As the dust settles on arguably the largest identity hack in history people have been trying to figure out exactly what went wrong. It was known that the hack used an known vulnerability with the Apache Struts framework, found in March of this year. An analysis by Ars Technica hints at an failure by Equifax to apply the patches and block the Jakarta file upload multipart parser issues when found.
Blaming OSS for your mistakes is only valid if you keep it up to date, Equifax’s mistake is a lesson for us all.
Month: September 2017
Electronic voting – will we ever get it right?
Another online / electronic voting system has been torn to pieces in an hack test. The German “PC-Wahl” system – used to by the German states to capture, aggregate and tabulate the votes during an election was tested by the German WhiteHats The Chaos Computer Club (CCC). The findings were sobering, the system full of holes to be exploited and thus German elections can be in theory be tampered with.
New Chrypto standards and government participation
There has always been a tenuous relationship between security standards and the participation of governmental agencies in setting them. There was always rumors of back-doors, NSA and DES the strongest and longest living rumor mil. Now this has impacted the next generation of chrypto, and 2 proposed NSA chrypto schemes: Simon and Speck. Through strong international objections and concerns on these becoming ISO standards they have been allowed only in their strongest versions, as there is concern that there is a potential weakness to be exploited by said governmental agencies. Another example of the world post Snowden.
iPhone headphone jack hack
What do you do when Apple decides to no longer support headphone jacks? You make your own! Scotty Allen from Strange Parts took in upon himself to solve the problem by traveling to China and remake the iPhone 7 to contain a headphone jack without impacting the rest of the phones functionalities. Maker space on steroids!