Security News for the Week Ending March 5, 2021
Google Gives Up On Address Space Layout Randomization (ASLR)
ASLR is a security technique that has been used for years to make it harder for hackers to FIND code in memory to compromise it. There is a problem in the rendering engine in the Chromium project that breaks ASLR and Google says that they won’t fix it. Google says they are resigned to the fact that ASLR cannot be saved. They do have a plan, they say, for something better. Stay tuned. Credit: The Register
TALON: The Nationwide Network of Surveillance Cameras
A company called Flock has built a nationwide network of surveillance cameras using automated license plate readers. They sell to (anyone who’s check clears) police departments, homeowners associations and businesses. The system can record all license plates and detect “non-resident” vehicles or vehicles on a hotlist. The program, called TALON, allows customers to track vehicles and, by extension, people, anywhere in the country. They scan 500 million license plates a month and sell their data to, among others, 500 police departments. Customers of Flock can make the data available to anyone they choose to. Credit: Vice
New ‘unc0ver’ Tool Can Jailbreak All iPhones Running iOS 11-14.3
Like all good software, unc0ver is updated and now, newly released version 6 can jailbreak idevices running iOS 11.0 to 14.3. Apple has patched the bug in iOS 14.4, but they admitted that it may have been used by bad actors. This is a cat and mouse game, so expect version 7 of unc0ver. Credit: The Hacker News
Microsoft Tries to Catch up to Zoom with End to End Encryption in Teams
Months after Zoom was roundly criticized for not having adequate encryption and then implementing it, Microsoft says that they will implemented end to end encryption, but only on one-to-one calls. Note that it will not be on by default. They will also, separately, add customer key support to allow customers to encrypt chat, meeting recordings and other information that is not now currently encrypted. All of this will require customers to take actions to make it happen. Credit: Bleeping Computer