FBI extends voting security push, LA court hacker goes down, and more D-Link failures Here's your Reg roundup of security news beyond all the bits and bytes we've already covered. FBI refreshes voting security push Last year, the FBI kicked off Protected Voices, a campaign to improve voting security at the state and local level. The effort was just expanded for the coming year with new resources and materials, …
What also concerns and involves every American is this:
"Surveillance Court found that the FBI may have violated the rights of potentially millions of Americans"
https://theintercept.com/2019/10/10/fbi-nsa-mass-surveillance-abuse/
And now the FBI wants to give advise on voting???
If you hadn't noticed they're in the minority and are concerned more about voter fraud than poll hacking, probably with good reason. They'll never win California, New York, Illinois, or Virginia. With population shifts from higher tax states toward western states that feature low taxes and population densities they are turning blue, see Arizona and Nevada. With socialistic attitudes on the rise in the upcoming elections amongst Democrats, it don't look too good.
Funny, that D-Link can just get away with just saying, "Tough sh%t. Go buy a new router".
If any of those routers are under 10 years old, then I would hope that there owners are going to demand that D-Link either replaces them free of charge or gets off its ar$e and fixes the gaping security hole in the router.
Imagine the uproar if a car manufacture came out and said, "Oh yeah we've discovered a failure in the airbags, where they wont actually work, but because the cars involved are more then 5 years old, were not going to do anything about. Buy a new car instead."
It's crazy what firms in the IT world can get away with...
At least airbag modules can be replaced on their own. A better analogy would be if the problem was with the transmission failing ahead of schedule but due to their age they're out of warranty. Fixing the transmission would cost more than the car is worth (I speak from experience), meaning you're dead-end ed because they have the money to influence the legislators.
Remember Fight Club? IT companies can do this because the sums involved are small. How much is a consumer router? €100? €250 max? A car is €x0,000 and has a service life of many, may years whereas a router? Five tops before it will be replaced. Even Apple puts handsets into obsolescence after four years.
I can't even remember what router I had 10 years ago, I certainly would not be still using it.
"If any of those routers are under 10 years old"
Oh, some of those are ancient, over 10 years old, but DIR-866L - a fairly modern 802.1ac wireless router shamelessly modeled after the dustbin Mac Pro - was introduced in late 2014 and still available from resellers.
Fast, Good, Cheap - pick two. In D-Link's case, just pick Cheap.
Because D-Link is not providing updates to the devices listed above, it is important to replace any affected device with one that is currently supported by the vendor.
Slight correction: "... it is important to replace D-Link on your list of suppliers with a company that actually takes security seriously."
I already use my own DNS system (because I know how to make it work) - but DoH will put even more power in the hands of the same few companies that are getting a bigger and bigger control of the internet. The fact that Google will be able to collect and snoop over a bigger share of DNS queries doesn't make me feel better because my ISP can't.
"I already use my own DNS system (because I know how to make it work) - but DoH will put even more power in the hands of the same few companies that are getting a bigger and bigger control of the internet."
Again, what's stopping you rolling your own? If what you say were true, there is NOTHING stopping the likes of Google from doing it already by simply bypassing DNS the way Windows 10 bypasses DNS for its telemetry.
Again, what's stopping you rolling your own?
Hard-coded DoH server addresses in the browsers?
I haven't looked at Google's or Mozilla's DoH implementation, because I already use DoH-free browsers for most purposes. But I can certainly foresee a day when it will be necessary to use a non-mainstream fork to avoid the Google+Cloudflare DoH duopoly. That may not come to pass, but it would be trivial for Google to implement it in Chrome.
"Hard-coded DoH server addresses in the browsers?"
Instant non-viability in enterprises and other large-scale deployments where internal resolvers are the norm?
Like I said, if something can get away with not using DNS (and the blockers tied to DNS), they're doing it already (like Windows 10).
Which means companies are so scared of the government they willfully and fully cooperate - and that's exactly what every authoritarian regime wants to achieve - a system which works on its own to crush any dissent, where every "citizen" (now a slave) controls and is ready to report every other else.
"While the router is theoretically the customers problem and many have upgraded, there must be an enormous number still in use"
I was going to say the DIR-615 is hopelessly outdated, but what I see these days on Amazon is nothing like the boxy gray DIR-615 I used before I switched to a Netgear Nighthawk AC1900. And I switched because it chugged like no end when using encrypted WiFi, and its IPv6 support was inadequate.
On one hand, the typical impact security tools and parental controls, as well as make it harder for law enforcement to catch criminals sets of all the usual important bells in the heads of all sane netizens, but Google being behind the lamented technology offsets any lingo-based gains.
The bottom line is that every corporation will be MITMing all employee generated traffic in no time unless they are already doing so. At home the situation is different - virtually everyone is neck deep in Google already, so there is nothing to fear there. The remaining half percent will carry on being called tinfoil hats and everyone will be happy again.
"Weary of the threat posed by quadcopter drones flying into unwanted areas, developers with Kaspersky says it is working on a software platform ...................."
Unless Kaspersky have some of Nigel Farage's Brexit dust no quantity of software will stop a drone without the associated radio transmission equipment.
The likelihood of Joe public, or any non government business, successfully being granted permissions to transmit GPS and similar jamming signals is (I sincerely hope) a little lower than the square root of naff all.
So who are Kaspersky aiming this product at? I suspect that the security and police services have access to appropriate equipment already.
"And perhaps most importantly, he compromised the integrity of the LASC, which is a court system that thousands of people rely on to administer justice."
Are the "thousands of people" just crims? Seems to me that there's several million citizens in that area so aren't they relying on this system?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
