Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that's affected a dozen carmakers.
This team of researchers has found many car-related bugs before. The vulnerability writeup is here.
New IETF standards take advantage of extra bits to produce time-sortable UUIDs. This can improve the locality of database keys and provide the ability to do a bit-by-bit comparison rather than parsing.
They're now available in .NET 9 Preview 7:
var guid = Guid.CreateVersion7();
var guidWithTimestamp = Guid.CreateVersion7(DateTimeOffset.UtcNow);
With today's technology, IT administrators must either route DNS traffic in the clear in order to detect and block malicious domains but trust malicious DNS servers or authenticate DNS servers, encrypt DNS traffic, and lose network monitoring. As Ars Technica describes, Windows aims to enable the best of both worlds:
[Zero-Trust DNS] aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices. [...] Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis. The result, he said, is a mechanism that allows organizations to, in essence, tell clients “only use our DNS server, that uses TLS, and will only resolve certain domains.” Microsoft calls this DNS server or servers the “protective DNS server.”
From Microsoft's announcement:
First, Windows is provisioned with a set of DoH or DoT capable Protective DNS servers; these are expected to only resolve allowed domain names. This provisioning may also contain a list of IP address subnets that should always be allowed (for endpoints without domain names), expected Protective DNS server certificate identities to properly validate the connection is to the expected server, or certificates to be used for client authentication.
Next, Windows will block all outbound IPv4 and IPv6 traffic except for the connections to the Protective DNS servers as well as the DHCP, DHCPv6, and NDP traffic needed to discover network connectivity information. Note that many options from these protocols will be ignored, such as RDNSS, as only the configured Protective DNS servers will be used.
Going forward, DNS responses from one of the Protective DNS servers that contain IP address resolutions will trigger outbound allow exceptions for those IP addresses. This ensures that applications and services that use the system DNS configuration will be allowed to connect to the resolved IP addresses.
Traffic is forbidden by default, allowed to IPs resolved only by your trusted DNS servers, and end-to-end encrypted without TLS termination.
So, you’re thinking of building a new thing. It’s going to be a lot like that other thing that already exists. In fact, it seems so similar that lots of folks are asking you why you’re building a new thing rather than using that existing thing, or maybe adapting that existing thing to your needs. [...] Here are some questions that are worth asking yourself as you make this decision.
A federal district court in New York has ruled that U.S. border agents must obtain a warrant before searching the electronic devices of Americans and international travelers crossing the U.S. border.
The ruling on July 24 is the latest court opinion to upend the U.S. government’s long-standing legal argument, which asserts that federal border agents should be allowed to access the devices of travelers at ports of entry, like airports, seaports and land borders, without a court-approved warrant.
Ultimately, both Haidt and his critics overstate their evidence. The former’s case isn’t strong enough to prove that iPhones “destroyed” Gen Z, but it also isn’t so weak that it can be dismissed as the mere byproduct of a moral panic.
Today, if I had to secure some new infrastructure paradigm I've never worked with, I would approach it by asking a series of questions based on those core security principles and suggest changes based on the answers. I can ask the same set of questions no matter what infrastructure paradigm is used because they are so foundational to securing any infrastructure.
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.
Normal people, as you may have heard, hang out on the internet. And what is the internet’s biggest trove of everyday moral dilemmas? Why, it’s Reddit’s “Am I the Asshole?” forum!
So, why not comb through millions of comments there to find out how people make moral decisions?
The domain name code.microsoft.com has an interesting story behind it. Today it’s not linked to anything but that wasn’t always true. This is the story of one of my most successful honeypot instances and how it enabled Microsoft to collect varied threat intelligence against a broad range of actor groups targeting Microsoft.