As researchers continue to review the data dumps from the Ashley Madison breach, there are lessons to be learned from what has been found. While Ashley Madison claimed to have good security, the evidence does not support that. For example, the VPN password from the Internet to their servers was Pass1234, according to one article […]
Continue reading → [DISPLAY_ACURAX_ICONS]This is the week for car hacks – because it is the week before the hacker conference Defcon. In this case, for about $100, a researcher has created a black box that, while no where as dramatic as the Jeep hack, is still unnerving. The black box is a WiFi hotspot. It intercepts the communications […]
Continue reading → [DISPLAY_ACURAX_ICONS]UPDATE: The details are out. The issue is that under certain circumstances, a hacker could get OpenSSL to accept an HTTPS certificate that is fraudulent. This does not affect the major browsers, but rather the second and third tier software that uses SSL behind the scenes. Likely, you don’t even know all the places that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Apple released patches to fix a family of security flaws called Masque the other day in iOS release 8.4 . Researchers then came up with a new variant of the flaw that the patch doesn’t fix. Apple had fixed earlier variants of the Masque attack in iOS 8.1.3 , Anyone see a theme here. Unfortunately, […]
Continue reading → [DISPLAY_ACURAX_ICONS]According to Veracode, the government isn’t very good at fixing software flaws. In fact, of 7 vertical segments, they rank last. The financial and manufacturing sectors do best at fixing vulnerabilities. Healthcare organizations don’t do well and cloud vendors (SaaS) fail the OWASP top 10 almost 75% of the time. Given this, it is not […]
Continue reading → [DISPLAY_ACURAX_ICONS]Another day, another software supply chain exploit. This time, Zytel and D-Link have confirmed that their routers have the bug, but researchers think products from Netgear, TP-Link, Trendnet and other vendors are vulnerable. Already 90 plus products from more than 20 vendors have been potentially identified as vulnerable. Only TP-Link has announced a patch. The […]
Continue reading → [DISPLAY_ACURAX_ICONS]