SSL and internet security news – Page 210 – Informations about SSL certificates and networks security

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

November 22, 2017 infossl

The security researchers at Princeton are postingthe results of some very interesting research into web surveillance: You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and … Read More “Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement” »

Amazon Creates Classified US Cloud

November 21, 2017 infossl

amazon, cloudcomputing, intelligence, nationalsecuritypolicy, secrecy, Security technology

Amazon has a cloud for US classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it. Powered by WPeMatico

Vulnerability in Amazon Key

November 20, 2017 infossl

amazon, hacking, keys, locks, patching, Security technology, vulnerabilities

Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don’t abuse their one-time access privilege. Cloud Cam has been hacked: But now security researchers have demonstrated that with … Read More “Vulnerability in Amazon Key” »

Friday Squid Blogging: Peru and Chile Address Squid Overfishing

November 18, 2017 infossl

Security technology, squid

Peru and Chile have a new plan. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

New White House Announcement on the Vulnerability Equities Process

November 17, 2017 infossl

nationalsecuritypolicy, nsa, Security technology, vulnerabilities

The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new … Read More “New White House Announcement on the Vulnerability Equities Process” »

Motherboard Digital Security Guide

November 16, 2017 infossl

hacking, privacy, Security technology, securityawareness, securityeducation

This digital security guide by Motherboard is very good. I put alongside EFF’s “Surveillance Self-Defense” and John Scott-Railton’s “Digital Security Low Hanging Fruit.” There’s also “Digital Security and Privacy for Human Rights Defenders.” There are too many of these…. Powered by WPeMatico

Apple FaceID Hacked

November 15, 2017 infossl

apple, authentication, biometrics, cellphones, hacking, Security technology

It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that — by all appearances — they’d cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the … Read More “Apple FaceID Hacked” »

Long Article on NSA and the Shadow Brokers

November 14, 2017 infossl

breaches, hacking, insiders, leaks, nsa, Security technology

The New York Times just published a long article on the Shadow Brokers and their effects on NSA operations. Summary: it’s been an operational disaster, the NSA still doesn’t know who did it or how, and NSA morale has suffered considerably. This is me on the Shadow Brokers from last May. Powered by WPeMatico

Google’s Data on Login Thefts

November 13, 2017 infossl

academicpapers, credentials, google, keylogging, phishing, Security technology

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. … Read More “Google’s Data on Login Thefts” »

Friday Squid Blogging: Squid Season May Start Earlier Next Year

November 10, 2017 infossl

Security technology, squid

Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico