Swedish researchers reveal (fixable) security hole in quantum cryptography

The energy-time entanglement technology for quantum encryption studied here is based on testing the connection at the same time as the encryption key is created. Two photons are sent out at exactly the same time in different directions. At both ends of the connection is an interferometer where a small phase shift is added. This Read more about Swedish researchers reveal (fixable) security hole in quantum cryptography[…]

BadWinmail (Flash) Microsoft Outlook Bug Can Give Attackers Control Over PCs

When a user opens an Outlook email or previews the email in one of the Outlook panels, the OLE mechanism will automatically read the embedded Flash object and try to execute it, to provide a preview. Since most Flash exploits only need to be executed to work, and because there’s a flaw in the Outlook Read more about BadWinmail (Flash) Microsoft Outlook Bug Can Give Attackers Control Over PCs[…]

Database leak exposes 3.3 million Hello Kitty fans

A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery. The database houses 3.3 million accounts, and has ties to a number of other Hello Kitty portals. The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), Read more about Database leak exposes 3.3 million Hello Kitty fans[…]

Project Zero: FireEye security appliance Exploited by passing jar file through it

FireEye sell security appliances to enterprise and government customers. FireEye’s flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet. Source: Project Zero: FireEye Exploitation: Project Zero’s Vulnerability of the Beast All you need to do is send the jar Read more about Project Zero: FireEye security appliance Exploited by passing jar file through it[…]

Grub2 Authentication Bypass: press backspace 28 times

A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer. Source: Back to 28: Grub2 Authentication Read more about Grub2 Authentication Bypass: press backspace 28 times[…]

MIT Creates messaging system which becomes unsniffable through chaffing data: Vuvuzela

Vuvuzela relies on dummy traffic to hide the real connections Before it’s decided where to store its content, the message goes through different servers, which send out dummy traffic to all interconnected users. The server notifies the recipient that there’s a message for them, the user then goes to retrieve it, also passing through different Read more about MIT Creates messaging system which becomes unsniffable through chaffing data: Vuvuzela[…]

Kazakhstan may enact law to install false national security certificate on PCs – brouhaha

There is a lot of this on the internet but I’m not sure it’s true as it’s all based on something that was posted on a telcos site and removed, so all the sources link to a google cache site. It’s not clear how this would be implemented and whether users would somehow be forced Read more about Kazakhstan may enact law to install false national security certificate on PCs – brouhaha[…]

First ever EU rules on cybersecurity

Transport and energy companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity grid management, is robust enough to withstand cyber-attacks, under new rules provisionally agreed by internal market MEPs and the Luxembourg Presidency of the EU Council of Ministers on Monday. […] Read more about First ever EU rules on cybersecurity[…]

AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products

The security bug relates to the fact that the AVG antivirus creates a memory space with full RWX (read-write-execute) privileges where it normally runs. For that particular version of the AVG antivirus, this memory space was not randomized and was often shared with other applications, like, for example, Acrobat Reader or the enSilo product that Read more about AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products[…]

Epic failure of Phone House & Dutch telecom providers to protect personal data: How I could access 12+ million records #phonehousegate

A litany of unsecured portals with generic usernames, sometimes no passwords at all, personnel allowing views of unencrypted Google docs with passwords… Source: Epic failure of Phone House & Dutch telecom providers to protect personal data: How I could access 12+ million records #phonehousegate | Weblog | Sijmen Ruwhof

Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom

A hacker is releasing customer records after a bank in the United Arab Emirates refused to pay a ransom of $3 million in bitcoins. Most of the bank’s customers, however, did not learn that their data had been stolen and published online until the newspaper contacted them. Files purporting to come from the hacker, and Read more about Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom[…]

Top Programming Languages That Generate Software Vulnerabilities (Hint: PHP)

PHP continues to be one of the main sources for many security bugs With a huge fanbase and used in countless of apps and websites around the Internet, PHP is ranked the worst when it came to command injection bugs, but also came close to the top when it came to SQL injections, cross-site scripting Read more about Top Programming Languages That Generate Software Vulnerabilities (Hint: PHP)[…]

Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech

If storing the personal data of almost 5 million parents and more than 200,000 kids wasn’t bad enough, it turns out that hacked toymaker VTech also left thousands of pictures of parents and kids and a year’s worth of chat logs stored online in a way easily accessible to hackers. On Friday, Motherboard revealed that Read more about Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech[…]