vulnerabilities – Page 15 – SSL and internet security news

Japanese Government Will Hack Citizens’ IoT Devices

January 28, 2019 infossl

backdoors, botnets, exploits, firmware, hacking, internetofthings, japan, passwords, Security technology, vulnerabilities

The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, … Read More “Japanese Government Will Hack Citizens’ IoT Devices” »

Hacking Construction Cranes

January 22, 2019 infossl

hacking, internetofthings, reports, Security technology, vulnerabilities

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and … Read More “Hacking Construction Cranes” »

Evaluating the GCHQ Exceptional Access Proposal

January 18, 2019 infossl

backdoors, computersecurity, crime, cryptowars, eavesdropping, essays, gchq, lawenforcement, Security technology, vulnerabilities

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI — and some of their peer agencies in the UK, Australia, and elsewhere — argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems … Read More “Evaluating the GCHQ Exceptional Access Proposal” »

Prices for Zero-Day Exploits Are Rising

January 17, 2019 infossl

businessofsecurity, economicsofsecurity, exploits, Security technology, vulnerabilities, zeroday

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple’s iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and … Read More “Prices for Zero-Day Exploits Are Rising” »

Security Vulnerabilities in Cell Phone Systems

January 10, 2019 infossl

cellphones, eavesdropping, economicsofsecurity, lawenforcement, nationalsecuritypolicy, Security technology, securityengineering, vulnerabilities

Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about this issue, sent a letter in August … Read More “Security Vulnerabilities in Cell Phone Systems” »

Machine Learning to Detect Software Vulnerabilities

January 8, 2019 infossl

artificialintelligence, economicsofsecurity, essays, machinelearning, Security technology, vulnerabilities

No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don’t know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders and the resultant arms race between the two I want to talk about software vulnerabilities. All software … Read More “Machine Learning to Detect Software Vulnerabilities” »

More Spectre/Meltdown-Like Attacks

November 14, 2018 infossl

hacking, hardware, intel, Security technology, vulnerabilities

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn’t be surprising that microprocessor designers have been building insecure hardware for 20 years. What’s surprising is that it took 20 … Read More “More Spectre/Meltdown-Like Attacks” »

iOS 12.1 Vulnerability

November 8, 2018 infossl

apple, ios, iphone, Security technology, vulnerabilities

This is really just to point out that computer security is really hard: Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users’ contact information with no need for a passcode. […] A bad actor … Read More “iOS 12.1 Vulnerability” »

Consumer Reports Reviews Wireless Home-Security Cameras

November 7, 2018 infossl

cameras, internetofthings, Security technology, securityengineering, vulnerabilities

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it’s reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn’t store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the … Read More “Consumer Reports Reviews Wireless Home-Security Cameras” »

Security of Solid-State-Drive Encryption

November 6, 2018 infossl

academicpapers, encryption, firmware, hardware, reverseengineering, Security technology, securityengineering, vulnerabilities

Interesting research: “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)“: Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have … Read More “Security of Solid-State-Drive Encryption” »