Category: Security
"Google+ to Shut Down Following Bug That Exposed 500K Profiles"
Mobile Carriers’ App/Website Cell Phone Log-in Project: "The Devil Is in the Details of Project Verify’s Goal to Eliminate Passwords"
California Passes Bill That Regulates Security for Internet of Things Devices"
"Exclusive: Tim Berners-Lee Tells Us His Radical New Plan to Upend the World Wide Web"
"Mobile Websites Can Tap Into Your Phone’s Sensors Without Asking"
"The Ticking PHP Time Bomb"
"Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades"
USENIX Security Symposium Presentation: "Just Say No: Wi-Fi-Enabled Appliance Botnet Could Bring Power Grid to Its Knees"
"How to Protect Your PC From the Intel Foreshadow Flaws"
"Blockchain Gains Currency in Higher Ed"
"Vulnerabilities in Fax Protocol Let Hackers Infiltrate Networks via Fax Machines"
Directory of Open Access Journals Under Attack
Clara Armengou, DOAJ Project and Communications Manager, reports on 8/12/2018 on Liblicense that:
After much investigation and active measures, we can state that the DOAJ is effectively under attack from an unknown third party.
We have deployed a number of counter-measures to halt this attack, but with limited success, and are therefore forced to take even more extreme measures to attempt to mitigate this. We hope that this will work but we cannot predict the outcome at this stage.
Academic Library as Scholarly Publisher Bibliography | Digital Curation and Digital Preservation Works | Open Access Works | Digital Scholarship | Digital Scholarship Sitemap
"New Genre of Artificial Intelligence Programs Take Computer Hacking to Another Level"
"Moving Your Site From ‘Not Secure to Secure"
"Wi-Fi Alliance Introduces Wi-Fi CERTIFIED WPA3 Security"
"Here’s the Status of Meltdown and Spectre Mitigations in Windows"
"VPNFilter Malware Infecting 500,000 Devices Is Worse Than We Thought"
"New VPNFilter Malware Targets at Least 500K Networking Devices Worldwide"
The Cisco Talos Intelligence Group has released "New VPNFilter Malware Targets at Least 500K Networking Devices Worldwide."
Here's an excerpt:
Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.
See also: "F.B.I.'s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware."
Research Data Curation Bibliography, Version 9 | Digital Curation and Digital Preservation Works | Open Access Works | Digital Scholarship | Digital Scholarship Sitemap
"Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw"
"How to Check if Your PC or Phone Is Protected Against Meltdown and Spectre"
"Windows Spectre Patches Are Here, But You Might Want to Wait"
Meltdown and Spectre Attacks Could Threaten Computing Devices from Cellphones to Servers
The threat to computing devices by Meltdown and Spectre is widespread.
- 'Meltdown' and 'Spectre': Every Modern Processor Has Unfixable Security Flaws
- Meltdown and Spectre: Bugs in Modern Computers Leak Passwords and Sensitive Data
- Spectre and Meltdown: Details You Need on Those Big Chip Flaws
- Meltdown and Spectre FAQ: Fix for Intel CPU Flaws Could Slow Down PCs and Macs
- Researchers Discover Two Major Flaws in the World's Computers
Research Data Curation Bibliography, Version 8 | Digital Curation and Digital Preservation Works | Open Access Works | Digital Scholarship | Digital Scholarship Sitemap
"Rethinking Authentication, Revamping the Business"
Roger C. Schonfeld has published "Rethinking Authentication, Revamping the Business" in The Scholarly Kitchen.
Here's an excerpt:
While I have heard these arguments on and off this year, the meeting hosted by CCC [Copyright Clearance Center] made abundantly clear that there is great dissatisfaction with IP-based authentication across the community. Publishers want to move away from it due to their piracy concerns, their desire to improve seamlessness for researchers, and their expectations about the value they can offer through greater personalization. . . . And at least some academic librarians want to move away from it because of the poor user experience, especially with off-site access. Taking aim at IP authentication and proxy servers has become all the rage. But what might supplant them?
Digital Curation and Digital Preservation Works | Open Access Works | Digital Scholarship | Digital Scholarship Sitemap
"7 Things You Should Know About Federated Identity Management"
EDUCAUSE has released "7 Things You Should Know About Federated Identity Management."
Here's an excerpt :
Identity management refers to the policies, processes, and technologies that establish user identities and enforce rules about access to digital resources. With an enterprise identity management system, rather than having separate credentials for each system, a user can use a single digital identity to access all resources to which the user is entitled. Federated identity management permits extending this approach above the enterprise level, creating a trusted authority for digital identities across multiple organizations. It results in greatly simplified administration and streamlined access to resources; eliminating the need to replicate databases of user credentials for separate applications and systems offers improved security. Federated identity management puts the focus on users of information and services rather than on entities that house those resources.