Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

May 17, 2019

Declining Hacktivism

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 7:24 pm

A 95% drop in Hactivist attacks since 2015 is explained by Cimpanu as mostly due to the decline of the Anonymous hacker collective, described as:

But nothing has led to the group’s demise more than the inefficiency of most of its attacks. Defacing websites and launching DDoS attacks rarely gets anything done.

Neither does stealing data from websites that are completely unrelated to a specific topic. In many cases, Anonymous hackers ended up dumping personal user information into the public domain and hurting innocent people for ridiculous causes, attracting both scorn and ridicule.

Most hacking attacks don’t have the impact of an AGM-114 Hellfire missile at a BP Oil shareholders meeting. Granted but that’s hardly a criteria for hacking success.

Cimpanu’s “hurting innocent people for ridiculous causes” captures his allegiance to oppressive status quo systems better than any invective from me. Would dumping the personal information of DoD employees qualify? Or DoD employees with their deployments overseas, matching them up with locations for anyone looking for likely suspects in war crimes? There are parts of the world where that would be a very popular database.

Cybersecurity degrades with every hire and new 0days appear on a regular basis. Now should be a golden age of hacktivism, save for next year, which will be even better.

Don’t be discouraged by law enforcement puffery about stopping hackers. If they are that good, why are children being sold for sex through the Atlanta airport? Or drugs pouring across the border in large cargo trucks? Or banks being robbed for that matter. Don’t they know where all the banks are located?

I’m hopeful the headlines next year will declare hacktivism is on the rise, don’t you?

May 16, 2019

Free Online Proxy Servers (Review)

Filed under: Cybersecurity,Proxy Servers,Tor — Patrick Durusau @ 3:59 pm

The Best Free Online Proxy Servers You Can Use Safely by Dan Price.

From the post:

Proxy sites and proxy servers allow internet users to bypass internet restrictions and access content that would otherwise be blocked.

Lots of free proxy providers exist, but which are the best? Are there any risks of using a free online proxy? And what alternatives are available?

Price has a top 5 free proxy servers that starts with HideMyAss and goes down from there. 😉 Links to several paid proxy services are listed as well.

HideMyAss uses cookies so best to approach them using a VPN and a Tor browser. You should be using a VPN and a Tor browser by default. Even if you don’t need that level of security, it helps to generate traffic that benefits others.

RIDL and Fallout: MDS attacks (Intel Chips)

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 2:50 pm

RIDL and Fallout: MDS attacks

From the webpage:

The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites. Our attacks leak data by exploiting the 4 newly disclosed Microarchitectural Data Sampling (or MDS) side-channel vulnerabilities in Intel CPUs. Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches. We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use our attacks to leak sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.

In addition to being a great post, there is an interactive image of the Intel chip with known vulnerabilities in color.

The uncolored areas may have unknown vulnerabilties.

Good hunting!

0day “In the Wild” (05-15-2019)

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 1:56 pm

0day “In the Wild”

Catalin Cimpanu tweeted that Google has updated its 0day “In the Wild” spreadsheet.

For an introduction to the spreadsheet, see Zero Day.

Given update rates, the earliest zero days from 2014 probably have another five (5) years of useful life left. Perhaps more with government installations.

Enjoy!

Brzozowski derivatives – Invisible XML – Thinking, Wishing, Saying – Must be … Balisage 2019!

Filed under: Conferences,XML,XQuery,XSLT — Patrick Durusau @ 1:20 pm

Balisage 2019 Program Announced!

An awesome lineup of topics and speakers await Balisage 2019 goers. From the expected, standoff markup in browsers (yes, that usual fare at Balisage) to re-invention of markup “seen” when looking at a file with no markup (HyTime) and beyond, you are in for a real treat.

I saw several slots for late-breaking news so if you have something really profound and coherent to say, you’d best be polishing it now. Just looking at the current program gives you an idea of the competition for slots.

Why attend? General Eric Shinseki said it best:

If you dislike change, you’re going to dislike irrelevance even more.

Don’t risk irrelevance! Attend Balisage 2019!

May 9, 2019

Skipping ISP Blocks – Thanks Google!

Filed under: Browsers,Privacy — Patrick Durusau @ 8:01 pm

Google’s Web Packaging standard arises as a new tool for privacy enthusiasts by Catalin Cimpanu.

From the post:

… Web Packaging allows website owners to create a cryptographically-signed version of the page, in one single file, which they can distribute to users via alternative channels, even without breaking HTTPS support.

Google says that website owners can share these signed versions of their pages via their normal web server, via cache systems, or even using peer devices, such as other users’ smartphones and computers.

Web Packaging looks like an ideal solution in cases where nation-states or internet service providers might block access to a website.

Website owners can create signed packages of their sites’ pages, which can then be introduced inside a network of peers and shared among users without having to connect to the origin server that might have been blocked locally.

Further reading:

Dodging ISP blocks can be done as simply as zipping up files and posting the zip archive to a non-blocked ISP. What motivates the Web Packaging work is a desire for “signed” pages for offline use. The dodging of ISP blocks is a side effect of other requirements.

Even if unintentional, another mechanism for dodging ISP blocks merits your support and patronage. Presently supported only in Chrome.

Powered by WordPress