Gitrob, an open source intelligence tool, helps security analysts search Github organization repositories for files not meant for public consumption.
Tag Archives: Web Security
Encryption is Not the Enemy
David Cameron, speaking in the wake of the terror attack in Paris last week, said at an event Monday that the UK government can’t allow any form of communication that can’t be read.
How a $10 USB Charger Can Record Your Keystrokes Over the Air
Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards.
0-Days Exposed in Several Corel Applications
Researchers from Core Security have disclosed DLL hijacking vulnerabilities in several applications made by Corel Software after the vendor didn’t respond to Core’s notifications about the flaws. There are no patches available for the bugs, which can allow remote code execution. Corel sells a variety of graphics, design and video apps, including CorelDRAW, Photo-Paint and […]
Google Passes on Older Android Patches; 930 Million Devices Vulnerable
Google has decided that it will no longer provide Webview patches for Android systems running Jelly Bean 4.3, or older, putting the onus on OEMs and the open source security community to provide patches to users.
Certificate Transparency Moves Forward With First Independent Log
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by […]
Google Engineers Critical of Aviator Browser Security
Google security engineers have criticized the security and privacy of WhiteHat Security’s Aviator browser, after finding a remote code execution vulnerability within hours of Aviator’s release as open source.
Zappos Settles, Pays Out $106K Following Data Breach
Online retailer Zappos settled with attorneys general in nine states, stemming from a data breach in 2012 that exposed 24 million customers’ information.
Inside North Korea’s Naenara Browser
Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North […]
Root Command Execution Flaw Haunts ASUS Routers
There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well. Security researchers Joshua Drake posted an advisory on the vulnerability on Thursday, detailing the bug […]