vulnerabilities – Page 11 – SSL and internet security news

Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug

February 10, 2020 infossl

apple, leaks, privacy, Security technology, surveillance, tracking, vulnerabilities

Last month, engineers at Google published a very curious privacy bug in Apple’s Safari web browser. Apple’s Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the web. When you visit a few websites that happen to load the … Read More “Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug” »

Critical Windows Vulnerability Discovered by NSA

January 15, 2020 infossl

certificates, cryptography, encryption, exploits, maninthemiddleattacks, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Yesterday’s Microsoft Windows patches included a fix for a critical vulnerability in the system’s crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was … Read More “Critical Windows Vulnerability Discovered by NSA” »

Lousy IoT Security

December 19, 2019 infossl

cybersecurity, internetofthings, Security technology, securityengineering, vulnerabilities

DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g., OTA — over-the-air updates) were stored in a publicly accessible AWS S3 bucket … Read More “Lousy IoT Security” »

Security Vulnerabilities in the RCS Texting Protocol

December 16, 2019 infossl

cellphones, encryption, protocols, Security technology, securityengineering, ss7, vulnerabilities

Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be vulnerable to interception and spoofing attacks. While … Read More “Security Vulnerabilities in the RCS Texting Protocol” »

Election Machine Insecurity Story

December 5, 2019 infossl

cybersecurity, Security technology, voting, vulnerabilities

Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge’s race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across more than 100 precincts. Some machines … Read More “Election Machine Insecurity Story” »

Security Vulnerabilities in Android Firmware

November 18, 2019 infossl

android, firmware, Security technology, smartphones, supplychain, vulnerabilities

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and it is extremely likely that many of the vulnerabilities are not … Read More “Security Vulnerabilities in Android Firmware” »

Revisiting Software Vulnerabilities in the Boeing 787

September 19, 2019 infossl

airtravel, Security technology, vulnerabilities

I previously blogged about a Black Hat talk that disclosed security vulnerabilities in the Boeing 787 software. Ben Rothke concludes that the vulnerabilities are real, but not practical. Powered by WPeMatico

The Myth of Consumer-Grade Security

August 28, 2019 infossl

consumerization, encryption, nationalsecuritypolicy, nsa, Security technology, securityengineering, vulnerabilities

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even … Read More “The Myth of Consumer-Grade Security” »

Google Finds 20-Year-Old Microsoft Windows Vulnerability

August 21, 2019 infossl

google, microsoft, Security technology, vulnerabilities, windows

There’s no indication that this vulnerability was ever used in the wild, but the code it was discovered in — Microsoft’s Text Services Framework — has been around since Windows XP. Powered by WPeMatico

Software Vulnerabilities in the Boeing 787

August 16, 2019 infossl

airtravel, hacking, Security technology, vulnerabilities

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew … Read More “Software Vulnerabilities in the Boeing 787” »