Category: vulnerabilities

Auto Added by WPeMatico

iPhone Zero-Day Used by UAE Government

Posted on By infossl
apple, cyberweapons, ios, iphone, patching, Security technology, uae, unitedarabemirates, vulnerabilities, zeroday

Last week, Apple issued a critical security patch for the iPhone: iOS 9.3.5. The incredible story is that this patch is the result of investigative work by Citizen Lab, which uncovered a zero-day exploit being used by the UAE government against a human rights defender. The UAE spyware was provided by the Israeli cyberweapons arms … Read More “iPhone Zero-Day Used by UAE Government” »

The NSA Is Hoarding Vulnerabilities

Posted on By infossl
cisco, dhs, edwardsnowden, essays, exploits, lies, nationalsecuritypolicy, nsa, Security technology, vulnerabilities, zeroday

The National Security Agency is lying to us. We know that because of data stolen from an NSA server was dumped on the Internet. The agency is hoarding information about security vulnerabilities in the products you use, because it wants to use it to hack others’ computers. Those vulnerabilities aren’t being reported, and aren’t getting … Read More “The NSA Is Hoarding Vulnerabilities” »

Security Vulnerabilities in Wireless Keyboards

Posted on By infossl
hacking, keylogging, Security technology, vulnerabilities, wireless

Most of them are unencrypted, which makes them vulnerable to all sorts of attacks: On Tuesday Bastille’s research team revealed a new set of wireless keyboard attacks they’re calling Keysniffer. The technique, which they’re planning to detail at the Defcon hacker conference in two weeks, allows any hacker with a $12 radio device to intercept … Read More “Security Vulnerabilities in Wireless Keyboards” »

More on the Vulnerabilities Equities Process

Posted on By infossl
dmca, hacking, nationalsecuritypolicy, Security technology, vulnerabilities

The Open Technology Institute of the New America Foundation has released a policy paper on the vulnerabilities equities process: “Bugs in the System: A Primer on the Software Vulnerability Ecosystem and its Policy Implications.” Their policy recommendations: Minimize participation in the vulnerability black market. Establish strong, clear procedures for disclosure when it discovers and acquires … Read More “More on the Vulnerabilities Equities Process” »

The Equation Group's Sophisticated Hacking and Exploitation Tools

Posted on By infossl
edwardsnowden, exploits, hacking, implants, kaspersky, nsa, Security technology, vulnerabilities

This week, Kaspersky Labs published detailed information on what it calls the Equation Group — almost certainly the NSA — and its abilities to embed spyware deep inside computers, gaining pretty much total control of those computers while maintaining persistence in the face of reboots, operating system reinstalls, and commercial anti-virus products. The details are … Read More “The Equation Group's Sophisticated Hacking and Exploitation Tools” »

NSA Hacking of Cell Phone Networks

Posted on By infossl
cellphones, essays, hacking, nsa, privacy, Security technology, surveillance, vulnerabilities

The Intercept has published an article — based on the Snowden documents — about AURORAGOLD, an NSA surveillance operation against cell phone network operators and standards bodies worldwide. This is not a typical NSA surveillance operation where agents identify the bad guys and spy on them. This is an operation where the NSA spies on … Read More “NSA Hacking of Cell Phone Networks” »

Economic Failures of HTTPS Encryption

Posted on By infossl
academicpapers, certificates, costbenefitanalysis, economicsofsecurity, externalities, https, Security technology, vulnerabilities

Interesting paper: “Security Collapse of the HTTPS Market.” From the conclusion: Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in … Read More “Economic Failures of HTTPS Encryption” »