vulnerabilities – Page 13 – SSL and internet security news

The Myth of Consumer-Grade Security

August 28, 2019 infossl

consumerization, encryption, nationalsecuritypolicy, nsa, Security technology, securityengineering, vulnerabilities

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even … Read More “The Myth of Consumer-Grade Security” »

Google Finds 20-Year-Old Microsoft Windows Vulnerability

August 21, 2019 infossl

google, microsoft, Security technology, vulnerabilities, windows

There’s no indication that this vulnerability was ever used in the wild, but the code it was discovered in — Microsoft’s Text Services Framework — has been around since Windows XP. Powered by WPeMatico

Software Vulnerabilities in the Boeing 787

August 16, 2019 infossl

airtravel, hacking, Security technology, vulnerabilities

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew … Read More “Software Vulnerabilities in the Boeing 787” »

Side-Channel Attack against Electronic Locks

August 14, 2019 infossl

hacking, locks, Security technology, sidechannelattacks, vulnerabilities

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring. Powered by WPeMatico

Supply-Chain Attack against the Electron Development Platform

August 8, 2019 infossl

backdoors, Security technology, securityengineering, supplychain, vulnerabilities

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA, a Python-based tool … Read More “Supply-Chain Attack against the Electron Development Platform” »

Software Developers and Security

July 25, 2019 infossl

Security technology, securityengineering, softwareliability, vulnerabilities

According to a survey: “68% of the security professionals surveyed believe it’s a programmer’s job to write secure code, but they also think less than half of developers can spot security holes.” And that’s a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a … Read More “Software Developers and Security” »

Zoom Vulnerability

July 16, 2019 infossl

cameras, disclosure, exploits, patching, Security technology, vulnerabilities

The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera. It’s a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, … Read More “Zoom Vulnerability” »

Cell Networks Hacked by (Probable) Nation-State Attackers

July 9, 2019 infossl

attribution, cellphones, datacollection, espionage, hacking, metadata, Security technology, vulnerabilities

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — … Read More “Cell Networks Hacked by (Probable) Nation-State Attackers” »

Thangrycat: A Serious Cisco Vulnerability

May 23, 2019 infossl

cisco, hardware, Security technology, vulnerabilities

Summary: Thangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module (TAm) is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all … Read More “Thangrycat: A Serious Cisco Vulnerability” »

Another Intel Chip Flaw

May 16, 2019 infossl

hardware, intel, Security technology, vulnerabilities

Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whole bunch more have just been discovered. I don’t think we’re finished yet. A … Read More “Another Intel Chip Flaw” »