New DDoS Attacks Leverage TCP Amplification

Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries
#cososec

https://www.darkreading.com/attacks-breaches/new-ddos-attacks-leverage-tcp-amplification-/d/d-id/1336339

Hey, #cososec. I came across this thread with lots of good infosec people to follow. I wonder how many of them we could get to come over on this side of the digital divide?

https://twitter.com/j_opdenakker/status/1192491213301207044?s=19

I would like to think that even fanboys now acknowledge that Apple is every bit as predatory as their rivals. This Corellium business stinks.
#cososec

///

https://twitter.com/Fox0x01/status/1193097348076978176?s=19
Apple vs. Corellium

Unredacted version of Corellium’s legal answer is public https://t.co/JXoyk6yI8F

This entire lawsuit is an obvious attempt to decreases the value of Corellium to either
1) own them, or
2) put them out of business to prevent researchers from finding bugs

Very bad form, Apple.
#cososec

https://twitter.com/chronic/status/1193021429932945410?s=19

Here's some #cososec humor: A breach excuse generator. Click the Equifax button it refresh to generate new ones.

http://whythefuckwasibreached.com/

This is really cool. Office files will open in their own tiny VM container to thwart macro viruses and other such things.
#cososec

https://twitter.com/GossiTheDog/status/1191829369439825922?s=09

Researchers hack Siri, Alexa, and Google Home by shining lasers at them

MEMS mics respond to light as if it were sound. No one knows precisely why.

https://arstechnica.com/information-technology/2019/11/researchers-hack-siri-alexa-and-google-home-by-shining-lasers-at-them/

#cososec

These doesn't look like your everyday server space lease.
#cososec

https://select.cryptohippie.com/blog/opaque-server/

Stop Leaving Your Smartphone's Bluetooth On

https://lifehacker.com/stop-leaving-your-smartphones-bluetooth-on-1817176967

#cososec

👋 Welcome, new CoSoNauts!

Time to crack those eggs: Upload a profile pic, fill out your profile and say hello. Follow @CoSoTips for help, or just ask.

Some tags to follow:
Infosec discussion at #cososec.
Music lovers and musicians: check out #cosomusic and #musictheory.
If you love good drinks, follow #caffeineclub #winetime #beerme #spirited and #mixmeup.
Animal lovers: #petsofcoso, #dogsofcoso, #catsofcoso.

We're glad you made it here. Enjoy the awesome, REAL conversation!

Amazon is saying nothing about the DDoS attack that took down AWS, but others are

Looks like some security staff were asleep at the switch

https://www.theregister.co.uk/AMP/2019/10/28/amazon_ddos_attack/

#cososec

Here's an overview of the kinds of computer and phone systems US military and intelligence use.
#cososec

https://electrospaces.blogspot.com/2015/03/us-military-and-intelligence-computer.html

People. STOP using your phone number for 2FA. #cososec

You can also add a secure passphrase to your account that must be given in order to make account changes. That would shut down this scam.

///

From NPR News
'SIM-Swap' Scams Expose Risks Of Using Phones For Secondary I.D. https://n.pr/2Wd1gma

"People who are using phones as their only source of two-factor identification are inviting identity theft," Bennett warns.

Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

https://thehackernews.com/2019/10/adobe-database-leaked.html

#cososec

Comcast Is Lobbying Against Encryption That Could Prevent it From Learning Your Browsing History

https://www.vice.com/en_us/article/9kembz/comcast-lobbying-against-doh-dns-over-https-encryption-browsing-data

#cososec

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html

#cososec

VPN question for #cososec people:

Any of you familiar with https://cryptostorm.is/ ?

I have been loath to go back to one of the big-name, heavily-advertised VPNs, because I really don't trust them.

This one looks very good to me, but I'm curious to hear from those in the know if they walk what they talk.

Feel free to DM if you don't want to discuss publicly.

Now I'm glad I didn't have NordVPN for that long.

https://twitter.com/kennwhite/status/1186075645962526720?s=19

#cososec

This is how you kick facial recognition out of your town

Bans on the technology have mostly focused on law enforcement, but there’s a growing movement to get it out of school, parks, and private businesses too.

https://www.technologyreview.com/s/614477/facial-recognition-law-enforcement-surveillance-private-industry-regulation-ban-backlash/

#cososec

Unpatched Linux bug may open devices to serious attacks over Wi-Fi | Ars Technica
https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/

#cososec