A fun video describing some of the many Federation security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. Powered by WPeMatico
Category: vulnerabilities
Auto Added by WPeMatico
The story of the recent vulnerability in Apple’s HomeKit. Powered by WPeMatico
Now this is good news. The UK’s National Cyber Security Centre (NCSC) — part of GCHQ — found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I’d like believe the US does this, too. Powered by WPeMatico
New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper: Abstract: Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of … Read More “Security Vulnerabilities in Certificate Pinning” »
Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don’t abuse their one-time access privilege. Cloud Cam has been hacked: But now security researchers have demonstrated that with … Read More “Vulnerability in Amazon Key” »
The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new … Read More “New White House Announcement on the Vulnerability Equities Process” »
The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children. Press release. News article. This is the same group that found all those security and privacy vulnerabilities in smart dolls. Powered by WPeMatico
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize … Read More “Security Flaw in Infineon Smart Cards and TPMs” »
This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps … Read More “Impersonating iOS Password Prompts” »
The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions … Read More “ISO Rejects NSA Encryption Algorithms” »