Security News

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

The Republic of Korea took two bold steps into the future on Tuesday, by announcing that the last of its 2G networks will go offline in June and that it will initiate large-scale adoption of communications protected by quantum encryption. The quantum tests will build on demos conducted in 2020, but this time South Korea's government hopes to involve multiple industries and to educate them on the benefits of the tech and how to adopt it.

As the total number of people working from home has grown dramatically in the last year or two, so has the number of individuals who use all of their own technology for their jobs. If you're a remote worker who relies on your own PC to get your work done, then you may be at a heightened risk for some of the major threats that are impacting the computer industry as a whole.

How far the company, Colonial Pipeline, went to address the vulnerabilities isn't clear. Colonial said it initiated the restart of pipeline operations on Wednesday afternoon and that it would take several days for supply delivery to return to normal.

He also identified flaws in the way frame aggregation - combining multiple network data frames - and frame fragmentation - splitting network data frames into smaller pieces - are implemented that magnify the impact of potential attacks. The 802.11 frame aggregation flaw involves flipping an unauthenticated flag in a frame header, which allows the encrypted data payload to get parsed as if it were multiple aggregated frames instead of a simple network packet.

An entity claiming to represent ransomware gang REvil says it has accessed "Large quantities of confidential drawings and gigabytes of personal data" from Quanta Computer Incorporated, a Taiwanese manufacturer that builds laptops and other gadgets for the likes of Apple, HPE, Lenovo, Cisco, and plenty of other top-tier tech companies. REvil said it is "Negotiating the sale" of the trove "With several major brands" and is sitting on data describing Apple's Watch, MacBook Air, and MacBook Pro, plus the Lenovo ThinkPad Z60m. The post announcing the alleged crack includes technical drawings of a laptop that bear Apple's logo.

On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.

Last month, Google announced plans to roll out a new privacy-focused feature called Federated Learning of Cohorts for the Chrome browser and ad serving websites. FLoC has been criticized by the Electronic Frontier Foundation and outright rejected by makers of Vivaldi and Brave browsers for its debatable claim of being a privacy-preserving technology.

America's plan to compete with China includes a call for the land of the free to dominate tech standards bodies, especially for 5G, and to appoint an ambassador level official to lead a new "Technology Partnership Office" that Washington will use to drive tech collaboration among like-minded nations. Released last Thursday by the Senate Foreign Relations Committee, and expected to have bipartisan support, the draft Strategic Competition Act of 2021 offers 281 pages of policy aimed at "Ensuring the United States is postured to compete with China for decades to come," in the words of ranking member US Senator Jim Risch.

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. While browsing the web, most people at one time or another have been redirected to a tech support scam web site that pretends your computer is infected and then prompts you to dial a displayed phone number.