Plus a Spectre attack over the network, BGP issues take out Telegram, and more!

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com

Links:

• Hey, don't route the messenger! Telegram redirected through Iran by baffling BGP leak
• Finding and Diagnosing BGP Route Leaks
• Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts
• New Spectre attack enables secrets to be leaked over a network
• NetSpectre: Read Arbitrary Memory over Network
• Password breach teaches Reddit that, yes, phone-based 2FA is that bad
• We had a security incident.
• Google Employees Use a Physical Token as Their Second Authentication Factor
• Cisco is buying Duo Security for $2.35B in cash

And the latest jaw-dropping techniques to extract data from air-gapped systems.

Sponsored By:

• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!

Links:

• Skype can't fix a nasty security bug without a massive code rewrite — The bug grants a low-level user access to every corner of the operating system.
• Zero-day vulnerability in Telegram — The special nonprinting right-to-left override (RLO) character is used to reverse the order of the characters that come after that character in the string. In the Unicode character table, it is represented as ‘U+202E’; one area of legitimate use is when typing Arabic text. In an attack, this character can be used to mislead the victim. It is usually used when displaying the name and extension of an executable file: a piece of software vulnerable to this sort of attack will display the filename incompletely or in reverse.
• Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability — After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.
• Microsoft To Embrace Decentralized Identity Systems Built On Bitcoin And Other Blockchains — In a new post today, Microsoft announced their embrace of public blockchains, such as Bitcoin and Ethereum, for use in decentralized identity systems.
• XRballer comments on The Stolen XRB has already been Redistributed/Sold Off — But this check was only on java-script client side, you find the js which is sending the request, then you inspect element - console, and run the java-script manually, to send a request for withdrawal of a higher amount than in your balance.
• Containers Will Not Fix Your Broken Culture — Spoiler alert: the solutions to many difficulties that seem technical can be found by examining our interactions with others. Let's talk about five things you'll want to know when working with those pesky creatures known as humans.
• Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic Fields — In this paper, we show how attackers can bypass Faraday cages and air-gaps in order to leak data from highly secure computers.
• Feedback: BeyondCorp
• Feedback: Mgmt
• Feedback: SuperMicro Mobo?
• Super Micro Computer X8DTN+