Post Thumbnail

A team of cryptographers have discovered that a security flaw from way back in the '90s still leaves users today vulnerable to cyberattacks. They've dubbed it "Factoring attack on RSA-EXPORT Key" or FREAK, and it renders everyone who uses Safari on Mac and iOS devices or Android's stock browser su...

March 4th 2015 at 6:11am 0 Comments
Post Thumbnail

Google's Project Zero is supposed to goad companies into patching software security flaws before they pose a threat, but that's not exactly how the effort has panned out. As Apple and Microsoft will tell you, the strict 90-day disclosure deadline sometimes leaves developers scrambling to finish pa...

February 15th 2015 at 4:59pm 0 Comments
Post Thumbnail

Microsoft isn't the only big tech firm grappling with surprise security flaw disclosures these days. Google's Project Zero security unit revealed at least two unpatched vulnerabilities in OS X (Yosemite appears to have mitigated a third) that theoretically help attackers take control of your Mac....

January 23rd 2015 at 3:33pm 0 Comments
Post Thumbnail

Over the years we've seen our fair share of security breaches and loopholes, but rarely do they take the companies involved almost 17 months to patch them up. Moonpig, the online mail order greeting card service, is guilty of this particular faux-pas after an external developer noticed a severe vu...

January 6th 2015 at 5:12am 0 Comments
Post Thumbnail

Google's Project Zero tracks vulnerabilities in software systems and reports them to vendors "in as close to real-time as possible" -- a noble cause, no? But what happens if said vendor then fails to push a fix within the 90-day window? Microsoft just found out: Google will go ahead and publish th...

January 2nd 2015 at 10:04am 0 Comments
Post Thumbnail

A discovered vulnerability in League of Legends led Riot Games to the conclusion that it not only needed to react to such issues when they arise, but to be more proactive in discovering these weak spots in the game. To wit, the studio has implemented a bug bounty program that will reward players w...

November 21st 2014 at 7:00pm 0 Comments
Post Thumbnail

Microsoft's software isn't immune to the rash of recent web encryption exploits, it seems. The company has discovered (and thankfully, patched) a Windows flaw that lets hackers use the software's Secure Channel technology, which handles SSL and TLS encryption, to compromise PCs. If you're suscepti...

November 13th 2014 at 12:25am 0 Comments
Post Thumbnail

Typically, attacks against your WiFi router require a lengthy attempt to guess any codes and passwords. Not if you use 0xcite's new technique, however; the research firm has detailed a flaw in some router chipsets that lets hackers bypass the push-button security of WiFi Protected Setup (WPS) almo...

August 31st 2014 at 2:12am 0 Comments
Post Thumbnail

Think you're safe from spies because you're using Tails, the same Linux distribution that Edward Snowden uses to remain anonymous? Unfortunately, you'll still have to be on your guard. Security firm Exodus Intelligence has revealed that the latest version of the OS, 1.1, is vulnerable to attacks t...

July 22nd 2014 at 8:37pm 0 Comments
Post Thumbnail

The world hasn't yet recovered from the Heartbleed vulnerability in OpenSSL and now there's news of a new bug affecting the popular open-source security package. This recently announced, and already patched, exploit could allow an attacker to see and modify traffic between an OpenSSL client and an...

June 5th 2014 at 9:52pm 0 Comments