Post Thumbnail

Google's Project Zero tracks vulnerabilities in software systems and reports them to vendors "in as close to real-time as possible" -- a noble cause, no? But what happens if said vendor then fails to push a fix within the 90-day window? Microsoft just found out: Google will go ahead and publish th...

January 2nd 2015 at 10:04am 0 Comments
Post Thumbnail

A discovered vulnerability in League of Legends led Riot Games to the conclusion that it not only needed to react to such issues when they arise, but to be more proactive in discovering these weak spots in the game. To wit, the studio has implemented a bug bounty program that will reward players w...

November 21st 2014 at 7:00pm 0 Comments
Post Thumbnail

Microsoft's software isn't immune to the rash of recent web encryption exploits, it seems. The company has discovered (and thankfully, patched) a Windows flaw that lets hackers use the software's Secure Channel technology, which handles SSL and TLS encryption, to compromise PCs. If you're suscepti...

November 13th 2014 at 12:25am 0 Comments
Post Thumbnail

Typically, attacks against your WiFi router require a lengthy attempt to guess any codes and passwords. Not if you use 0xcite's new technique, however; the research firm has detailed a flaw in some router chipsets that lets hackers bypass the push-button security of WiFi Protected Setup (WPS) almo...

August 31st 2014 at 2:12am 0 Comments
Post Thumbnail

Think you're safe from spies because you're using Tails, the same Linux distribution that Edward Snowden uses to remain anonymous? Unfortunately, you'll still have to be on your guard. Security firm Exodus Intelligence has revealed that the latest version of the OS, 1.1, is vulnerable to attacks t...

July 22nd 2014 at 8:37pm 0 Comments
Post Thumbnail

The world hasn't yet recovered from the Heartbleed vulnerability in OpenSSL and now there's news of a new bug affecting the popular open-source security package. This recently announced, and already patched, exploit could allow an attacker to see and modify traffic between an OpenSSL client and an...

June 5th 2014 at 9:52pm 0 Comments
Post Thumbnail

Everyone knows the best way to teach children is to make the learning process fun and engaging; and if we're honest, that methodology works just as well on us big kids, too. Now, even hunting through code for cross-site scripting (XSS) bugs can be entertaining, thanks to a game developed by a play...

June 1st 2014 at 8:08am 0 Comments
Post Thumbnail

Apple has largely avoided the wrath of the Heartbleed security flaw, but it now appears that the company's products aren't completely immune. The crew in Cupertino just updated its most recent AirPort Extreme and Time Capsule WiFi routers to fix a Heartbleed-related vulnerability that surfaces whe...

April 22nd 2014 at 9:02pm 0 Comments
Post Thumbnail

Read our Heartbleed defense primer? Good, but the fight for your privacy isn't over just yet: you might have to replace your router, too. Cisco Systems and Juniper Networks have announced that the Heartbleed bug -- a flaw in OpenSSL that lets attackers bypass common security protocols -- has been...

April 10th 2014 at 8:49pm 0 Comments
Post Thumbnail

Don't change your password. It's strange advice to hear when the so-called Heartbleed bug is leaving databases all over the web open and exposed, but it's applicable. Yes, security has been compromised for many of your favorite websites and services (including Google, Flickr and Steam, at least in...

April 9th 2014 at 11:00pm 0 Comments