(Yes, last week was indeed an April Fools' joke)
(This week isn't.)
Domain names are a blessing and a curse. It's a lot easier to remember "sempf.net" than "168.62.224.13". The domain registration system is also on the front lines of fighting spam and malware - and it is under attack by the Powers That Be. Overreaching privacy law is about to make blue teaming a lot harder.
https://krebsonsecurity.com/2018/03/who-is-afraid-of-more-spams-and-scams/
Twitter thread regarding Tmobile Austria storing passwords in plain text. Warning: rough language
https://twitter.com/c_pellegrino/status/981409466242486272
https://motherboard.vice.com/en_us/article/7xdeby/t-mobile-stores-part-of-customers-passwords-in-plaintext-says-it-has-amazingly-good-security?utm_campaign=sharebutton
So, if they store the WHOLE password salted and hashed, but keep the first 4 characters in plain text just to help customer service, it is still a vulnerability?
Three Vulnerabilities Discovered in Spring Development Framework. Patchy patchy.
https://t.co/ytHgTw59LU
Critical — RCE Attack (CVE-2018-1270)
High — Directory Traversal Attack (CVE-2018-1271)
Low — Multipart Content Pollution (CVE-2018-1272) https://t.co/3UQj3iD3qO
Normally I link to primary sources, but El Reg did such a good job writing up the trustwave report I want to link to them. Good, tongue-in-cheek breakdown of the TRustwave report, which is pretty ugly (Spoiler: criminals are getting better, and we are not catching up). Link to the report at the end of the article - there will be a quiz.
https://www.theregister.co.uk/AMP/2018/04/05/trustwave_security_sitrep/
And that's the news