#HappyFriday
This is a weekly series to highlight the best articles and stories happening all over the web.
What was your favorite story? What topics would you like to see? Sound off in the comments!
Some Basic Rules for Securing Your IoT Stuff
Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked IoT devices had many experts warning of a dire outlook for Internet security, but the future of IoT doesn’t have to be so bleak.
Here are some rules that will help minimize the chances that your IoT things become a security liability:
- Rule #1: Avoid connecting your devices directly to the Internet
- Rule #2: If you can, change the thing’s default credentials
- Rule #3: Update the firmware
- Rule #4: Check the defaults
- Rule #5: Avoid IoT devices that advertise Peer-to-Peer (P2P) capabilities
- Rule #6: Consider the cost
Mozilla Joins U.S. Attorneys General In Bid to Restore Net Neutrality
Mozilla has joined a coalition of U.S. state attorneys general in battling the Federal Communications Commission’s controversial recent ruling that overturned net neutrality laws.
“The internet is a global, public resource,” Mozilla wrote in a blog post. “It relies on the core principle of net neutrality (that all internet traffic be treated equally) to exist. If that principle is removed — with only some content and services available or with roadblocks inserted by ISPs to throttle or control certain services — the value and impact of that resource can be impaired or destroyed.” The foundation has filed an appeal of the FCC ruling in the U.S. Court of Appeals for the District of Columbia.
Continue reading.
Congress Votes to Reauthorize NSA's Warrantless Surveillance of US Citizens
The US House of Representatives passed a bill today to renew the National Security Agency's warrantless internet surveillance program under Section 702 of the Foreign Intelligence Surveillance Amendments Act (FISA) of 2008.
The program became public in 2008 after the Edward Snowden revelations, and privacy and citizen rights groups have been trying to shut it down ever since, calling it a "backdoor to the Fourth Amendment" that allows US authorities to sift through US and non-US citizens' private conversations without a warrant.
Read the whole story.
macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities
The macOS and OS X malware has a number of insidious spying capabilities that would make anyone uneasy, and a variant recently analyzed by Synack chief security researcher Patrick Wardle was no exception.
“[FruitFly] was designed in a way to be interactive,” said Wardle, a former NSA analyst and founder of Objective-See where he has published a number of free tools for Mac malware analysis. “This can move the mouse, generate presses and interact with the UI elements of the operating system.”
Get the details.
Intel AMT Security Issue Lets Attackers Bypass BIOS and BitLocker Passwords
An F-Secure security researcher has found a way to use Intel's Active Management Technology (AMT) to bypass BIOS passwords, BitLocker credentials, and TPM pins and gain access to previously-secured corporate computers.
Sintonen says that computers on which AMT has been configured without an AMT password are vulnerable.
He says a malicious actor with access to the device can press CTRL+P during the boot-up process and select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, effectively bypassing any previous BIOS, BitLocker, or TPM logins.
Learn more.
What story from the last week the most important for you? We love hearing your feedback!
