F5 BIG-IP Has Huge, Enormous, Bad, Scary Security Holes (Patch NOW) - Security Boulevard

Hair. On. Fire.

Drop everything: A #CVSS score of 10 is as bad as it gets. Trivial to #exploit, this @F5Networks BIG-IP #vulnerability lets criminals pwn your entire network, and redirect your customers elsewhere. https://t.co/QDN0yCp6LX

1/…

— @Richi Jennings (@RiCHi) July 7, 2020

1,000 False Wakewords: A Letter! Buy 200 Toilet Rolls - Security Boulevard

Election! Confirm Purchase.

Researchers have found a thousand ways to say smart-speaker wakewords: @Alexa99, okay @Google, #heySiri, and so on. It highlights the problem of misheard speech causing private audio to be squirreled away on corporations’ servers for later analysis. https://t.co/JdjEwulPEj

1/…

— @Richi Jennings (@RiCHi) July 3, 2020

Google, Apple, Mozilla enforce 1-year max certificate expiration - TechBeacon

Time’s up for lazy DevOps

If you use #TLS certificates with long validity periods, then listen up.

Any cert issued after next month needs to last no longer than a year (plus a month’s grace): https://t.co/UfAqeoUWoG

— @Richi Jennings (@RiCHi) July 2, 2020

TikTok Banned: 59 Chinese Apps Blocked in India - Security Boulevard

Stop the Clock

😷Two huge nuclear powers in a standoff.
😷Several dead after a border skirmish.
😷What’s the next escalation?

Why, firewalling a bunch of smartphone apps, of course—including @TikTok_in. https://t.co/SLc6776Ls0

1/…

— @Richi Jennings (@RiCHi) July 1, 2020

Encryption: Politicians Try to Outlaw Math (Again) - Security Boulevard

Think of the Children!

Three Republican Senators are the latest Canutian lawmakers to float the “lawful access to #encryption” balloon. As we all know by now, it’s impossible to meet the irreconcilable aims of data security and government backdoors. https://t.co/vWrsbcPWt7

1/…

— @Richi Jennings (@RiCHi) June 25, 2020