Category: Uncategorized

Auto Added by WPeMatico

Exploiting Spectre Over the Internet

Posted on By infossl
exploits, google, Security technology, Uncategorized, vulnerabilities

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to … Read More “Exploiting Spectre Over the Internet” »

Illegal Content and the Blockchain

Posted on By infossl
bitcoin, blockchain, botnets, censorship, cryptocurrency, economics of security, essays, Security technology, tor, Uncategorized

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery … Read More “Illegal Content and the Blockchain” »

On the Insecurity of ES&S Voting Machines’ Hash Code

Posted on By infossl
authentication, certifications, hashes, Security technology, Uncategorized, voting

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&S’s software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the “reference hashcode” is completely missing, then it’ll say “yes, boss, everything is fine” instead of reporting an error. It’s simultaneously shocking and unsurprising that ES&S’s … Read More “On the Insecurity of ES&S Voting Machines’ Hash Code” »

Security Analysis of Apple’s “Find My…” Protocol

Posted on By infossl
academic papers, apple, bluetooth, crowdsourcing, de-anonymization, privacy, reverse engineering, security analysis, Security technology, tracking, Uncategorized

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an … Read More “Security Analysis of Apple’s “Find My…” Protocol” »

Friday Squid Blogging: On SQUIDS

Posted on By infossl
Security technology, squid, Uncategorized

A good tutorial: But we can go beyond the polarization of electrons and really leverage the electron waviness. By interleaving thin layers of superconducting and normal materials, we can make the quantum electronic equivalents of transistors and diodes such as Superconducting Tunnel Junctions (SJTs) and Superconducting Quantum Interference Devices (affectionately known as SQUIDs). These devices … Read More “Friday Squid Blogging: On SQUIDS” »

Metadata Left in Security Agency PDFs

Posted on By infossl
academic papers, metadata, security analysis, Security technology, Uncategorized

Really interesting research: “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by … Read More “Metadata Left in Security Agency PDFs” »

More on the Chinese Zero-Day Microsoft Exchange Hack

Posted on By infossl
china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

On Not Fixing Old Vulnerabilities

Posted on By infossl
malware, patching, Security technology, Uncategorized, vulnerabilities

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013­2017, which indicates a lack of recent software updates,” the reported stated. 26%!? One in four networks? … Read More “On Not Fixing Old Vulnerabilities” »

Hacking Digitally Signed PDF Files

Posted on By infossl
academic papers, adobe, hacking, Security technology, signatures, Uncategorized

Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs“: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities … Read More “Hacking Digitally Signed PDF Files” »