vulnerabilities – Page 16 – SSL and internet security news

Another Branch Prediction Attack

March 29, 2018 infossl

academicpapers, hardware, intel, Security technology, sidechannelattacks, vulnerabilities

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here’s another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or … Read More “Another Branch Prediction Attack” »

Israeli Security Attacks AMD by Publishing Zero-Day Exploits

March 19, 2018 infossl

disclosure, exploits, israel, Security technology, vulnerabilities, zeroday

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website, detailed whitepaper, cool vulnerability names — RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA — and logos we’ve come to expect from these sorts of things. What’s new is that the company only gave AMD … Read More “Israeli Security Attacks AMD by Publishing Zero-Day Exploits” »

Artificial Intelligence and the Attack/Defense Balance

March 15, 2018 infossl

artificialintelligence, essays, Security technology, securityengineering, vulnerabilities

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two … Read More “Artificial Intelligence and the Attack/Defense Balance” »

Security Vulnerabilities in Smart Contracts

March 6, 2018 infossl

academicpapers, blockchain, Security technology, vulnerabilities

Interesting research: “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale“: Abstract: Smart contracts — stateful executable objects hosted on blockchains like Ethereum — carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations … Read More “Security Vulnerabilities in Smart Contracts” »

The Effects of the Spectre and Meltdown Vulnerabilities

January 26, 2018 infossl

cloudcomputing, intel, internetofthings, patching, Security technology, vulnerabilities

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors’ manufacturers, and patched — at least to the extent possible. This news isn’t really any different from the usual endless stream … Read More “The Effects of the Spectre and Meltdown Vulnerabilities” »

WhatsApp Vulnerability

January 25, 2018 infossl

academicpapers, control, encryption, Security technology, signal, vulnerabilities, whatsapp

A new vulnerability in WhatsApp has been discovered: …the researchers unearthed far more significant gaps in WhatsApp’s security: They say that anyone who controls WhatsApp’s servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Matthew Green has a good … Read More “WhatsApp Vulnerability” »

Yet Another FBI Proposal for Insecure Communications

January 11, 2018 infossl

cloudcomputing, cryptography, cryptowars, encryption, fbi, police, Security technology, vulnerabilities

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we … Read More “Yet Another FBI Proposal for Insecure Communications” »

Security Vulnerabilities in Star Wars

January 1, 2018 infossl

humor, Security technology, securityawareness, video, vulnerabilities

A fun video describing some of the many Federation security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. Powered by WPeMatico

Security Vulnerability in Apple’s HomeKit

December 21, 2017 infossl

apple, Security technology, vulnerabilities

The story of the recent vulnerability in Apple’s HomeKit. Powered by WPeMatico

GCHQ Found — and Disclosed — a Windows 10 Vulnerability

December 19, 2017 infossl

disclosure, gchq, Security technology, vulnerabilities, windows

Now this is good news. The UK’s National Cyber Security Centre (NCSC) — part of GCHQ — found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I’d like believe the US does this, too. Powered by WPeMatico