Researchers have recommended the Australian government abandon its existing digital identity system and start again from scratch, highlighting again security flaws in two of the systems already accredited. Professor Vanessa Teague and Ben Frengley last year disclosed to the Australian Taxation Office (ATO) a weakness in its myGovID system. They found myGovID is subject to an easily implemented code proxying attack, which allows a malicious website to proxy a person's myGovID login and re-use their authentication to log in to the victim's account on any website of their choice. The pair said the ATO, in response, informed them of having no intentions to fix the flaw. The Digital Transformation Agency (DTA) is responsible for the Trusted Digital Identity Framework (TDIF), which is a high-level design for a federated authentication system. "The primary security goal of an authentication mechanism is to prevent malicious parties from logging in fraudulently to others' accounts. A … [Read more...] about Researchers want Australia’s digital ID system thrown out and redesigned from scratch
Home security systems atlanta
High severity Linux network security holes found, fixed
Young and rising Linux security developer Alexander Popov of Russia's Positive Technologies discovered and fixed a set of five security holes in the Linux kernel's virtual socket implementation. An attacker could use these vulnerabilities ( CVE-2021-26708 ) to gain root access and knock out servers in a Denial of Service (DoS) attack. ZDNet Recommends The best Linux Foundation classes Want a good tech job? Then you need to know Linux and open-source software. One of the best ways to pick them up is via a Linux Foundation course. Read More With a Common Vulnerability Scoring System (CVSS) v3 base score of 7.0, high severity, smart Linux administrators will patch their systems as soon as possible. While Popov discovered the bugs in Red Hat 's community Linux distribution Fedora 33 Server, it exists in the system using the Linux kernel from November 2019's version 5.5 to the current mainline kernel version 5.11-rc6. These holes entered Linux when … [Read more...] about High severity Linux network security holes found, fixed
Home Affairs to have AU$75 million ‘simple’ visa system ready by late 2021
The federal government has this week gone to market to find a provider to help build its new permissions capability architecture, which it expects to use for delivering Commonwealth digital services that require permissions. While the plan for the new platform is for it to be used across a range of government applications, the request for tender (RFT) is focusing on the first use case: Visas. "The Department needs to be able to facilitate international travel and the gradual reopening of our borders, while also ensuring that it has the necessary defensive layers to safeguard against new infections being introduced through the travelling public," the RFT says. "Digital information to aid contact tracing operations is required in real time. Based on this, the Department has determined that a digital passenger declaration and simple visa type should be the first use cases to support this outcome." Next on the list is the digital passenger declaration. The RFT states this needs … [Read more...] about Home Affairs to have AU$75 million ‘simple’ visa system ready by late 2021
Microsoft: These Exchange Server zero-day flaws are being used by hackers, so update now
Microsoft has released updates to address four previously unknown or 'zero-day' vulnerabilities in Exchange Server that were being used in limited targeted attacks, according to Microsoft. Microsoft is urging customers to apply the updates as soon as possible due to the critical rating of the flaws. The flaws affected Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Exchange Online is not affected. "We strongly encourage all Exchange Server customers to apply these updates immediately ," it said. More on privacy Microsoft to apply California's privacy law for all US users Mind-reading technology: The security and privacy threats ahead How to replace each Google service with a more privacy-friendly alternative Cyber security 101: Protect your privacy from hackers, spies, and the government Microsoft attributes the attacks to a group it calls Hafnium, which it says is a state-sponsored threat actor that operates from China. SEE: … [Read more...] about Microsoft: These Exchange Server zero-day flaws are being used by hackers, so update now
Singapore spruces up e-government platform, touts service portfolio
Singapore has rebranded its e-government services platform SingPass, with the app now boasts access to more than 1,400 services from more than 340 organisations in both private and public sectors. This includes integration with digital location checkin tool SafeEntry, which plays a key role in the country's COVID-19 contact tracing efforts. The brand "refresh" also marked the first time SingPass underwent a makeover since its launch 18 years ago, according to Government Technology Agency (GovTech), which oversees the public sector's ICT initiatives. Some 4 million local residents have a SingPass account. The mobile app, to date, has clocked more than 2.5 million downloads, with at least 90% tapping the app at least once a month, GovTech said in a statement Thursday. Its user base grew three-fold in the past year alone. Singapore must return data control to users to regain public trust Trust plays an important role in consumers' willingness to share their personal … [Read more...] about Singapore spruces up e-government platform, touts service portfolio