Category: vulnerabilities

Auto Added by WPeMatico

Security Vulnerabilities in Smart Contracts

Posted on By infossl
academicpapers, blockchain, Security technology, vulnerabilities

Interesting research: “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale“: Abstract: Smart contracts — stateful executable objects hosted on blockchains like Ethereum — carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations … Read More “Security Vulnerabilities in Smart Contracts” »

The Effects of the Spectre and Meltdown Vulnerabilities

Posted on By infossl
cloudcomputing, intel, internetofthings, patching, Security technology, vulnerabilities

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors’ manufacturers, and patched­ — at least to the extent possible. This news isn’t really any different from the usual endless stream … Read More “The Effects of the Spectre and Meltdown Vulnerabilities” »

WhatsApp Vulnerability

Posted on By infossl
academicpapers, control, encryption, Security technology, signal, vulnerabilities, whatsapp

A new vulnerability in WhatsApp has been discovered: …the researchers unearthed far more significant gaps in WhatsApp’s security: They say that anyone who controls WhatsApp’s servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Matthew Green has a good … Read More “WhatsApp Vulnerability” »

Yet Another FBI Proposal for Insecure Communications

Posted on By infossl
cloudcomputing, cryptography, cryptowars, encryption, fbi, police, Security technology, vulnerabilities

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we … Read More “Yet Another FBI Proposal for Insecure Communications” »

Security Vulnerabilities in Certificate Pinning

Posted on By infossl
academicpapers, certificates, maninthemiddleattacks, Security technology, vpn, vulnerabilities

New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper: Abstract: Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of … Read More “Security Vulnerabilities in Certificate Pinning” »

Vulnerability in Amazon Key

Posted on By infossl
amazon, hacking, keys, locks, patching, Security technology, vulnerabilities

Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don’t abuse their one-time access privilege. Cloud Cam has been hacked: But now security researchers have demonstrated that with … Read More “Vulnerability in Amazon Key” »

New White House Announcement on the Vulnerability Equities Process

Posted on By infossl
nationalsecuritypolicy, nsa, Security technology, vulnerabilities

The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new … Read More “New White House Announcement on the Vulnerability Equities Process” »