SSL and TLS, the security protocols that protect most of our banking and ecommerce transactions is a complicated beast – more so due to the the many options it offers. ars technica in an article titled “Noose around Internet’s TLS system tightens with two new decryption attacks”, discussed a paper presented at Black Hat Asia that describes […]
Continue reading → [DISPLAY_ACURAX_ICONS]Max Schrems, whom I have written about before (see post) is continuing his fight against Facebook. He first took his battle to the Irish Data Protection Commissioner (DPC) since Facebook Europe is based in Ireland, but the DPC declined to take the case, because, it said, it had no legal requirement to do so (meaning […]
Continue reading → [DISPLAY_ACURAX_ICONS]Remember when you bought that phone or USB cable at Radio shack and they asked for your name and email address? CBS is reporting that Radio Shack listed that as an asset in their bankruptcy and has put it up for sale. That means your name, address, phone number and purchase information is up for […]
Continue reading → [DISPLAY_ACURAX_ICONS]Researchers at David Ben Gurion University in Israel have demonstrated controlling a toy rocket launcher attached to an air gapped computer by another computer nearby (see article). There are lots of limitations to this attack, but still it shows how a motivated attacker like the NSA or its competitors, can suck data out of a […]
Continue reading → [DISPLAY_ACURAX_ICONS]I have to both harass and complement Hilton. Until recently, Hilton was offering Honors members 1,000 points to change their passwords. First the harassment: A security staffer at BancSec figured out that you could hijack any other Honors account by guessing or knowing the account number and making a small change to the site’s HTML. The […]
Continue reading → [DISPLAY_ACURAX_ICONS]UPDATE: KARE11 in Minneapolis is reporting that if you include attorney’s fees and other costs, Target will be on the hook for around $25 million (see article) and that payments could begin as early as April 30th. NPR is reporting that Target has agreed to set up a $10 million fund for victims of last […]
Continue reading → [DISPLAY_ACURAX_ICONS]