https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-english-primer/ Article on SSL security. It is beyond doubt that it is simply not secure to blindly trust the medium that connects your users to the internet. HTTPS was created to allow HTTP traffic to be transmitted in encrypted form This blog post presents a plain-english primer on how HTTPS protection can be stripped and →
http://www.zdnet.com/article/reaper-botnet-could-be-worse-than-mirai-cyberattack/?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3BMmD%2FR1DIQduoO1k8kb9JCA%3D%3D A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers. Now it’s on track to become one of the largest botnets recorded in recent years. The botnet, dubbed “Reaper” by researchers at Netlab 360, is said to have ensnared almost two million internet-connected webcams, →
https://spectrum.ieee.org/telecom/security/to-secure-the-internet-of-things-we-must-build-it-out-of-patchable-hardware For several years now, the number of things connected to the Internet—including phones, smart watches, fitness trackers, home thermostats, and various sensors—has exceeded the human population. For the most part, this development promises great excitement and opportunity for engineers and society at large. But there is a dark cloud hanging over the IoT: the →
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. The weakness allows attackers to calculate the private portion of any vulnerable key →
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severe vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points. There is a proof-of-concept exploit called KRACK, short for Key Reinstallation Attacks. KRACK →
https://www.troyhunt.com/what-would-it-look-like-if-we-put-warnings-on-iot-devices-like-we-do-cigarette-packets/ So how would warning labels on IoT devices that have had serious security vulnerabilities look? Hilarious and also so needed. “Intrusions can occur anywhere”… Or maybe it doesn’t need to be tech/legalspeak. WARNING! This connects to the INTERNET and BAD THINGS may happen! →
Numerous companies have shamed themselves by posting their sensitive data and encryption keys to public cloud without any protection, where cyber criminals and security researches find them. What is the better way to get a bad dent to the “professional” cover of the data security consultanting company than doing exactly this? And yet those companies →
Your Hard Disk As An Accidental Microphone article tells that modern hard disks can sense sounds around them unintentionally. [Alfredo Ortega] has uncovered in his talk at the EKO Party conference in Buenos Aires where he he demonstrates how a traditional spinning-rust computer hard disk interacts with vibration in its surroundings, and can either become →
http://securityaffairs.co/wordpress/63902/security/securing-smart-grid.html During the recent years, there have been two cyber-attacks on power plants in Ukraine, which for the first time in the history succeeded to disrupted and cut power in a country. An analysis of the events in Ukraine indicates that in order for a cyber-attack to materialize, three conditions must exist: opportunity, ability, and motivation. →
https://opensource.com/article/17/3/iot-security-raspberry-pi?sc_cid=7016000000127ECAAY The Raspberry Pi and many other inexpensive computer boards like it have become part of the “Internet of Things” or IoT revolution. Because your Raspberry Pi is a Linux system, most advice for security on larger systems applies to your project, too. Find out what sensible steps you can take to protect your Raspberry Pi →