The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

CAT | vulnerability

If you care at all about security and privacy, a recent security analysis of the D-Link DWR-932 B LTE router will make your head explode. Researcher Pierre Kim found an amazing set of security vulnerabilities that should embarrass a first year developer.

· · · ·

SuperFish bloatware on Lenovo exposes users to trivial man in the middle attacks by anyone.

·

Google engineer Adrienne Felt recently noticed that Gogo in-flight Wi-Fi was messing with the SSL certificates on secure Google web pages. Her browser showed a problem with the HTTPs connection, and further investigation showed that the SSL certificate was self signed by Gogo’s own untrusted certificate authority.

· · · · ·

Governments urge Internet Explorer users to switch browsers until fix found | ZDNet This and many other articles are relaying the information that governments are encouraging users to move to Chrome, Firefox, or Safari until this Microsoft Internet explorer bug is fixed. The vulnerability seems to have been in every version of IE since 6 […]

· · · · ·

Apple released an update for Mac OS X 10.9 fixing the serious GOTO FAIL SSL vulnerability. This update appears to resolve the problem for The Safari browser, and many other Apple applications that use SSL/TLS. If you use a Mac, make sure you install this update ASAP. Go to Software Update and you should see […]

Feb/14

23

Apple SSL vulnerability

Everybody has been talking about the Apple SSL vulnerability, but just in case you have missed it…. It turns out that for several years Safari has failed to properly check the cryptographic signatures on Server Key Exchanges allowing attackers to mount man in the middle attacks against your browser sessions. Anyone with the ability to […]

· ·