHA checksum. By generating the checksum of the downloaded ISO file and comparing it to the reported signature on the web site, one can confirm that the file has downloaded correctly and that it is the same file. In this case anyone downloading the bad ISO should have caught that the downloaded file was not the official one because the signatures did not match. This can fail. Most people are too lazy to check (and there is no automated checking process). More importantly, because the attackers controlled the web site, they could change the site to report any signature they wanted, including the signature for the bad ISO file.

If you are affected by this, you should change your password on the forum and anywhere you use the same email/password. More…

Source…

[Asia’s Next Page] Japan’s Planning on Taiwan: Mitigating Beijing’s Gray-Zone Warfare

/in


~~

~

China under Xi Jinping has been through rapid economic growth, giving it increased leverage to engage more assertively in questions of its territorial and maritime claims. While a multitude of diplomatic, military and strategic tools have been employed in pursuit of its goals lately, none has been as consistent as the gray-zone tactics it has resorted to over the last decade. 

By using military and non-military means of coercion, Beijing has systematically established its presence as a strategic challenge to the status quo and as a threat to multiple actors within the realm of international security. Motivated by its historical claims in regard to the South and East China Sea (ECS) and its “One China” policy, China’s unrelenting use of gray-zone warfare tactics against Taiwan have raised alarm. 

Heavily compromised cross-strait relations pose a threat to Japan, whose national security is intrinsically linked with that of Taiwan. As the Taiwan crisis rapidly escalates, how can Japan mitigate Beijing’s gray-zone tactics and ensure its own national security?

Converging Defense Postures

Referring to threats that do not amount to an armed attack, Japan’s 2021 Defense White Paper significantly emphasizes the importance of mitigating gray-zone actions. 

Tokyo essentially defines a gray-zone situation as one wherein a country confronts another over territorial, sovereign, maritime interests or other economic interests by forcefully demonstrating its presence. Identified as neither peacetime nor contingency situations, Japan recognizes the activity as “part of inter-state competition,” harboring “the risk of rapidly developing into graver situations without showing clear intentions.” Accordingly, Japan’s white paper calls for increased concern over the disputed Senkaku Islands (referred to as Diaoyu by China), considering China’s growing gray-zone activity to strategically assert its presence in the region. 

China’s increasingly threatening approach towards Taiwan has resulted in the need for a rigorously strengthened defense posture for the latter. The second Taiwan Quadrennial Defense Review (QDR 2021) under President Tsai…

Source…

Google’s ‘My Activity’ page is now more secure with added password protection

/in


One of the biggest themes of Google I/O 2021 surrounded keeping your accounts and information secure. There are coming to apps like Google Photos with its Locked Folders, along with a slew of new improvements to the built-in password manager on Chrome for Android. Now, Google is adding another way to keep your precious information protected, and it has everything to do with the My Activity landing page.

Google’s My Activity page is essentially a hub where you can view all of the different information that Google has stored regarding your account. This includes Search results, Maps, YouTube, Shopping, and more. But until now, this information could have been accessed by anyone who’s able to log into your account, or even if you left a browser window open on your computer.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

Starting today, when you visit the ‘My Activity’ page (via 9to5Google), a little prompt appears stating “Safer with Google – You can add more security to My Activity by turning on extra verification.” This bubble points to a new section under Google protects your privacy and security.

From here, you can either click Manage or Dismiss within the bubble, or click Manage My Activity verification. A new pop-up window will appear in the same browser tab, providing you the option to either Require extra verification or not. When requiring the extra verification, you’ll need to again enter your Google account password, before being able to view your “My Google Activity” page.

We’re a little bit surprised that this wasn’t already available. But we’re also happy to see that Google keeps an eye on the “little” things that we can do to make our accounts and information more secure.

Interview: Diablo Immortal devs talk adapting Diablo lore in new ways
a return to the past

Interview: Diablo Immortal devs talk adapting Diablo lore in new ways

Diablo Immortal has quickly become one of the most anticipated mobile games in recent memory. As it enters its second closed alpha, we caught up with Julian Love and Justin Dye from Blizzard to chat about the game’s design, narrative, and how it fits into the Diablo lore.

Sweat harder with these true wireless earbuds
Break a sweat

Sweat harder with these true wireless earbuds

Like to listen to music or podcasts…

Source…

Page not found – StorageReview.com

/in


About StorageReview

StorageReview.com is a world leading independent storage authority, providing in-depth news coverage, detailed reviews, SMB/SME consulting and lab services on storage arrays, hard drives, SSDs, and the related hardware and software that makes these storage solutions work. Our emphasis is on storage solutions for the midmarket and enterprise, with limited coverage of core brands that offer client storage solutions.

Source…