vulnerabilities – Page 20 – SSL and internet security news

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

July 28, 2017 infossl

exploits, microsoft, nsa, patching, russia, Security technology, vulnerabilities, windows, zeroday

In April, the Shadow Brokers — presumably Russia — released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 — based on timestamps of the documents and the limited Windows … Read More “Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers” »

Firing a Locked Smart Gun

July 27, 2017 infossl

hacking, locks, rfid, Security technology, vulnerabilities

The Armatix IP1 “smart gun” can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable. Powered by WPeMatico

Ethereum Hacks

July 20, 2017 infossl

cryptocurrency, cryptography, hacking, Security technology, theft, vulnerabilities

The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they’re not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency — in this case, digital wallets. This is the second Ethereum hack this week. The first tricked people … Read More “Ethereum Hacks” »

WannaCry and Vulnerabilities

June 2, 2017 infossl

essays, hacking, microsoft, nsa, patching, ransomware, russia, Security technology, vulnerabilities

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims’ access to their computers until they pay a fee. Then there are the users who … Read More “WannaCry and Vulnerabilities” »

Who Are the Shadow Brokers?

May 30, 2017 infossl

cybersecurity, cyberweapons, hacking, leaks, nsa, Security technology, vulnerabilities, whistleblowers

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of NSA secrets. Since last summer, they’ve been dumping these secrets on the Internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands … Read More “Who Are the Shadow Brokers?” »

Attack vs. Defense in Nation-State Cyber Operations

April 13, 2017 infossl

academicpapers, cyberattack, cyberwar, defense, nationalsecuritypolicy, Security technology, vulnerabilities

I regularly say that, on the Internet, attack is easier than defense. There are a bunch of reasons for this, but primarily it’s 1) the complexity of modern networked computer systems and 2) the attacker’s ability to choose the time and method of the attack versus the defender’s necessity to secure against every type of … Read More “Attack vs. Defense in Nation-State Cyber Operations” »

Fourth WikiLeaks CIA Attack Tool Dump

April 10, 2017 infossl

cia, hacking, leaks, Security technology, vulnerabilities, wikileaks

WikiLeaks is obviously playing their Top Secret CIA data cache for as much press as they can, leaking the documents a little at a time. On Friday they published their fourth set of documents from what they call “Vault 7”: 27 documents from the CIA’s Grasshopper framework, a platform used to build customized malware payloads … Read More “Fourth WikiLeaks CIA Attack Tool Dump” »

WikiLeaks Not Disclosing CIA-Hoarded Vulnerabilities to Companies

March 21, 2017 infossl

cia, nsa, Security technology, vulnerabilities, wikileaks, zeroday

WikiLeaks has started publishing a large collection of classified CIA documents, including information on several — possibly many — unpublished (i.e., zero-day) vulnerabilities in computing equipment used by Americans. Despite assurances that the US government prioritizes defense over offense, it seems that the CIA was hoarding vulnerabilities. (It’s not just the CIA; last year we … Read More “WikiLeaks Not Disclosing CIA-Hoarded Vulnerabilities to Companies” »

Google Discloses Details of an Unpatched Microsoft Vulnerability

March 9, 2017 infossl

browsers, google, microsoft, patching, Security technology, vulnerabilities

Google’s Project Zero is serious about releasing the details of security vulnerabilities 90 days after they alert the vendors, even if they’re unpatched. It just exposed a nasty vulnerability in Microsoft’s browsers. This is the second unpatched Microsoft vulnerability it exposed last week. I’m a big fan of responsible disclosure. The threat to publish vulnerabilities … Read More “Google Discloses Details of an Unpatched Microsoft Vulnerability” »

WhatsApp Security Vulnerability

January 17, 2017 infossl

backdoors, encryption, facebook, Security technology, signal, usability, vulnerabilities, whatsapp

Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages. It seems that this vulnerability is real: WhatsApp has the ability to force … Read More “WhatsApp Security Vulnerability” »