Informations about SSL certificates and networks security
Auto Added by WPeMatico
WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn’t even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof. If you use WhatsApp, update your … Read More “WhatsApp Vulnerability Fixed” »
In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA’s ability to secure its own … Read More “Leaked NSA Hacking Tools” »
A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ is proposing. Powered by WPeMatico
Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly handshake of WPA3, which in the Wi-Fi standard is better known as the … Read More “Vulnerabilities in the WPA3 Wi-Fi Security Protocol” »
This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers — believed to be the Russian government — and it’s obvious that this attack copied that technique. What is less clear is … Read More “NSA-Inspired Vulnerability Found in Huawei Laptops” »
Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article. Powered by WPeMatico
Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters. Powered by WPeMatico
Zcash just fixed a vulnerability that would have allowed “infinite counterfeit” Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary. Powered by WPeMatico
The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private … Read More “Security Analysis of the LIFX Smart Light Bulb” »
This is kind of a crazy iPhone vulnerability: it’s possible to call someone on FaceTime and listen on their microphone — and see from their camera — before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it’s fixed. But it’s hard to imagine how an … Read More “iPhone FaceTime Vulnerability” »