Informations about SSL certificates and networks security
Auto Added by WPeMatico
There’s a blog post from Google’s Project Zero detailing an attack against Android phones over Wi-Fi. From Ars Technica: The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday’s release of iOS 10.3.1. “An attacker within range may be … Read More “Many Android Phones Vulnerable to Attacks Over Malicious Wi-Fi Networks” »
There’s a new report of a nation-state attack, presumed to be from China, on a series of managed ISPs. From the executive summary: Since late 2016, PwC UK and BAE Systems have been assisting victims of a new cyber espionage campaign conducted by a China-based threat actor. We assess this threat actor to almost certainly … Read More “APT10 and Cloud Hopper” »
This is an interesting combination of computer and physical attack: Researchers from the Russian security firm Kaspersky on Monday detailed a new ATM-emptying attack, one that mixes digital savvy with a very precise form of physical penetration. Kaspersky’s team has even reverse engineered and demonstrated the attack, using only a portable power drill and a … Read More “Clever Physical ATM Attack” »
Interesting law journal article: “Encryption and the Press Clause,” by D. Victoria Barantetsky. Abstract: Almost twenty years ago, a hostile debate over whether government could regulate encryption — later named the Crypto Wars — seized the country. At the center of this debate stirred one simple question: is encryption protected speech? This issue touched all … Read More “Encryption Policy and Freedom of the Press” »
Interesting acoustic attack against the MEMS accelerometers in devices like FitBits. Millions of accelerometers reside inside smartphones, automobiles, medical devices, anti-theft devices, drones, IoT devices, and many other industrial and consumer applications. Our work investigates how analog acoustic injection attacks can damage the digital integrity of the capacitive MEMS accelerometer. Spoofing such sensors with intentional … Read More “Acoustic Attack Against Accelerometers” »
Not content with having a fleet of insecure surveillance drones, the state of Connecticut wants a fleet of insecure weaponized drones. What could possibly go wrong? Powered by WPeMatico
Great Victorian animal-combat scene featuring a giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
An interesting story of uncovering an anonymous Internet social media account. Powered by WPeMatico
Think about all of the websites you visit every day. Now imagine if the likes of Time Warner, AT&T, and Verizon collected all of your browsing history and sold it on to the highest bidder. That’s what will probably happen if Congress has its way. This week, lawmakers voted to allow Internet service providers to … Read More “Congress Removes FCC Privacy Protections on Your Internet Usage” »
Last month at the RSA Conference, I saw a lot of companies selling security incident response automation. Their promise was to replace people with computers – sometimes with the addition of machine learning or other artificial intelligence techniques – and to respond to attacks at computer speeds. While this is a laudable goal, there’s a … Read More “Security Orchestration and Incident Response” »