After the Ashley Madison breach, everyone sighed a breath of relief because the passwords were encrypted with bcrypt. Bcrypt, as used by Ashley Madison, hashed the password 4,096 times. That calculation meant that even with fast computers it would take centuries to crack all of them. Until a group of hobbyists – yes hobbyists, not professional […]
Continue reading → [DISPLAY_ACURAX_ICONS]As researchers continue to review the data dumps from the Ashley Madison breach, there are lessons to be learned from what has been found. While Ashley Madison claimed to have good security, the evidence does not support that. For example, the VPN password from the Internet to their servers was Pass1234, according to one article […]
Continue reading → [DISPLAY_ACURAX_ICONS]This is the week for car hacks – because it is the week before the hacker conference Defcon. In this case, for about $100, a researcher has created a black box that, while no where as dramatic as the Jeep hack, is still unnerving. The black box is a WiFi hotspot. It intercepts the communications […]
Continue reading → [DISPLAY_ACURAX_ICONS]UPDATE: The details are out. The issue is that under certain circumstances, a hacker could get OpenSSL to accept an HTTPS certificate that is fraudulent. This does not affect the major browsers, but rather the second and third tier software that uses SSL behind the scenes. Likely, you don’t even know all the places that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Apple released patches to fix a family of security flaws called Masque the other day in iOS release 8.4 . Researchers then came up with a new variant of the flaw that the patch doesn’t fix. Apple had fixed earlier variants of the Masque attack in iOS 8.1.3 , Anyone see a theme here. Unfortunately, […]
Continue reading → [DISPLAY_ACURAX_ICONS]According to Veracode, the government isn’t very good at fixing software flaws. In fact, of 7 vertical segments, they rank last. The financial and manufacturing sectors do best at fixing vulnerabilities. Healthcare organizations don’t do well and cloud vendors (SaaS) fail the OWASP top 10 almost 75% of the time. Given this, it is not […]
Continue reading → [DISPLAY_ACURAX_ICONS]