Category: vulnerabilities

Auto Added by WPeMatico

More on the Vulnerabilities Equities Process

Posted on By infossl
dmca, hacking, nationalsecuritypolicy, Security technology, vulnerabilities

The Open Technology Institute of the New America Foundation has released a policy paper on the vulnerabilities equities process: “Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications.” Their policy recommendations: Minimize participation in the vulnerability black market. Establish strong, clear procedures for disclosure when it discovers and acquires … Read More “More on the Vulnerabilities Equities Process” »

The Equation Group's Sophisticated Hacking and Exploitation Tools

Posted on By infossl
edwardsnowden, exploits, hacking, implants, kaspersky, nsa, Security technology, vulnerabilities

This week, Kaspersky Labs published detailed information on what it calls the Equation Group — almost certainly the NSA — and its abilities to embed spyware deep inside computers, gaining pretty much total control of those computers while maintaining persistence in the face of reboots, operating system reinstalls, and commercial anti-virus products. The details are … Read More “The Equation Group's Sophisticated Hacking and Exploitation Tools” »

NSA Hacking of Cell Phone Networks

Posted on By infossl
cellphones, essays, hacking, nsa, privacy, Security technology, surveillance, vulnerabilities

The Intercept has published an article — based on the Snowden documents — about AURORAGOLD, an NSA surveillance operation against cell phone network operators and standards bodies worldwide. This is not a typical NSA surveillance operation where agents identify the bad guys and spy on them. This is an operation where the NSA spies on … Read More “NSA Hacking of Cell Phone Networks” »

Economic Failures of HTTPS Encryption

Posted on By infossl
academicpapers, certificates, costbenefitanalysis, economicsofsecurity, externalities, https, Security technology, vulnerabilities

Interesting paper: “Security Collapse of the HTTPS Market.” From the conclusion: Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in … Read More “Economic Failures of HTTPS Encryption” »