HackDig : Dig high-quality web security articles for hacker

Crypto flaw made it easy for attackers to snoop on Juniper customers

As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos
Publish At:2016-07-15 09:45 | Read:1871 | Comments:0 | Tags:Risk Assessment Technology Lab backdoors cryptography encryp

Paint it black: Revisiting the Blackphone and its cloudy future

When we reviewed the Blackphone 2 last September, the company behind the privacy-focused smartphone was in transition. Silent Circle had moved to bring the Blackphone joint venture with the Madrid-based Geeksphone back under its umbrella, hired a telecom industry veteran as CEO, and was fine-tuning its marketing to go after an enterprise audience. The phone’
Publish At:2016-07-14 15:25 | Read:1636 | Comments:0 | Tags:Gear & Gadgets Risk Assessment Technology Lab Cloud

20-year-old Windows bug lets printers install malware—patch now

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.The vulnerability res
Publish At:2016-07-14 15:25 | Read:1349 | Comments:0 | Tags:Risk Assessment Technology Lab exploits Microsoft Windows pa

Bug bounties and automotive firewalls: Dealing with the car hacker threat

As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack.
Publish At:2016-07-14 15:25 | Read:1647 | Comments:0 | Tags:Cars Technica Risk Assessment car hacking

In wake of Appelbaum fiasco, Tor Project shakes up board of directors

Further ReadingTor developer Jacob Appelbaum quits after “sexual mistreatment” allegations [Updated]Tor: new claims "consistent with rumors some of us had been hearing for some time."Over a month after a prominent staffer at the Tor Project left the organization amid public accusations of sexual misconduct, the project has shaken up its entire seven-person b
Publish At:2016-07-14 15:25 | Read:1231 | Comments:0 | Tags:Risk Assessment board Tor Project

FDIC was hacked by China, and CIO covered it up

A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief
Publish At:2016-07-14 15:25 | Read:1013 | Comments:0 | Tags:Risk Assessment Technology Lab

Nation-backed malware that infected energy firm is 1 of 2016’s sneakiest

A campaign that targeted a European energy company wielded malware that's so sneaky and advanced it almost certainly is the work of a wealthy nation, researchers said Tuesday.Further ReadingFirst known hacker-caused power outage signals troubling escalationHighly destructive malware creates "destructive events" at 3 Ukrainian substations.The malware contains
Publish At:2016-07-13 02:40 | Read:1598 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Energy malware

Now it’s easy to see if leaked passwords work on other sites

Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other
Publish At:2016-07-12 08:25 | Read:1448 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab account creden

iOS version of Pokémon Go is a possible privacy trainwreck [Updated]

Update: Niantic has confirmed in a statement that the Pokémon Go app requests more permissions than it needs but that it has not accessed any user information. Google will automatically push a fix on its end to reduce the app's permissions, and Niantic will release an update to the app to make it request fewer permissions in the first place. The full stateme
Publish At:2016-07-12 08:25 | Read:2095 | Comments:0 | Tags:Opposable Thumbs Risk Assessment apple iOS pokemon pokemon g

HTTPS is not a magic bullet for Web security

We're in the midst of a major change sweeping the Web: the familiar HTTP prefix is rapidly being replaced by HTTPS. That extra "S" in an HTTPS URL means your connection is secure and that it's much harder for anyone else to see what you're doing. And on today's Web, everyone wants to see what you're doing.HTTPS has been around nearly as long as the Web, but
Publish At:2016-07-11 14:10 | Read:1649 | Comments:0 | Tags:Features Risk Assessment HTTPS

HTTPS crypto’s days are numbered. Here’s how Google wants to save it

Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe.In the coming months, Goog
Publish At:2016-07-09 07:25 | Read:1364 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption HTTPS

10 million Android phones infected by all-powerful auto-rooting apps

Security experts have documented a disturbing spike in a particularly virulent family of Android malware, with more than 10 million handsets infected and more than 286,000 of them in the US.Further ReadingNew type of auto-rooting Android adware is nearly impossible to remove20,000 samples found impersonating apps from Twitter, Facebook, and others.Researcher
Publish At:2016-07-07 18:55 | Read:1399 | Comments:0 | Tags:Gear & Gadgets Law & Disorder Risk Assessment Technology Lab

Don’t have a canary: Why Silent Circle dropped its warrant warning page

News reports that Silent Circle, the commercial encrypted voice-over-IP service company that manufactures the security-focused Blackphone, had removed its "warrant canary" webpage have apparently created some confusion. Things only got fuzzier since the company counsel stated that the page’s removal was a “business decision” and not the result of a warrant b
Publish At:2016-07-07 00:40 | Read:1324 | Comments:0 | Tags:Risk Assessment Technology Lab blackphone Silent Circle warr

After hiatus, in-the-wild Mac backdoors are suddenly back

After taking a hiatus, Mac malware is suddenly back, with three newly discovered strains that have access to Web cameras, password keychains, and pretty much every other resource on an infected machine.The first one, dubbed Eleanor by researchers at antivirus provider Bitdefender, is hidden inside EasyDoc Converter, a malicious app that is, or at least was,
Publish At:2016-07-07 00:40 | Read:1464 | Comments:0 | Tags:Infinite Loop Law & Disorder Risk Assessment Technology Lab

TP-Link forgets to register domain name, leaves config pages open to hijack

In common with many other vendors, TP-Link, one of the world's biggest sellers of Wi-Fi access points and home routers, has a domain name that owners of the hardware can use to quickly get to their router's configuration page. Unlike most other vendors, however, it appears that TP-Link has failed to renew its registration for the domain, leaving it available
Publish At:2016-07-07 00:40 | Read:1040 | Comments:0 | Tags:Risk Assessment DNS routers security

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud