Issue 45

Yahoo breach affected not one, but three billion accounts

They recently learned that literally -all- Yahoo accounts were compromised.


Whole Foods point of sale system breached

Not the POS system from their stores themselves, but from the taprooms and restaurants in their stores.


Not all Mac's are getting their firmware updates

Researchers from Duo discovered that about 4.2% of Mac's don't have the EFI firmware version they should have, leaving the machine potentially vulnerable to nasty malware. One model had this problem in as much as 43% of the tested machines.
They released a tool to see if yours is affected too.


Cloudflare announces Unmetered Mitigation: DDoS protection without limits for everyone

Even if your on their free plan, they will always protect you against DDoS attacks without charging anything extra. Quite an amazing announcement. This Wired article has some more background.


Google to enforce HSTS on the top-level domains it operates

HSTS is a mechanism that forces visitors to connect using HTTPS instead of HTTP.
Google is the registrar for a bunch of top-level domains, like .dev, .app and .how. It has announced that it will enable HSTS on all of those.


Cloudflare explains Gatebot, a bot to defend against DDoS attacks

Awesome blogpost from Cloudflare on how they mitigate various kinds of DDoS attacks, and how they wrote Gatebot to automate much of it.


Update all the things

This is never an exhaustive list of course, but just a few things that hit my radar.

  • Google has discovered a bunch of vulnerabilities in DNSMasq, a widely used service for DNS, DHCP, router advertisements and network boot. If you use it, make sure to install patches. (link)
  • Android fixed 14 bugs, five of which critical, in its October update. (link)
  • Netgear released 50 patches for its devices, 20 of which rated critical. (link)

Dieter Van der Stock


France's first cyber attack, two centuries ago

Fun read on how France used to have 'message towers' to relay messages from one end of France to the other, and how it was subverted for profit by two brothers.


Humble Book Bundle: Hacking Reloaded

Only two days left on this one, I'm sorry for only catching it this late :/ If you read this in time, there is some great stuff in there.