I’m not going to pretend to know how this works, but it would seem Google has a pretty big security issue if someone could do that on accident.
Routers can exchange route information with their neighbors by BGP. So router 1 says "i know routes for networks A, B, C". Router 2 sees that message and adds router 1 as the destination for traffic for networks A,B,C to its own route table. Router 2 says "i know routes for networks X, Y, Z" and router 1 sees that and adds router 2 as the destination for those networks. Now anyone using either router 1 or 2 can access networks A,B,C,X,Y, and Z.
But you can also propagate learned routes to others in addition to your own routes, so router 2 could say "i know routes for ABC and XYZ" to a different neighbor router 3. And now router 3 users can talk to the router 1 networks without the two being directly connected. Additionally, you can filter routes from being advertised or learned, so for example, router 2 may only send routes A,C and X to router 3. And router 3 may only accept routes for A,B, and X, so after both it only ends up knowing about A and X. The route updates use keys so routers only accept updates from known trusted neighbors, but route propagation is still based on trust.
Which all works great until someone in Nigeria fucks up their BGP filtering rules and advertises google's networks, China Telecom incorrectly picks up that bad info and advertises it to the rest of the world.
Just remember that half the people you meet are below average intelligence.
I’m not going to pretend to know how this works, but it would seem Google has a pretty big security issue if someone could do that on accident.
Routers can exchange route information with their neighbors by BGP. So router 1 says "i know routes for networks A, B, C". Router 2 sees that message and adds router 1 as the destination for traffic for networks A,B,C to its own route table. Router 2 says "i know routes for networks X, Y, Z" and router 1 sees that and adds router 2 as the destination for those networks. Now anyone using either router 1 or 2 can access networks A,B,C,X,Y, and Z.
But you can also propagate learned routes to others in addition to your own routes, so router 2 could say "i know routes for ABC and XYZ" to a different neighbor router 3. And now router 3 users can talk to the router 1 networks without the two being directly connected. Additionally, you can filter routes from being advertised or learned, so for example, router 2 may only send routes A,C and X to router 3. And router 3 may only accept routes for A,B, and X, so after both it only ends up knowing about A and X. The route updates use keys so routers only accept updates from known trusted neighbors, but route propagation is still based on trust.
Which all works great until someone in Nigeria fucks up their BGP filtering rules and advertises google's networks, China Telecom incorrectly picks up that bad info and advertises it to the rest of the world.
When major internet routing breaks, it's always BGP. Google itself managed to turn the internet in Japan off for a little while last year with BGP.
A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.
Cool. Cool. GREAT. JUST GREAT.
This makes me wonder, for services that only offer SMS 2FA, is it better to just have NO 2FA invoked? This issue may still be wide open at this point, at apparently it allows nearly real-time eavesdropping. Though I imagine it's mighty difficult to comb through the volume of data leaked.
I've convinced myself to actually pay for a AV license. What should be a reasonable price for a 3-device pack of Bitdefender?
I bought licenses of Bitdefender from Dealarious (https://www.dealarious.com/) and they worked just fine. One year for $23 is the lowest I've ever been able to find.
Characterizing this as a “technical error” means that the incident is unlikely to be related to reports of Amazon firing employees for sharing customer emails with third-party sellers, but the lack of information makes it difficult to establish exactly what happened. We have reached out to the UK’s Information Commissioner’s Office, which Amazon would have needed to inform in the event of a breach, for comment.
Hotel group Marriott has suffered a massive data breach affecting the records of up to 500 million customers. In a statement today (30 November) the firm revealed its Starwood division’s guest reservation database had been compromised by an unauthorised party. Information accessed includes payment information, names, mailing addresses, phone numbers, email addresses and passport numbers.
It looks like the hack itself happened a few months ago, but they are just now confirming. Also bad for Marriott:
If any of the customer details belong to EU citizens, which is likely given the global nature of the group, the breach will also fall under GDPR. The resulting fines could be astronomical at up to 4 per cent of global turnover – and that’s on top of the possible class action lawsuits from those affected. It will also be a blow to its reputation.
It also looks like the hackers might have gained access to the encryption algorithm Marriott used to encrypt credit card numbers
So I have an old modem and router neither of which I am using anymore. Do I need to do anything specific with these before recycling them security wise, or is just hiring the reset button on the router enough (the modem doesn’t appear to have anything similar)?
So I have an old modem and router neither of which I am using anymore. Do I need to do anything specific with these before recycling them security wise, or is just hiring the reset button on the router enough (the modem doesn’t appear to have anything similar)?
Figured that would probably be the preferred disposal method. Thanks!
0
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
To be non-flippant about it, a factory reset of your router is all you need to do. There should be no PII stored in the modem, assuming it's just a modem. From there, both go to electronics hazardous waste recycling/displosal and not the garbage can.
According to Google, the new vulnerability impacted 52.5 million users, who could have had profile information like their name, email address, occupation, and age exposed to developers, even if their account was set to private. Apps could also access profile data that had been shared with a specific user, but was not shared publicly.
This is shocking news. Mostly because holy crap, Google+ had 52.5 million users?
+2
Options
NEO|PhyteThey follow the stars, bound together.Strands in a braid till the end.Registered Userregular
Well I mean even if you never used it I wouldn't be surprised if everyone with a google account was technically a google+ user.
It was that somehow, from within the derelict-horror, they had learned a way to see inside an ugly, broken thing... And take away its pain.
Warframe/Steam: NFyt
Conversely, every Best Buy recycles electronics (right by the front door) if you can't find a local electronics recycling location.
Over a period of about 2-3 weeks last year, I was able to get all the old CRT tv's out of my mom's house via this method without protest from BB.
Yes the company does. TVs are $25 to recycle, though. Everything else is free.
Unless we're delivering a TV to your house, then you get a discount on the haul away.
....so uh....should I ask what happened to those TV's? No one asked for monies or I would have made good.
They just got recycled anyway. The company used to not charge anything for recycling them so maybe you went before the change. It happened a couple years back.
Conversely, every Best Buy recycles electronics (right by the front door) if you can't find a local electronics recycling location.
Over a period of about 2-3 weeks last year, I was able to get all the old CRT tv's out of my mom's house via this method without protest from BB.
Yes the company does. TVs are $25 to recycle, though. Everything else is free.
Unless we're delivering a TV to your house, then you get a discount on the haul away.
....so uh....should I ask what happened to those TV's? No one asked for monies or I would have made good.
They just got recycled anyway. The company used to not charge anything for recycling them so maybe you went before the change. It happened a couple years back.
Posts
Looks like Google has it under control as of now, but that's more than a little scary.
https://www.engadget.com/2018/11/13/google-outage-rerouted-china-russia/
Not remotely a Google-specific problem. Simply how IP and DNS routing works.
Routers can exchange route information with their neighbors by BGP. So router 1 says "i know routes for networks A, B, C". Router 2 sees that message and adds router 1 as the destination for traffic for networks A,B,C to its own route table. Router 2 says "i know routes for networks X, Y, Z" and router 1 sees that and adds router 2 as the destination for those networks. Now anyone using either router 1 or 2 can access networks A,B,C,X,Y, and Z.
But you can also propagate learned routes to others in addition to your own routes, so router 2 could say "i know routes for ABC and XYZ" to a different neighbor router 3. And now router 3 users can talk to the router 1 networks without the two being directly connected. Additionally, you can filter routes from being advertised or learned, so for example, router 2 may only send routes A,C and X to router 3. And router 3 may only accept routes for A,B, and X, so after both it only ends up knowing about A and X. The route updates use keys so routers only accept updates from known trusted neighbors, but route propagation is still based on trust.
Which all works great until someone in Nigeria fucks up their BGP filtering rules and advertises google's networks, China Telecom incorrectly picks up that bad info and advertises it to the rest of the world.
https://developers.google.com/speed/public-dns/docs/security
DNSSEC is definitely a partial fix, once you can basically verify the signatures of certain important DNS info. Everyone has to implement it though.
Yeah, we're not even all aboard IPv6 yet. It's been... 20 years now? Ooof.
When major internet routing breaks, it's always BGP. Google itself managed to turn the internet in Japan off for a little while last year with BGP.
Cool. Cool. GREAT. JUST GREAT.
This makes me wonder, for services that only offer SMS 2FA, is it better to just have NO 2FA invoked? This issue may still be wide open at this point, at apparently it allows nearly real-time eavesdropping. Though I imagine it's mighty difficult to comb through the volume of data leaked.
I bought licenses of Bitdefender from Dealarious (https://www.dealarious.com/) and they worked just fine. One year for $23 is the lowest I've ever been able to find.
This is very much true for a ton of security issues. There's just not enough punitive stuff for shit security.
e.g. how is Equifax still in business?
They're rich. They serve a bunch of corporations that are rich, and make others rich. And the only people they fucked over were poor.
Welcome to the oligarchy.
Amazon leaks users’ names and emails in ‘technical error’
https://www.theverge.com/2018/11/21/18106306/amazon-email-address-leak-technical-error-phishing
https://www.forbes.com/sites/kateoflahertyuk/2018/11/30/marriott-breach-what-happened-how-serious-is-it-and-who-is-impacted/#1ed09de67d25
It looks like the hack itself happened a few months ago, but they are just now confirming. Also bad for Marriott:
It also looks like the hackers might have gained access to the encryption algorithm Marriott used to encrypt credit card numbers
LINK
(the link is to slickdeals.net; which is a "bargain hunting" site that's been around for about 12 years)
Steam | XBL
Over a period of about 2-3 weeks last year, I was able to get all the old CRT tv's out of my mom's house via this method without protest from BB.
Yes the company does. TVs are $25 to recycle, though. Everything else is free.
Unless we're delivering a TV to your house, then you get a discount on the haul away.
....so uh....should I ask what happened to those TV's? No one asked for monies or I would have made good.
This is shocking news. Mostly because holy crap, Google+ had 52.5 million users?
Warframe/Steam: NFyt
If I ever needed proof Michael Bolton is an American treasure.
So 52.5 million people is not all that many, relatively speaking?
Steam | XBL
They just got recycled anyway. The company used to not charge anything for recycling them so maybe you went before the change. It happened a couple years back.
Oh, I did this about 6-8 months ago.