The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | vulnerability

If you care at all about security and privacy, a recent security analysis of the D-Link DWR-932 B LTE router will make your head explode. Researcher Pierre Kim found an amazing set of security vulnerabilities that should embarrass a first year developer.

· · · ·

“HONG KONG — The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ […]

· ·

How to protect yourself against the recent Rootpipe vulnerability in the Mac OS X version of sudo, which would allow an attacker total control of your computer.

· ·

BadUSB security vulnerability is very broad, exploit code has been released, and it is unlikely to be fixed any time soon. Video Podcast.

· · · · ·

Governments urge Internet Explorer users to switch browsers until fix found | ZDNet This and many other articles are relaying the information that governments are encouraging users to move to Chrome, Firefox, or Safari until this Microsoft Internet explorer bug is fixed. The vulnerability seems to have been in every version of IE since 6 […]

· · · · ·

Apple released an update for Mac OS X 10.9 fixing the serious GOTO FAIL SSL vulnerability. This update appears to resolve the problem for The Safari browser, and many other Apple applications that use SSL/TLS. If you use a Mac, make sure you install this update ASAP. Go to Software Update and you should see […]

Feb/14

23

Apple SSL vulnerability

Everybody has been talking about the Apple SSL vulnerability, but just in case you have missed it…. It turns out that for several years Safari has failed to properly check the cryptographic signatures on Server Key Exchanges allowing attackers to mount man in the middle attacks against your browser sessions. Anyone with the ability to […]

· ·

The latest Java exploit has given another view into the workings of the cybercrime economy. Although I should not be, I am always startled at just how open and robustly capitalistic the whole enterprise has become. The business is conducted more or less in the open. Krebs on Security has a nice piece on an […]

· ·

I did not post on the recent Java vulnerability because the fixes came out so quickly, however, it looks like I relaxed too soon. Apparently there was a second vulnerability that did not get fixed. At this point, you should probably just disable Java in your browser. Gizmodo has a short article on how to […]

· ·

spider.io is talking about a bug they discovered in Microsoft Internet Explorer versions 6-10. Evidently the bug allows tracking of your mouse movement even if the browser window has been minimized and you have a different application active. They say that at least two companies providing display ad analytics are already using this exploit to improve […]

· ·