Cybersecurity

Microsoft Accidentally Provides Example of Dangers of Encryption ‘Back Doors’ http://reason.com/blog/2016/08/10/microsoft-accidentally-provides-example This example again shows that encryption back doors are a bad idea. Security failures have created “golden keys” which unlock Windows devices protected by Secure Boot. Microsoft Secure Boot key debacle causes security panic http://www.zdnet.com/article/microsoft-secure-boot-key-debacle-causes-security-panic/ Microsoft has one particular boot policy (“golden key” debug) →

A New Wireless Hack Can Unlock 100 Million Volkswagens https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars without keys but were hit with lawsuit to delay publication. Now, a →

http://www.howtogeek.com/169139/sandboxes-explained-how-theyre-already-protecting-you-and-how-to-sandbox-any-program/ Sandboxing is an important security technique that isolates programs, preventing malicious or malfunctioning programs from damaging or snooping on the rest of your computer. The software you use is already sandboxing much of the code you run every day. You can also create sandboxes of your own to test or analyze software in a →

http://www.techworm.net/2016/08/8-wacky-hacking-tools-years-black-hat-conference.html →

http://www.ibtimes.co.uk/top-5-scary-hacks-that-emerged-black-hat-usa-hacker-conference-1574677 Hackers can hack every gadget and spy! →

http://arstechnica.com/security/2016/08/linux-bug-leaves-usa-today-other-top-sites-vulnerable-to-serious-hijacking-attacks/ There is a serious problem in new TCP feature designed to prevent hacking: it makes possible to make easily man-in-the-middle type attacks from anywhere. Feature is built into Linux kernel 3.6-4.7 (patch on newest version available). https://www.rt.com/usa/355558-linux-vulnerability-websites-attacks/ At the symposium, the researchers demonstrated the exploit by injecting code into a live USA Today page →

Android vulnerability QuadRooter attracted attention at DefCon24 event. QuadRooter was marketed as New Android Vulnerabilities in Over 900 Million Devices. Security company Check Point made lots of noise about it, including releasing an Adroid app to check your phone against this security flaw. QuadRooter is a set of four vulnerabilities affecting Android devices built using →

https://www.linkedin.com/pulse/how-become-hacker-steps-step-pro-mr-ooppss?trk=hp-feed-article-title-share This article has a good list of steps to become good hacker.  →

http://thehackernews.com/2016/08/hacking-chip-pin-card.html?m=1 It seems that EVM chip-and-pin cards can be hacked too easily to steal money. →

https://www.linkedin.com/pulse/understanding-ssl-usage-country-john-matherly?trk=hp-feed-article-title-like Nice report on SSL usage situation in real world. →