vulnerabilities – Page 9 – SSL and internet security news

Dependency Confusion: Another Supply-Chain Vulnerability

February 23, 2021 infossl

malware, Security technology, supply chain, Uncategorized, vulnerabilities

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article: Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create … Read More “Dependency Confusion: Another Supply-Chain Vulnerability” »

Router Security

February 19, 2021 infossl

hardware, Internet of Things, linux, mitigation, patching, reports, Security technology, Uncategorized, vulnerabilities

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of … Read More “Router Security” »

Smart Lock Vulnerability

August 10, 2020 infossl

hacking, internetofthings, locks, physicalsecurity, Security technology, vulnerabilities

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec’s $139.99 UltraLoq is marketed as a “secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code.” Users can share temporary codes and ‘Ekeys’ to friends and guests for scheduled access, but according to … Read More “Smart Lock Vulnerability” »

Facebook Helped Develop a Tails Exploit

June 12, 2020 infossl

children, exploits, facebook, fbi, pornography, Security technology, vulnerabilities, zeroday

This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI had tried to hack … Read More “Facebook Helped Develop a Tails Exploit” »

Another Intel Speculative Execution Vulnerability

June 11, 2020 infossl

exploits, hacking, hardware, intel, keys, Security technology, sidechannelattacks, vulnerabilities

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they — and the research into the Intel ME vulnerability — have shown researchers where to look, more is coming — and what they’ll find will be worse … Read More “Another Intel Speculative Execution Vulnerability” »

Security Analysis of the Democracy Live Online Voting System

June 9, 2020 infossl

academicpapers, reverseengineering, Security technology, securityanalysis, voting, vulnerabilities

New research: “Security Analysis of the Democracy Live Online Voting System“: Abstract: Democracy Live’s OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and (optionally) online voting. Three states — Delaware, West Virginia, and New Jersey — recently announced that they will allow certain voters to cast votes online using OmniBallot, but, … Read More “Security Analysis of the Democracy Live Online Voting System” »

“Sign in with Apple” Vulnerability

June 2, 2020 infossl

apple, hacking, Security technology, securityengineering, vulnerabilities, zeroday

Researcher Bhavuk Jain discovered a vulnerability in the “Sign in with Apple” feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD (6/2): Another story. Powered by WPeMatico

Bluetooth Vulnerability: BIAS

May 26, 2020 infossl

authentication, bluetooth, impersonation, Security technology, securityengineering, vulnerabilities, wireless

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a … Read More “Bluetooth Vulnerability: BIAS” »

Attack Against PC Thunderbolt Port

May 12, 2020 infossl

hacking, intel, linux, physicalsecurity, Security technology, vulnerabilities, windows

The attack requires physical access to the computer, but it’s pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer — and even its hard disk encryption — to gain full access to the computer’s data. And while his attack in … Read More “Attack Against PC Thunderbolt Port” »

iOS XML Bug

May 7, 2020 infossl

cybersecurity, ios, malware, Security technology, vulnerabilities

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza’s explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS (and MacOS). iOS’s … Read More “iOS XML Bug” »