Category: securityengineering

Auto Added by WPeMatico

A Man-in-the-Middle Attack against a Password Reset System

Posted on By infossl
academicpapers, maninthemiddleattacks, passwords, Security technology, securityengineering

This is nice work: “The Password Reset MitM Attack,” by Nethanel Gelerntor, Senia Kalma, Bar Magnezi, and Hen Porcilan: Abstract: We present the password reset MitM (PRMitM) attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration and password reset processes to launch … Read More “A Man-in-the-Middle Attack against a Password Reset System” »

The FAA Is Arguing for Security by Obscurity

Posted on By infossl
airtravel, nationalsecuritypolicy, Security technology, securityengineering

In a proposed rule by the FAA, it argues that software in an Embraer S.A. Model ERJ 190-300 airplane is secure because it’s proprietary: In addition, the operating systems for current airplane systems are usually and historically proprietary. Therefore, they are not as susceptible to corruption from worms, viruses, and other malicious actions as are … Read More “The FAA Is Arguing for Security by Obscurity” »

Ransomware and the Internet of Things

Posted on By infossl
cyberattack, internetandsociety, internetofthings, ransomware, Security technology, securityengineering

As devastating as the latest widespread ransomware attacks have been, it’s a problem with a solution. If your copy of Windows is relatively current and you’ve kept it updated, your laptop is immune. It’s only older unpatched systems on your computer that are vulnerable. Patching is how the computer industry maintains security in the face … Read More “Ransomware and the Internet of Things” »

Securing Elections

Posted on By infossl
nationalsecuritypolicy, Security technology, securityengineering, securitystandards, voting

Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can be improved. The whole process can be streamlined. People should be able to register online, … Read More “Securing Elections” »

Stealing Browsing History Using Your Phone’s Ambient Light Sensor

Posted on By infossl
academicpapers, phones, privacy, Security technology, securityengineering, sensors, sidechannelattacks

There has been a flurry of research into using the various sensors on your phone to steal data in surprising ways. Here’s another: using the phone’s ambient light sensor to detect what’s on the screen. It’s a proof of concept, but the paper’s general conclusions are correct: There is a lesson here that designing specifications … Read More “Stealing Browsing History Using Your Phone’s Ambient Light Sensor” »

IoT Teddy Bear Leaked Personal Audio Recordings

Posted on By infossl
children, hacking, internetofthings, Security technology, securityengineering, spyware

CloudPets are an Internet-connected stuffed animals that allow children and parents to send each other voice messages. Last week, we learned that Spiral Toys had such poor security that it exposed 800,000 customer credentials, and two million audio recordings. As we’ve seen time and time again in the last couple of years, so-called “smart” devices … Read More “IoT Teddy Bear Leaked Personal Audio Recordings” »

Digital Security Exchange: Security for High-Risk Communities

Posted on By infossl
privacy, risks, Security technology, securityengineering, surveillance, tor

I am part of this very interesting project: For many users, blog posts on how to install Signal, massive guides to protecting your digital privacy, and broad statements like “use Tor” — all offered in good faith and with the best of intentions — can be hard to understand or act upon. If we want … Read More “Digital Security Exchange: Security for High-Risk Communities” »