Security

I have to be up front and tell you the truth. Being British, I don't know who Kris Jenner is.

Indeed, I have to admit that I thought the Kardashians were aliens in Star Trek.

Right now, you get most of your Linux software from your distribution’s software repositories. Those applications have to be packaged specifically for your Linux distribution, and you have to trust them with full access to your Linux user account and all its files.

But imagine if developers could distribute applications in a standard way so you could install and run them on any Linux distribution, and if those applications ran in a “sandbox” so you could quickly download and run them without the security and privacy risks.

Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.

One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen.

In the corporate world, it is well established that being on the front foot when it comes to security is an issue that demands money. As individuals feel the consequences of compromising security for convenience, will consumers change their ways?

Last week's discovery of Lenovo bundling Superfish malware that chose to insert its own self-signing certificate authority into Windows' trusted certificate chain under the auspices of serving ads to Lenovo customers highlights the extent to which hardware makers will try to squeeze a profit out of a low-margin business.

Let me see if I can guess your password. 12345? Qwerty? How about abc123 or Dragon or trustno1 (yes, I see what you did there), or Master?

If I guessed right, then shame on you: all of those feature in the top 25 worst passwords -- along with plenty of other all-but-impossible-to-crack strokes of genius like 111111 and letmein (yes, I see what you did there, too).

US delivers official warning about traffic intercepting adware.

PC giant Lenovo has acknowledged that adware it pre-loaded on several notebooks can be used in man-in-the-middle interception attacks.

A suburban Chicago police department paid a hacker a $500 ransom to restore access to data on a police computer that the hacker had disabled through the use of an increasingly popular type of virus.

The police department in Midlothian, a village southwest of Chicago, was hit in January by a form of the Cryptoware virus, which encrypted some files on a department computer, leaving them inaccessible without the encryption key, the Chicago Tribune reported (http://trib.in/17k9Hkv ).

It might come as something of a surprise, but Windows is more secure than not only Apple's iOS and OS X, but also Linux. I'll just let that sink in for a moment...

Windows, the operating system ridiculed for its vulnerabilities and susceptibility to viruses is actually more secure than the supposedly Fort Knox-like Linux and OS X. This startling fact comes from the National Vulnerability Database (described as the "US government repository of standards based vulnerability management data") which details security issues detected in different operating systems and software titles.

L33tdawg: John Matherly is incidentally keynoting #HITB2015AMS in May if you want to meet him 

A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys.