vulnerabilities – Page 19 – SSL and internet security news

Who Are the Shadow Brokers?

May 30, 2017 infossl

cybersecurity, cyberweapons, hacking, leaks, nsa, Security technology, vulnerabilities, whistleblowers

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of NSA secrets. Since last summer, they’ve been dumping these secrets on the Internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands … Read More “Who Are the Shadow Brokers?” »

Attack vs. Defense in Nation-State Cyber Operations

April 13, 2017 infossl

academicpapers, cyberattack, cyberwar, defense, nationalsecuritypolicy, Security technology, vulnerabilities

I regularly say that, on the Internet, attack is easier than defense. There are a bunch of reasons for this, but primarily it’s 1) the complexity of modern networked computer systems and 2) the attacker’s ability to choose the time and method of the attack versus the defender’s necessity to secure against every type of … Read More “Attack vs. Defense in Nation-State Cyber Operations” »

Fourth WikiLeaks CIA Attack Tool Dump

April 10, 2017 infossl

cia, hacking, leaks, Security technology, vulnerabilities, wikileaks

WikiLeaks is obviously playing their Top Secret CIA data cache for as much press as they can, leaking the documents a little at a time. On Friday they published their fourth set of documents from what they call “Vault 7”: 27 documents from the CIA’s Grasshopper framework, a platform used to build customized malware payloads … Read More “Fourth WikiLeaks CIA Attack Tool Dump” »

WikiLeaks Not Disclosing CIA-Hoarded Vulnerabilities to Companies

March 21, 2017 infossl

cia, nsa, Security technology, vulnerabilities, wikileaks, zeroday

WikiLeaks has started publishing a large collection of classified CIA documents, including information on several — possibly many — unpublished (i.e., zero-day) vulnerabilities in computing equipment used by Americans. Despite assurances that the US government prioritizes defense over offense, it seems that the CIA was hoarding vulnerabilities. (It’s not just the CIA; last year we … Read More “WikiLeaks Not Disclosing CIA-Hoarded Vulnerabilities to Companies” »

Google Discloses Details of an Unpatched Microsoft Vulnerability

March 9, 2017 infossl

browsers, google, microsoft, patching, Security technology, vulnerabilities

Google’s Project Zero is serious about releasing the details of security vulnerabilities 90 days after they alert the vendors, even if they’re unpatched. It just exposed a nasty vulnerability in Microsoft’s browsers. This is the second unpatched Microsoft vulnerability it exposed last week. I’m a big fan of responsible disclosure. The threat to publish vulnerabilities … Read More “Google Discloses Details of an Unpatched Microsoft Vulnerability” »

WhatsApp Security Vulnerability

January 17, 2017 infossl

backdoors, encryption, facebook, Security technology, signal, usability, vulnerabilities, whatsapp

Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages. It seems that this vulnerability is real: WhatsApp has the ability to force … Read More “WhatsApp Security Vulnerability” »

Class Breaks

January 3, 2017 infossl

computersecurity, essays, internetofthings, locks, risks, Security technology, vulnerabilities

There’s a concept from computer security known as a class break. It’s a particular security vulnerability that breaks not just one system, but an entire class of systems. Examples might be a vulnerability in a particular operating system that allows an attacker to take remote control of every computer that runs on that system’s software. … Read More “Class Breaks” »

Smartphone Secretly Sends Private Data to China

November 18, 2016 infossl

android, backdoors, cellphones, china, Security technology, vulnerabilities

This is pretty amazing: International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone … Read More “Smartphone Secretly Sends Private Data to China” »

Hacking Password-Protected Computers via the USB Port

November 17, 2016 infossl

hacking, https, internetofthings, nationalsecuritypolicy, Security technology, usb, vulnerabilities

PoisonTap is an impressive hacking tool that can compromise computers via the USB port, even when they are password-protected. What’s interesting is the chain of vulnerabilities the tool exploits. No individual vulnerability is a problem, but together they create a big problem. Kamkar’s trick works by chaining together a long, complex series of seemingly innocuous … Read More “Hacking Password-Protected Computers via the USB Port” »

More on the Equities Debate

September 20, 2016 infossl

disclosure, nationalsecuritypolicy, Security technology, vulnerabilities

This is an interesting back-and-forth: initial post by Dave Aitel and Matt Tait, a reply by Mailyn Filder, a short reply by Aitel, and a reply to the reply by Filder. Powered by WPeMatico