Wednesday, June 3, 2015

There´re new winds blowing from the West

Inevitably we open the informative pill today with the announcement of the end of the USA Patriot Act, one of the legal axis which gave legal power to massive spying by American intelligence agencies like the NSA. And  we continue with one of the most talked about vulnerabilities of our encryption protocols, with a smart way to secure passwords, and the danger to all owners of an older Mac.

The news of the day, and predictably of the month: The US Senate votes to restrict the collection of massive data by NSA. The USA Patriot Act, a law created specifically after the terrible attacks of September 11, 2001, passes to be out of circulation, and minimizes the scope of agencies such as the NSA, which have to ask permission and defend case by case any attempt to monitor a citizen or group of citizens. It is expected, however, that the USA Freedom Act comes into force shortly. A more conservative law for citizens, which would provide enough power (not so much, it must be said) to this agency.
Github, the popular project repository service, is back in the news with a statement of SSH keys which could allow an attacker to access and modify the code hosted in some of its repos, such as Spotify and the UK government. And it is a critical problem, since access to these could lead to the installation of malware which would spread widely through services used by institutions automatically.
To prevent situations like these, ErsatzPasswords recommends to secure an authentication system as widespread as passwords, making in its creation comes into play a physical device function (PUF). With this, an attacker would exploit such security will also need real access to the device, since otherwise he´ll only get a false key which would not give him access to the real content.
And all this happens a few hours before we learn that our Mac OS devices can be vulnerable to an attack which infects the machine when it is in standby mode. Apparently it affects all OS X pre-2014 devices, changing the firmware (EFI), which is the controlling system startup. And hence, any evil that comes to your mind...
Good news and bad news, with some tools to defend ourselves against them. That was the information pill for today. Have a nice day!

0 comments:

Post a Comment