The Technical Side of the Capital One AWS Security Breach August 3, 2019 | sento | Leave a comment On July 19th, 2019 Capital One got the red flag that every modern company hopes to avoid – their data had been breached. Over 106 million people affected. 140,000 Social Security numbers. 80,000 bank account numbers. 1,000,000 Social Insurance Numbers. Pretty messy right? Unfortunately, the 19th wasn’t when the breach occurred. It turns out that… Read More
Capital One Data Theft Impacts 106M People August 3, 2019 | sento | Leave a comment On July 29, FBI agents arrested Paige A. Thompsonon suspicion of downloading nearly 30 GB of Capital One credit application data from a rented cloud data server. Capital One said the incident affected approximately 100 million people in the United States and six million in Canada. That data included approximately 140,000 Social Security numbers and… Read More
Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’ July 21, 2019 | sento | Leave a comment Red faces in Moscow this weekend, with the news that hackers have successfully targetedFSB—Russia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world.… Read More
Amazon confirms it keeps your Alexa recordings basically forever July 3, 2019 | sento | Leave a comment If you (like so many of us) hate listening to recordings of your own voice, you may be in for an unpleasant future, as Amazon has confirmed it hangs on to every conversation you’ve ever had with an Alexa-enabled device until or unless you specifically delete them. That confirmation comes as a response to a… Read More
Kubernetes CLI tool security flaw lets attackers run code on host machine June 28, 2019 | sento | Leave a comment The Kubernetes project has patched today a dangerous security flaw that could allow for clever hacks where attackers may run code on the host machine. The vulnerability doesn’t impact the Kubernetes system itself, but kubectl (Kube control), the official command-line utility for working with Kubernetes installations. Security researchers have discovered a security flaw in the… Read More
A Second U.S. City Has Banned Facial Recognition June 28, 2019 | sento | Leave a comment Somerville, Massachusetts just became the second U.S. city to ban the use of facial recognition in public space. The ‘Face Surveillance Full Ban Ordinance,’ which passed through Somerville’s City Council on Thursday night, forbids any “department, agency, bureau, and/or subordinate division of the City of Somerville” from using facial recognition software in public spaces. The… Read More
DARPA’S $1.5-Billion Remake of U.S. Electronics June 28, 2019 | sento | Leave a comment About a year ago, the U.S.Defense Advanced Research Projects Agency pulled back the covers on its five-year, $1.5-billion scheme to remake the U.S. electronics industry. The Electronics Resurgence Initiative included efforts in “aggressive specialization” for chip architectures, systems that are smart enough to reconfigure themselves for whatever data you throw at them, open-source hardware, 24-hour… Read More
Key Conjurer: Our Policy of Least Privilege June 28, 2019 | sento | Leave a comment Hi, my name is Reza Nikoopour and I’m a security engineer on the Security team at Riot. My team is responsible for securing Riot infrastructure wherever we’re deployed – whether that means internal or external data centers or clouds. We provide cloud security guidance to the rest of Riot, and we’re responsible for Key Conjurer,… Read More
It’s Surprisingly Easy to Hack the Precision Time Protocol June 28, 2019 | sento | Leave a comment When it comes to synchronizing large and important networks, for instance in the energy or financial sectors, every microsecond counts. Different protocols have been designed and implemented to achieve such precision. One of the most effective approaches is called IEEE 1588-2008 or the Precision Time Protocol (PTP). But while PTP can in theory help networks… Read More
For two hours, a large chunk of European mobile traffic was rerouted through China June 8, 2019 | sento | Leave a comment For more than two hours on Thursday, June 6, a large chunk of European mobile traffic was rerouted through the infrastructure of China Telecom, China’s third-largest telco and internet service provider (ISP). The incident occurred because of a BGP route leak at Swiss data center colocation company Safe Host, which accidentally leaked over 70,000 routes… Read More