Informations about SSL certificates and networks security
Now this is good news. The UK’s National Cyber Security Centre (NCSC) — part of GCHQ — found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I’d like believe the US does this, too. Powered by WPeMatico
Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be encouraged and promoted. In addition, the update and … Read More “Lessons Learned from the Estonian National ID Security Flaw” »
At least, this one does. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Interesting research: The trick in accurately tracking a person with this method is finding out what kind of activity they’re performing. Whether they’re walking, driving a car, or riding in a train or airplane, it’s pretty easy to figure out when you know what you’re looking for. The sensors can determine how fast a person … Read More “Tracking People Without GPS” »
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It’s not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don’t see it … Read More “Security Planner” »
Last month, the DHS announced that it was able to remotely hack a Boeing 757: “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate. “[Which] … Read More “Remote Hack of a Boeing 757” »
The FDA has approved a pill with an embedded sensor that can report when it is swallowed. The pill transmits information to a wearable patch, which in turn transmits information to a smartphone. Powered by WPeMatico
Beautiful video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper: Abstract: Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of … Read More “Security Vulnerabilities in Certificate Pinning” »
The German Interior Minister is preparing a bill that allows the government to mandate backdoors in encryption. No details about how likely this is to pass. I am skeptical. Powered by WPeMatico