Security Link Rodeo: The Patriot Act, Logjam, and Hacked Websites
• Erik L. Arneson
Kind of good news: Senators Ron Wyden and Rand Paul teamed up to squash the Patriot Act extension. It’s going to expire on June 1st unless another vote is called on the 31st. The USA Freedom Act (which I think is good?) unfortunately didn’t make it through Senate, either.
https://twitter.com/RonWyden/status/601979044318547969
Regarding the Logjam vulnerability that I mentioned last week, if you’ve got a cloud server and you’re generating new Diffie-Hellman parameters, make sure you’ve got good random numbers! Digital Ocean has advice on generating sufficient random data on cloud servers. The short version is that you should be running haveged on all of your servers.
https://twitter.com/dholmesf5/status/601848616525942784 Here’s an informative and easy-to-understand description of the Logjam attack by Matthew Green. He just happens to be one of the cryptographers who helped discover the problem. And the EFF talks about the implications of Logjam and how the NSA is a bunch of jerks who really don’t care about our privacy at all. Seriously, NSA. It’s like you don’t even want to be our friend!
The creepy mobile spyware app mSpy was recently hacked, resulting in a leak of about 400,000 user accounts. They spent a long time denying it. You can check HaveIBeenPwned to see if you’re one of the users.
Last week it was also revealed that AdultFriendFinder was hacked, leaking about 3.9 million user records. Even worse, it is possible that “AdultFriendFinder may not get rid of data after customers leave.” This is just a reminder that you need to be mindful about what you share on the Internet. If you want to keep information secret and secure, make sure that you are the only one in control of it.
https://twitter.com/SwiftOnSecurity/status/601854610018414592
The featured image for this post is from Flickr user Jason Hollinger.