vulnerabilities – Page 19 – SSL and internet security news

Security Flaw in Infineon Smart Cards and TPMs

October 17, 2017 infossl

cryptanalysis, cryptography, estonia, idcards, Security technology, securityengineering, smartcards, vulnerabilities

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize … Read More “Security Flaw in Infineon Smart Cards and TPMs” »

Impersonating iOS Password Prompts

October 12, 2017 infossl

apple, impersonation, ios, passwords, Security technology, socialengineering, spoofing, vulnerabilities

This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps … Read More “Impersonating iOS Password Prompts” »

ISO Rejects NSA Encryption Algorithms

September 21, 2017 infossl

backdoors, cryptography, edwardsnowden, encryption, nsa, Security technology, vulnerabilities

The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions … Read More “ISO Rejects NSA Encryption Algorithms” »

Bluetooth Vulnerabilities

September 18, 2017 infossl

airgaps, bluetooth, malware, patching, Security technology, vulnerabilities

A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensive vulnerabilities discovered recently in a Broadcom Wi-Fi … Read More “Bluetooth Vulnerabilities” »

Security Vulnerabilities in AT&T Routers

September 6, 2017 infossl

att, encryption, Security technology, securityengineering, vulnerabilities

They’re actually Arris routers, sold or given away by AT&T. There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don’t know how many routers are affected, and estimates range from thousands to 138,000. Among the vulnerabilities are hardcoded credentials, which … Read More “Security Vulnerabilities in AT&T Routers” »

Unfixable Automobile Computer Security Vulnerability

August 18, 2017 infossl

cars, computersecurity, mitigation, protocols, Security technology, vulnerabilities

There is an unpatchable vulnerability that affects most modern cars. It’s buried in the Controller Area Network (CAN): Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable. Patching the issue means changing … Read More “Unfixable Automobile Computer Security Vulnerability” »

Penetrating a Casino’s Network through an Internet-Connected Fish Tank

August 4, 2017 infossl

casinos, gambling, hacking, internetofthings, Security technology, vulnerabilities

Attackers used a vulnerability in an Internet-connected fish tank to successfully penetrate a casino’s network. BoingBoing post. Powered by WPeMatico

NSA Collects MS Windows Error Information

August 1, 2017 infossl

espionage, hacking, incentives, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports: One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft’s Windows. Every user of the operating system is familiar with the … Read More “NSA Collects MS Windows Error Information” »

Measuring Vulnerability Rediscovery

July 31, 2017 infossl

academicpapers, patching, schneiernews, Security technology, vulnerabilities, zeroday

New paper: “Taking Stock: Estimating Vulnerability Rediscovery,” by Trey Herr, Bruce Schneier, and Christopher Morris: Abstract: How often do multiple, independent, parties discover the same vulnerability? There are ample models of vulnerability discovery, but little academic work on this issue of rediscovery. The immature state of this research and subsequent debate is a problem for … Read More “Measuring Vulnerability Rediscovery” »

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

July 28, 2017 infossl

exploits, microsoft, nsa, patching, russia, Security technology, vulnerabilities, windows, zeroday

In April, the Shadow Brokers — presumably Russia — released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 — based on timestamps of the documents and the limited Windows … Read More “Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers” »