vulnerabilities – Page 16 – SSL and internet security news

Security Vulnerability in Internet-Connected Construction Cranes

October 29, 2018 infossl

internetofthings, replayattacks, Security technology, spoofing, vulnerabilities

This seems bad: The F25 software was found to contain a capture replay vulnerability — basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. “These devices use fixed codes that are … Read More “Security Vulnerability in Internet-Connected Construction Cranes” »

Security Vulnerabilities in US Weapons Systems

October 10, 2018 infossl

control, cybersecurity, departmentofdefense, encryption, nationalsecuritypolicy, operationalsecurity, passwords, reports, Security technology, vulnerabilities, weapons

The US Government Accounting Office just published a new report: “Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities” (summary here). The upshot won’t be a surprise to any of my regular readers: they’re vulnerable. From the summary: Automation and connectivity are fundamental enablers of DOD’s modern military capabilities. However, they … Read More “Security Vulnerabilities in US Weapons Systems” »

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

September 20, 2018 infossl

computersecurity, Security technology, securityengineering, voting, vulnerabilities

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It’s a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it’s the result of a security mistake in the design process. Someone didn’t think the security through, and the result is a voter-verifiable paper audit trail … Read More “Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer” »

Security Vulnerability in Smart Electric Outlets

September 12, 2018 infossl

internetofthings, mcafee, patching, Security technology, vulnerabilities

A security vulnerability in Belkin’s Wemo Insight “smartplugs” allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register: The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on … Read More “Security Vulnerability in Smart Electric Outlets” »

Using Hacked IoT Devices to Disrupt the Power Grid

September 11, 2018 infossl

academicpapers, botnets, hacking, infrastructure, internetofthings, Security technology, vulnerabilities

This is really interesting research: “BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid“: Abstract: We demonstrate that an Internet of Things (IoT) botnet of high wattage devices — such as air conditioners and heaters — gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In … Read More “Using Hacked IoT Devices to Disrupt the Power Grid” »

Speculation Attack Against Intel’s SGX

August 16, 2018 infossl

hardware, intel, Security technology, sidechannelattacks, vulnerabilities

Another speculative-execution attack against Intel’s SGX. At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow … Read More “Speculation Attack Against Intel’s SGX” »

Hacking Police Bodycams

August 15, 2018 infossl

computersecurity, hacking, police, privacy, Security technology, vulnerabilities

Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of … Read More “Hacking Police Bodycams” »

Major Bluetooth Vulnerability

July 25, 2018 infossl

academicpapers, bluetooth, cryptography, encryption, keys, Security technology, vulnerabilities, wifi, wireless

Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all … Read More “Major Bluetooth Vulnerability” »

Traffic Analysis of the LTE Mobile Standard

July 2, 2018 infossl

academicpapers, cellphones, encryption, phones, Security technology, trafficanalysis, vulnerabilities

Interesting research in using traffic analysis to learn things about encrypted traffic. It’s hard to know how critical these vulnerabilities are. They’re very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting. Powered by WPeMatico

IEEE Statement on Strong Encryption vs. Backdoors

June 27, 2018 infossl

backdoors, encryption, keyescrow, nationalsecuritypolicy, Security technology, vulnerabilities

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as “backdoors” or “key escrow schemes” in order to facilitate … Read More “IEEE Statement on Strong Encryption vs. Backdoors” »