- Why privacy matters: In this TED talk, Glenn Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide”.
- Is your Network Attached Storage (NAS) secure? A proof-of-concept worm was written by security researcher Jacob Holcomb to illustrate how vulnerable such data stores are to malicious attacks.
- SSLv3: POODLE (Padding Oracle On Downgraded Legacy Encryption) is a new attack on the legacy SSLv3 protocol which is considered easier to exploit than similar previous attacks against SSL/TLS. A Security Advisory is available here (PDF). To test if your client is vulnerable SANS setup a Poodle test page. And Heise published a good background article (in german).
- Shellshock: Michael Smith (Akamai) explains why the Shellshock battle is only beginning: The “long tail” challenge of the recently discovered Bash vulnerability. A Shellshock exploit is aleady included in the Mayhem botnet malware kit.
- SandWorm is a zero-day vulnerability impacting all supported versions of Microsoft Windows including Windows Server 2008 and 2012.
- Awareness: The US-CERT reminds users to protect against email scams and cyber campaigns using Ebola as a theme.
- Beware of the air gap risks! Adi Shamir explains at the opening keynote for the Black Hat Europe conference why air-gapped networks are not as secure as usually anticipated. Have fun!
IT-Security-Links #65
SWITCH Security-Blog 
Interesting article on air gapped networks. The hacking approach is rather complex though: “Adi Shamir described how a malware-infected, all-in-one printer could be used to infiltrate and exfiltrate data from air-gapped networks, using a long-distance laser to send data into the environment and the video camera on a drone to get it out.” I suspect this is beyond the capability of all but the most motivated attackers.