Hide your mac! bootkit for OS X can permanently backdoor Macs

 

Dubbed Thunderstrike, because it spreads through maliciously modified peripheral devices that connect to a Mac's Thunderbolt interface. When plugged into a Mac that's in the process of booting up, the device injects what's known as an Option ROM into the extensible firmware interface (EFI), the firmware responsible for starting a Mac's system management mode and enabling other low-level functions before loading the OS. The Option ROM replaces the RSA encryption key Macs use to ensure only authorized firmware is installed. From there, the Thunderbolt device can install malicious firmware that can't easily be removed by anyone who doesn't have the new key.

moar here: http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/

Check this out on Google+

facebooktwittergoogle_plusredditpinterestlinkedin

Dashlane certificate error



i.imgur.com/WFjjgj2.png

I just saw +Lifehacker post their "What's the Best Password Manager?" post (http://lifehacker.com/whats-the-best-password-manager-1678121716) and one of the recommendations is +Dashlane. I personally use +LastPass but have always thought the Dashlane UI was gorgeous. Having said that, when I clicked the LifeHacker link for Dashlane it took me to the non-www version of their site and I was greeted with a SSL certificate error. You don't get it on the www version of their site; and yes I contacted them to give them a heads up about it. Still, that doesn't exactly leave me with a warm fuzzy feeling when it comes to a security related product.

Check this out on Google+

facebooktwittergoogle_plusredditpinterestlinkedin

Darkmail aims to fundamentally change email by making it secure by default

 

If you don't already know this… your email is sent over the Internet unencrypted. It's the digital equivalent of sending a letter through the mail without an envelope. Anybody who comes across it can read it. The Darkmail Technical Alliance, which is composed of some heavy hitters like Lavabit founder Ladar Levison and PGP designer Phil Zimmermann, aim to change all of email with drop-in SMTP and IMAP replacements that will wrap messages in layers of encryption.

"Conceptually, DIME applies multiple layers of encryption to an e-mail to make sure that the actors at each stage of the e-mail’s journey from sender to receiver can only see the information about the e-mail that they need to see. The e-mail’s author and recipient both know who sent the message and where it was bound, but the author’s e-mail server doesn’t—it can only decrypt the part of the message containing the recipient’s e-mail server. The recipient e-mail server knows the destination server and the recipient, but it doesn’t know the sender. So if you arrange the four steps in a line from left to right—author, origin server, destination server, and recipient—each step in the line is only aware of the identity of the entity directly to its left or right."

This could be huge and it certainly has the right people in place to make it happen. They'll be submitting all of it to the IETF as a formal set of RFCs and there is even a pre-alpha GitHub repository.

Check out the rest of the article on Ars… it's really worth a read if you're at all curious about the subjects of security and/or email.

Src: http://arstechnica.com/security/2015/01/lavabit-founder-wants-to-make-dark-e-mail-secure-by-default/

Check this out on Google+

facebooktwittergoogle_plusredditpinterestlinkedin

Mind blowing dancers in a virtual and living visual environment

Pixel is a dance show for 11 dancers in a virtual and living visual environment. A work on illusion combining energy and poetry, fiction and technical achievement, hip hop and circus. A show at the crossroads of arts and at the crossroads of Adrien M / Claire B’s and Mourad Merzouki’s universes.

+Jordan Hawker if you haven't seen this check it out man.

Check this out on Google+

facebooktwittergoogle_plusredditpinterestlinkedin