Security Roundup - 2016-02-24

Sara “Scout” Sinclair Brody, previous product manager at Google and Executive Director of the new Simply Secure organization has an interesting article on how security software should be more usable for the average person.

Fraud! Ever interested about how banks figure out whether activity is fraudulent? Art forgery is fairly prevalent, and one scientist has come up with a method of ‘synthetic DNA authentication’ where they hide unique one time codes in DNA.

Thanks to my co-worker Marcello for pointing out the severity of CVE-2015-7547. Dan Kaminsky has a detailed explanation of why it is bad to have a bug like this in such a low library, as so much that uses DNS is built on top of it.

The Linux Mint’s server was hacked this week, resulting in their distribution being backdoored before the maintainers shut things down. The hacker responsible apparently did an interview, indicating they were hoping to build a botnet.

As a consumer of threat intelligence, I find Netflix’s FIDO Automatic Security Incident Response system super interesting.

Comodo, the ‘leading Internet Security Provider’, has been found to not only have disabled some security protections in their custom browser, but more recently been found to bundle a VNC server with a discoverable password.

There is a new ransomware package on the loose named Locky. Here is a detailed breakdown on the phishing, social engineering, and technical steps that it takes to take over your system.

Written on February 24, 2016