We all need some of this....

https://www.theverge.com/2017/12/23/16812834/edward-snowden-haven-guardian-project-laptop-phone

Trust must always be minimal and subject to scientific proof through lambda-calculus and Church-Turing machinery implemented in hardware. K J HAMER-HODGES....E.G. Rutkowska: Trust Makes Us Vulnerable

https://www.darkreading.com/vulnerabilities---threats/rutkowska-trust-makes-us-vulnerable/d/d-id/1330587

Security industry needs to be less trusting to get more secure • The Register Forums

https://forums.theregister.co.uk/forum/1/2017/12/07/security_distrusting/?mt=1512736508789

Minimal trust always comes back to capability based Church-Turing machines that scientifically encapsulate algogithms as proven by the Plessey PP250 decades ago.

Apple releases patch for catastrophic security flaw in MacOS 10.13 | Computing

https://www.computing.co.uk/ctg/news/3022115/apple-releases-patch-for-catastrophic-security-flaw-in-macos-1013?utm_medium=email&utm_term=&utm_content=&utm_campaign=CTG.Daily_RL.EU.A.U&utm_source=CTG.DCM.Editors_Updates&im_edp=sipantic.net&im_company=&utm_medium=email

GDPR: What will happen in the first 72 hours after a data breach? | Computing

https://www.computing.co.uk/ctg/opinion/3019682/gdpr-what-will-happen-in-the-first-72-hours-after-a-data-breach?utm_medium=email&utm_term=&utm_content=4.%20GDPR%3A%20What%20will%20happen%20in%20the%20first%2072%20hours%20after%20a%20data%20breach%3F&utm_campaign=Top%20Stories%20-%20%5BNov%2017%5D&utm_source=Controlled%20circulation%20engagement&im_edp=sipantic.net&im_company=&utm_medium=email

Re: [Caja] WASM and ocaps

Interesting!

On Nov 3, 2017 5:56 PM, "Mark Miller" <erights@gmail.com> wrote:

At the latest wasm (Web Assembly) standards meeting, I pointed out that wasm is already an OS-like ocap system: A wasm instance, with its linear data space + table of opaque external functions/objects is already a process-granularity-like unit of isolation with an address space and a clist. A wasm computation addresses its clist entries by clist index as expected. In addition, wasm currently obeys the following restriction.

> WebAssembly instances must never be able to cause effects other than by wielding explicitly granted access (e.g. the importObject in a JS embedding).

According to Andreas Rossberg (cc'ed), this is on purpose, even though the people in the room at the time did not seem to know that. I suggested that it be made normative, so security uses of this restriction would not be compromised by later "enhancements" that accidentally break this unarticulated restriction.

https://github.com/WebAssembly/meetings/issues/104

is the one to watch. Assuming I do a good job clarifying the agreement we just came to, and assuming the agreement holds in the face of these clarifications, it looks like wasm will explicitly be the object-capability system it was designed to be.

Andreas and Bradley (also cc'ed), please clarify or expand as appropriate. If you don't want to subscribe to these lists, send your posts to me and I will forward. Thanks.

--

  Cheers,
  --MarkM

--

---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-caja-discuss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

BBC News: Artificial intelligence smart enough to fool Captcha security check

I saw this on the BBC and thought you should see it:

Artificial intelligence smart enough to fool Captcha security check - http://www.bbc.co.uk/news/technology-41775968

* Disclaimer *

The BBC is not responsible for the content of this email, and anything written in this email does not necessarily reflect the BBC's views or opinions. Please note that neither the email address nor name of the sender have been verified.

The KRACK Wi-Fi vulnerability, explained like you're five

The KRACK Wi-Fi vulnerability, explained like you're five
https://thenextweb.com/security/2017/10/17/krack-explained-like-youre-five-years-old/

Cat theory

http://catinf.com/index.php?_utm_source=1-2-2

MarketWatch: Opinion: The cyberwars are coming — here’s how to prepare (and make money)

MarketWatch: Opinion: The cyberwars are coming — here's how to prepare (and make money) http://google.com/newsstand/s/CBIwyruyqTY

Marketplace APM: 10/12/2017: A computer science "genius" on why we haven't fixed cybersecurity

Marketplace APM: 10/12/2017: A computer science "genius" on why we haven't fixed cybersecurity. http://google.com/newsstand/s/CBIwjYy2qTY

Engadget: 37,000 Chrome users downloaded a fake Adblock Plus extension

Engadget: 37,000 Chrome users downloaded a fake Adblock Plus extension. http://google.com/newsstand/s/CBIw0cjD0DI

Re: Unit 42 Threat Intelligence ALERT

Update

On Oct 6, 2017 14:29, Palo Alto Networks <marketing-emails@paloaltonetworks.com> wrote:

Unit 42 Threat Intelligence ALERT If you're having trouble reading this message, click here Read the latest research > FREEMILK: A HIGHLY TARGETED SPEAR PHISHING CAMPAIGN In May 2017, Palo Alto Networks Unit 42 identified a limited spear phishing campaign targeting various individuals across the world. The threat actor leveraged... Read more > THREAT ACTORS TARGET GOVERNMENT OF BELARUS USING CMSTAR TROJAN Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family... Read more > THREAT BRIEF: CONVERSATION HIJACKING SPEAR PHISHING Spear Phishing is a specific attack technique that has become widely used in the past few years. In our new research blog "FreeMilk: A Highly Targeted Spear Phishing Campaign"... Read more > © 2017 Palo Alto Networks, Inc. All rights reserved. 3000 Tannery Way, Santa Clara, CA 95054 Privacy Policy | Terms of Use | Email Preferences www.paloaltonetworks.com

Re: App VJ Foot Spa shared by Ken Hh

ken

On Oct 3, 2017 4:54 PM, Ken Hh <noreply@appsheet.com> wrote:

Ken Hh shared an app with you! Hello! I have created this app with AppSheet and am sharing it with you. To install the 'VJ Foot Spa' app, please click the link below on your mobile device and follow the instructions: Install the app You can also run the app in your web browser by clicking the link below: Run the app in a web browser Need more help? Join the AppSheet User Community!

Sec hack

https://www.washingtonpost.com/news/business/wp/2017/09/26/the-sec-is-hiring-more-cybersecurity-help-after-breach-that-may-have-allowed-hackers-to-profit-from-stock-trades/?utm_term=.dbc352746a51

ken

Play Store malware

https://www.wired.com/story/google-play-store-malware

ken

Cost of Ransom ware attack on FedEx

https://www.engadget.com/2017/09/21/fedex-ransomware-notpetya/

ken

Reuters: Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January

From Reuters News:

Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January
http://www.reuters.com/article/us-sec-cyber-weaknesses-exclusive/exclusive-u-s-homeland-security-found-sec-had-critical-cyber-weaknesses-in-january-idUSKCN1BW27P

The U.S. Department of Homeland Security detected five "critical" cyber security weaknesses on the Securities and Exchange Commission's computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

This service is not intended to encourage spam. The details provided have been used for the sole purpose of facilitating this email communication and have not been retained by Thomson Reuters.

ken

Reuters | Homeland Security detected five critical cyber security weaknesses in SEC's computers in January: confidential report

Homeland Security detected five critical cyber security weaknesses in SEC's computers in January: confidential report

Get updates at Reuters.com

ken

Equifax data breach

https://www.usatoday.com/story/tech/columnist/saltzman/2017/09/17/equifax-data-breach-do-15-minute-cybersecurity-makeover/668684001/

Malware in trusted downlod

https://www.techspot.com/amp/news/71018-malware-discovered-ccleaner-puts-millions-users-risk.html

Piggy back hacking

https://thenextweb.com/security/2017/09/18/ccleaner-hacked-malware-distribute/

Nothing can be trusted!

http://www.businessinsider.com/avast-piriform-ccleaner-hijacked-trojan-malware-2017-9

Cybersecurity Incident & Important Consumer Information | Equifax

https://www.equifaxsecurity2017.com/

The hidden history of cyber-crime forums - BBC News

http://www.bbc.com/news/technology-40671091

Equifax data breach

https://www.engadget.com/2017/09/08/equifax-hack-response-pii-lawsuit-waiver/

The Next Web: Google made a tiny error and it broke half the internet in Japan

The Next Web: Google made a tiny error and it broke half the internet in Japan. http://google.com/newsstand/s/CBIwpZuC7TU

Wikileaks Vault 7: CIA backdoored software updates to spy on allies | Computing

https://www.computing.co.uk/ctg/news/3016250/wikileaks-vault-7-cia-backdoored-software-updates-to-spy-on-allies?utm_medium=email&utm_term=&utm_content=&utm_campaign=CTG.Daily_RL.EU.A.U&utm_source=CTG.DCM.Editors_Updates&im_edp=sipantic.net&im_company=

How A Hoax Made To Look Like A Guardian Article Made Its Way To Russian Media

https://www.buzzfeed.com/craigsilverman/how-a-hoax-made-to-look-like-a-guardian-article-made-its?utm_term=.bl5v3YYeEj

Get the BuzzFeed App: https://bzfd.it/bfmobileapps

When it all kicks off: What happens at a security firm when a global malware outbreak occurs?

http://www.computing.co.uk/3015625

Elon Musk just made Microsoft Azure 100% cooler by association

Elon Musk just made Microsoft Azure 100% cooler by association
https://mspoweruser.com/elon-musk-just-made-microsoft-azure-100-cooler-association/

DNA attack

https://www.google.com/amp/s/www.wired.com/story/malware-dna-hack/amp?_utm_source=1-2-2

Doctor Opens Fire at Bronx Hospital, Killing Woman and Wounding 6 Others

Doctor Opens Fire at Bronx Hospital, Killing Woman and Wounding 6 Others
https://www.nytimes.com/2017/06/30/nyregion/bronx-hospital-shooting.html

ken

Facebook now has 2 billion monthly users…and responsibility

Facebook now has 2 billion monthly users…and responsibility
https://techcrunch.com/2017/06/27/facebook-2-billion-users/

ken

Seven Things You Must Anticipate For The 2017 Solar Eclipse

Seven Things You Must Anticipate For The 2017 Solar Eclipse
https://www.forbes.com/sites/startswithabang/2017/06/27/seven-things-you-must-anticipate-for-the-2017-solar-eclipse/

ken

Massive cyberattack hits Europe with widespread ransom demands

Massive cyberattack hits Europe with widespread ransom demands
https://www.washingtonpost.com/world/europe/ukraines-government-key-infrastructure-hit-in-massive-cyberattack/2017/06/27/7d22c7dc-5b40-11e7-9fc6-c7ef4bc58d13_story.html

ken

Blame game for cyber attacks grows murkier as spying, crime tools mix | Reuters

http://mobile.reuters.com/article/idUSKBN18R1UJ


Sent from my iPhone

Blame game for cyber attacks grows murkier as spying, crime tools mix | Reuters

http://mobile.reuters.com/article/idUSKBN18R1UJ


Sent from my iPhone

Cyber Threats 101: Fileless Attacks (The Stealthiest of All) - Infosecurity Magazine

https://www.infosecurity-magazine.com/opinions/cyber-threats-fileless-attacks/


Sent from my iPhone

Ponzi Scheme Meets Ransomware for a Doubly Malicious Attack - NYTimes.com

https://mobile.nytimes.com/2017/06/06/technology/hackers-ransomware-bitcoin-ponzi-wannacry.html?referer=https://news.google.com/


Sent from my iPhone

Blame game for cyber attacks grows murkier as spying, crime tools mix | Reuters

http://mobile.reuters.com/article/idUSKBN18R1UJ


Sent from my iPhone

Cyber attack eases, hacking group threatens to sell code | Reuters

http://mobile.reuters.com/article/idUSKCN18B0AC


Sent from my iPhone

NHS cyber-attack causing disruption one week after breach | Society | The Guardian

https://www.theguardian.com/society/2017/may/19/nhs-cyber-attack-ransomware-disruption-breach


Sent from my iPhone

NYTimes.com: Hackers Hide Cyberattacks in Social Media Posts

From The New York Times:

Hackers Hide Cyberattacks in Social Media Posts

A recent attack on the accounts of Defense Department employees suggests how easily people can be duped into clicking on dangerous links.

https://www.nytimes.com/2017/05/28/technology/hackers-hide-cyberattacks-in-social-media-posts.html?mwrsm=Email


Sent from my iPhone

British Airways vows 'never again' after costly IT collapse

British Airways vows 'never again' after costly IT collapse
https://www.reuters.com/article/us-britain-airports-heathrow-idUSKBN18P01O

Microsoft issues 'highly unusual' Windows XP patch to prevent massive ransomware attack

Microsoft issues 'highly unusual' Windows XP patch to prevent massive ransomware attack
https://www.theverge.com/2017/5/13/15635006/microsoft-windows-xp-security-patch-wannacry-ransomware-attack

ken

Hacking Attack Has Security Experts Scrambling to Contain Fallout

Hacking Attack Has Security Experts Scrambling to Contain Fallout
https://www.nytimes.com/2017/05/13/world/asia/cyberattacks-online-security-.html

ken

Europol: Ransomware attack is of unprecedented level

International investigation needed to identify culprits of biggest-of-its-kind cyber-extortion attack, Europol says.
http://aje.io/ud6c

ken

Status report: Windows 10 Creators Update at one month old

Status report: Windows 10 Creators Update at one month old
http://www.infoworld.com/article/3194868/microsoft-windows/status-report-windows-10-creators-update-at-one-month-old.html

Cyber executive order a reasonable step forward, yet more remains to be done

Cyber executive order a reasonable step forward, yet more remains to be done
https://news.google.com/news/amp?caurl=http%3A%2F%2Fthehill.com%2Fblogs%2Fcongress-blog%2Ftechnology%2F319699-cyber-executive-order-a-reasonable-step-forward-yet-more%3Famp#a-eff569c5-3da3-4c69-9d05-aa1b967c9068