Pirates hack into shipping company’s servers to identify booty | Ars Technica
http://arstechnica.com/security/2016/03/pirates-hack-into-shipping-companys-servers-to-identify-booty/ Posted from WordPress for Android →
Cybersecurity
HTTPS DROWN flaw: Security bods’ hearts sink as tatty protocols wash away web crypto • The Register
The discovery of a HTTPS encryption vulnerability, dubbed DROWN, again proves that supporting tired old protocols weakens modern crypto systems. DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are core cryptographic protocols for →
DROWN Attack
https://drownattack.com/#check Posted from WordPress for Android →
CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
CacheBleed is a side-channel attack that exploits information leaks through cache-bank conflicts in Intel processors. By detecting cache-bank conflicts via minute timing variations, we are able to recover information about victim processes running on the same machine. Our attack is able to recover both 2048-bit and 4096-bit RSA secret keys from OpenSSL 1.0.2f running on →
Tackling the Future of Digital Trust—While It Still Exists – IEEE Spectrum
Last week, some 50 cybersecurity experts and observers took on a unique challenge: imagining a future in which bad things have happened in the digital world, and figuring out how to recover from them. The event, designed to help form solutions to problems before they happen, rather than in a panicked reaction afterwards http://spectrum.ieee.org/view-from-the-valley/telecom/security/tackling-the-future-of-digital-trustwhile-it-still-exists Posted from WordPress for Android →
Turing Robotics Drops Android And Sets Up Shop In Finland Amid Global Security Concerns | TechCrunch
California-based secure smartphone manufacturer Turing Robotics Industries announced that it will move manufacturing and its new global headquarter to the Finnish city of Salo. Turing’s decision is rooted in security concerns. “Finland’s Act on the Protection of Privacy in Electronic Communications which safeguards confidentiality and privacy in telecommunications was the main reason behind TRI’s move →
Avast set up rogue access points at Mobile World Congress to prove people suck at security | News | Geek.com
You might think that the kind of tech heads who attend CES and Mobile World Congress have a clue about security. Avast set up an experiment to prove that’s not necessarily the case. How did they do it? By setting up a rogue wireless access point and broadcasting SSIDs like Starbucks, Airport_Free_Wifi_AENA, and MWC Free →
Mousejack lets attackers take over your computer via your wireless mouse | News | Geek.com
An analysis by researchers at Bastille Networks indicates that your wireless mouse might provide an attacker with a route to get malware onto your machine, provided they’re within about 100 meters. They’ve dubbed this vulnerability “Mousejack.” The researchers tested many mice from manufacturers like Logitech, Dell, and Lenovo that operate over 2.4GHz wireless communications. This →
A Skeleton Key of Unknown Strength | Dan Kaminsky’s Blog
http://dankaminsky.com/2016/02/20/skeleton/ Long article on this week’s glibc DNS security flaw. Posted from WordPress for Android →
How to Safely Store Your Users’ Passwords in 2016 – Paragon Initiative Enterprises Blog
Modern, Secure, Salted Password Hashing Made Simple https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016 Posted from WordPress for Android →