The word is spreading on the Internet that respected secure email provider ProtonMail has been hacked by an anonymous group. A pastebin post claims that the company intentionally undermined its own security features, allowing the hacker group to infiltrate the front-end code and steal the passwords and data. They also make some wild claims about ProtonMail’s own activities and those of their users.
hacking
The Fault, Dear Troy, is not in our IRL Analogies, But In Ourselves
Troy Hunt is done with IRL analogies being forced onto digital concepts. But maybe the problem isn’t the analogies, but the expectations we put on them. Analogies can be useful, but only if we acknowledge their limits while using them.
Ransomeware and Backup Considerations
Richard Arnold put together a concise piece to address a lot of questions and concerns coming out of the WannaCrypt crisis. He outlines a little history and context for what exactly is ransomware. He then takes a storage centric approach to outlining basic IT policies that would help mitigate future disruptions.
The piece is a great summation. It doesn’t have the audacity to say the attack was preventable, but rather that best practices could serve to limit future disruptions. It’s an interesting read to wrap your head around a global issue.
Microsoft Edge and the Great Virtual Machine Escape
Microsoft’s Edge browser was supposed to alleviate a lot of the security concerns, with even more advanced sandboxing and process isolation than even Chrome. But in this years Pwn2Own competition, the Qihoo 360 security team found a pretty nasty vulnerability. Using a heap overflow bug, a JavaScript engine exploit, and a VMware flaw, they were able to not just execute code on the virtualized guest OS, but were actually able to access the host machine. That’s impressive.