Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).
Monthly Archives: March 2017
WhatsApp, message encryption and national security
Is Whatsapp the perfect communication channel for terrorists?
The devastating terrorist attack that took place in London last week has brought grief to the UK and the rest of the world. The police that investigation into the incident has raised a number of questions, that could have far-reaching consequences.
WhatsApp and messaging encryption hits the headlines
The discovery that terrorist Khalid Masood had been using the messaging app WhatsApp shortly before the attack presents police with a problem. WhatsApp uses a technology called end-to-end encryption to encode text messages.
This encryption is intended to protect messages from being intercepted by hackers and cybercriminals. If a text is intercepted, it cannot be read without the decryption key – and only the authorised sender has that key. The text is completely garbage without decryption.
Unfortunately this also means that legal investigators cannot access those texts either – the data is completely inaccessible without access to Masood’s phone. Which means that the police may be missing vital evidence of other terrorist activities because the texts are encrypted.
UK government criticises encryption
Speaking in the media, UK Home Secretary Amber Rudd has criticised the use of end-to-end encryption, calling it “completely unacceptable”. She even went as far as suggesting that these encrypted messaging apps are “places for terrorists to hide”.
Ms Rudd’s main concern is that traditional surveillance techniques used to prevent terrorism and crime simply do not work in the age of complex encryption. As such, police and intelligence services are limited in what they can do to keep people safe.
A difficult issue globally
The London terror attack is not the first time security services have run into problems. The FBI has run into similar problems in the US too, unable to access encrypted smartphones belonging to criminals.
Service providers like Apple, Google and Facebook have complied with requests to access data in the past, but in the case of WhatsApp, they remain powerless to act. All encryption keys are specific to the phone owner – services providers like WhatsApp do not store copies, so even they cannot read messages.
Clearly there is no easy answer
.
For the majority of people, encryption is a vital tool to protecting their sensitive personal data. However criminals will exploit that anonymity – placing lives in danger in the process.
In future we may see WhatsApp and other messaging providers being forced by governments to create a “backdoor” in their apps that allows for proper surveillance. Although useful for the intelligence services, this approach could also be exploited by hackers, immediately weakening security of law-abiding citizens too.
How this situation will be resolved remains to be seen. But it could be that your favourite messaging app will undergo major changes security-wise in the near future.
The post WhatsApp, message encryption and national security appeared first on Panda Security Mediacenter.
Murder she beeped
Alexa and the water meter head to court in a hot murder case.
The post Murder she beeped appeared first on Avira Blog.
Use Secure VPNs (Lifetime Subscription) to Prevent ISPs From Spying On You
Data Privacy is a serious concern today with the vast availability of personal data over the Internet – a digital universe where websites collect your personal information and sell them to advertisers for dollars, and where hackers can easily steal your data from the ill-equipped.
If this wasn’t enough, US Senate voted last week to eliminate privacy rules that would have forced ISPs to get
Internet-Connected Medical Washer-Disinfector Found Vulnerable to Hacking
Internet-of-Things devices are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices.
There are, of course, some really good reasons to connect certain devices to the Internet. For example, remotely switching on your A/C a few minutes before you enter your home, instead of leaving it blasting all day.
But does
How to configure WinDbg for kernel debugging
In this post, Matías Porolli looks at how to configure an environment with WinDbg and virtual machines in order to debug drivers or code running in Windows kernel space.
The post How to configure WinDbg for kernel debugging appeared first on WeLiveSecurity
firebird-2.5.7.27050.0-1.fc24
update to 2.5.7
Kaspersky Lab North America Sponsors Woburn Elementary School’s Freedom Trail® Scholars Program Visit
Kaspersky Lab North America will sponsor Shamrock Elementary School’s fifth grade students as they participate in the Freedom Trail® Foundation Scholars Program.
Bugtraq: [SECURITY] [DSA 3817-1] jbig2dec security update
[SECURITY] [DSA 3817-1] jbig2dec security update
Microsoft Windows iSNS Server Memory Corruption (MS17-012: CVE-2017-0104)
A memory corruption vulnerability exist in Windows iSNS Server. The vulnerability is due to incorrect input validation of malformed attribute in iSNS packet. A remote attacker can exploit this vulnerability to execute arbitrary code on the server.