security

Export License for Zero-Days (May 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

The US Department of Commerce has proposed changes to the Wassenaar Agreement, seeking to impose more stringent rules for the export of zero-day exploits to entities outside the country.......

Categories: security

Medical Device Security Guidance for Developers (May 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

A paper titled "Building Code for Medical Device Software Security," offers guidance for developers.......

Categories: security

mSpy Acknowledges Database Breach (May 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

mSpy, a company that sells software that people can use to spy on others, has admitted that attackers broke into its systems and stole data.......

Categories: security

Password Security Questions Easy to Guess (May 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

Google's analysis of hundreds of millions of password security questions found that it would be easy for people intent on gaining access to someone's account to do so.......

Categories: security

NetUSB Vulnerability Affects Routers and Internet of Things Devices (May 20 & 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

An unchecked input flaw in the NetUSB device sharing service could be exploited to execute code remotely or cause denial-of-service conditions.......

Categories: security

FCC Policy Means Broadband Providers Must Adhere to Stricter Privacy Rules (May 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

The US Federal Communications Commission (FCC) is notifying Internet providers to let them know that they are now subject to stringent privacy regulations.......

Categories: security

Android Factory Reset Does Not Always Clear Data (May 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

Researchers at Cambridge University have found that as many as 500 million Android phones contain a security issue that could expose data even after the factory reset option is run.......

Categories: security

Logjam Flaw (May 19 & 20, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

Tens of thousands of HTTPS domains contain a vulnerability in the transport layer security protocol that the sites use to establish encrypted communications with users.......

Categories: security

Chrome 43 Promoted to Stable Channel (May 20 & 21, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

On Tuesday, May 19, Google moved Chrome 43 to the stable channel.......

Categories: security

Airbus Warns of Software Flaws in Engine Electronic Control Units (May 19 & 20, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

The crash of a military plane in Spain earlier this month may have been the result of buggy software.......

Categories: security

St. Louis Federal Reserve DNS Servers Breached (May 18 & 20, 2015)

SANS NewsBites - Sat, 2015-05-23 17:14

Attackers hijacked the domain name servers of the St.......

Categories: security

Friday Squid Blogging: Giant Squid Washes Up in New Zealand

Schneier on Security - Fri, 2015-05-22 17:39
The latest one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Categories: security

USPS Tracking Queries to Its Package Tracking Website

Schneier on Security - Fri, 2015-05-22 13:33
A man was arrested for drug dealing based on the IP address he used while querying the USPS package tracking website....
Categories: security

Why the Current Section 215 Reform Debate Doesn't Matter Much

Schneier on Security - Fri, 2015-05-22 06:45
The ACLU's Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA. There were 180 orders authorized last year by the FISA Court under Section 215 -- 180 orders issued by this court. Only five...
Categories: security

Freelance hacking site vows to clean up dodgy listings

LinuxSecurity.com - Fri, 2015-05-22 05:19
LinuxSecurity.com: Charles Tendell is trying to repair a reputation problem for his website, Hacker's List. The site debuted in November and quickly drew high-profile attention, including a front-page story in the New York Times. It's an online marketplace where people can list computer-security related jobs for bidding and match them with the right "hacker."
Categories: linux, news, security

Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point

LinuxSecurity.com - Fri, 2015-05-22 05:17
LinuxSecurity.com: In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
Categories: linux, news, security

Data Encryption In The Cloud: Square Pegs In Round Holes

LinuxSecurity.com - Fri, 2015-05-22 05:14
LinuxSecurity.com: Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. "Format-preserving" encryption could change all that.
Categories: linux, news, security

New Pew Research Report on Americans' Attitudes on Privacy, Security, and Surveillance

Schneier on Security - Thu, 2015-05-21 14:05
This is interesting: The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used....
Categories: security

Google Reveals the Problem With Password Security Questions

LinuxSecurity.com - Thu, 2015-05-21 12:12
LinuxSecurity.com: Using one guess, an attacker has a 19.7 percent chance of guessing an English speaking user loves pizza, according to Google's findings, which looked at hundreds of millions of questions and answers for account recovery claims.
Categories: linux, news, security

FBI: Data Breaches Up 400%; Workforce Needs To Be 'Doubled or Tripled' (May 14, 2015)

SANS NewsBites - Thu, 2015-05-21 09:57

James Trainor, acting assistant director of the FBI's Cyber Division, said the agency used to learn about a new, large-scale data breach every two or three weeks.......

Categories: security

Pages