Wednesday, April 21, 2021

Security Smorgasbord, vol. 13 no. 1

I really need to get back into doing these.  So here you go.

RIP, FTP

Mozilla is removing support for downloading files from FTP links.  All in all, this is a good thing - we've known that passing unencrypted usernames and passwords across the Intarwebs is A Very Bad Thing Indeed for oh, 30 years or so.

Google: Here's a cool new privacy feature.  Everybody: Nah, we're good

Google has a new privacy "solution" that pretty much everybody thinks is designed to rip off users' privacy even more.  The Vivaldi team released a statement that really sums up why none of the browsers (other than Chrome) are going to use Google's cunning scheme:

“We will not support the FLoC API and plan to disable it, no matter how it is implemented. It does not protect privacy and it certainly is not beneficial to users, to unwittingly give away their privacy for the financial gain of Google.”

Oft evil will shall evil mar, and all that.  Hey Google, don't be evil.  (P.S. Don't use Chrome)

SAP attacks under way in the wild

You don't get more buttoned down corporate in the software world than database maker SAP.  And they're seeing attacks against their software, as hackers reverse engineer SAP security patches.

 2 year old VPN server vulnerability being exploited in the wild

I can't imagine why someone wouldn't install a critical security patch on a critical security device, but it seems that a bunch of folks haven't.  Oooooh kaaaaay, then.

SpaceX encrypts telemetry

Well, it looks like they've been encrypting Starship for a couple years, but they are now encrypting Falcon 9 telemetry.

4 comments:

SiGraybeard said...

I got a kick out of the European hams breaking the SpaceX telemetry using those cheap RTL-SDR radios and a cheap satellite TV dish with a downconverter. Kinda sorry to see SpaceX respond by encrypting the telemetry.

I had halfway decided to build a downconverter and try to find something like a DirecTV or Dish One antenna lying around.

Old NFO said...

Yep, the privacy (and I use that term loosely), is ramping up... But honestly, for most people, it's too little, too late.

Douglas2 said...

Re: FTP

I've been keeping an old 1990s Apple Mac Powerbook and accessories, just in case I needed an old file I'd neglected to transfer from one of my SCSI drives or 800k/400k floppy disks.

It turns out I'd done a good job of knowing what I might need and keeping copies on accessible media -- but I've used it on several occasions to rescue friends or colleagues who needed files from old Mac media.

(Or to write recently-downloaded abandonware onto a floppy that their old machine can read, so that they can turn their still-working 1984 original 128k Macintosh into a cool-looking but very power-inefficient mantel clock.)

Especially for larger audio, photo, and video files, FTP has been the easiest way to move the stuff via the antique computer to a modern one.

Each occasion gets harder -- the ethernet network at work kicks obsolete computers off it, there aren't already-running FTP servers to use for the transfer, etc.
For small files I used to just sign into webmail and email them, but even 10 years ago HTML had moved on so much that I couldn't sign in to any webmail account using NCSA Mosaic -- the pages just didn't render well enough to give me a box to type into.

All for the better really, in terms of security.

Nowadays when someone says "I've got the disk, but I have no way of getting the data off of it" I respond "That's too bad" rather than offering to give it a try.

Douglas2

Jonathan H said...

More and more sites are pushing users towards Chrome, Safari, or Edge (new version, same thing). If a website requires me to use a 'leaky' browser, then I don't use it.
I occasionally run Iron, which is Chrome minus the tracking bits, but some sites won't recognize it. I should use it more,