June 1, 2020
Niles Nerd

WTH Security News June 1, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

Zero-day in Sign in with Apple. Glad this is fixed, glad Apple paid out $100,000 to a responsible researcher, but this is a good lesson in slow adoption of anything new that claims security at the outset.

Cisco security breach hits corporate servers that ran unpatched software. Cisco is one of many to get bitten by vulnerabilities in open source Salt manager.

Russian hackers are exploiting bug that gives control of US servers. Sandworm group uses emails to send root commands to buggy Exim servers. Exim servers are often used “behind the scenes” for mail security products, and not publicly exposed. Those are vulnerable as well.

Dangerous SHA-1 crypto function will die in SSH linking millions of computers. Lagging far behind others, SSH developers finally deprecate aging hash function.. We’ve seen the writing on the walls for SHA-1 for years, but now there’s a number. Under $50,000 of computing power to break into an SHA-1 protected system.

Career Choice Tip: Cybercrime is Mostly Boring. The economics of illegal hacking appear attractive to some people, but thankfully Brian Krebs exposes how mostly boring it is to be involved in cybercrime.

Did you know?

The Guided Access Escape is not fixed in iOS 13.5 so I blogged about it here. It is an almost-hidden feature in iOS, but Guided Access is a powerful tool.