FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could “lead us to a very, very dark place.” Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law […]
Tag Archives: Web Security
OpenSSL Releases Patch for POODLE Attack
The OpenSSL Project has released a new version of the encryption software, which patches several security flaws, including the bug that is exploited by the POODLE attack on SSLv3. The updated versions of OpenSSL come just a couple of days after a trio of researchers at Google revealed the POODLE attack, which allows an attacker to […]
Two Patched Zero Days Targeting Windows Kernel
Security firms have peeled back the layers on two zero day vulnerabilities that are currently being used in limited, targeted attacks against the Windows Kernel.
Drupal Fixes Highly Critical SQL Injection Flaw
Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution.
Browser Vendors Move to Disable SSLv3 in Wake of POODLE Attack
With details of the new POODLE attack on SSLv3 now public, browser vendors are in the process of planning how they’re going to address the issue in their products in a way that doesn’t break the Internet for millions of users but still provides protection. The attack, which was disclosed by a trio of Google […]
Java Reflection API Woes Resurface in Latest Oracle Patches
Oracle’s Critical Patch update addresses 154 vulnerabilities, many of which are remotely exploitable. Security Explorations of Poland, meanwhile, published details on a number of Java flaws in the Java Reflection API.
New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue
A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and CRIME, and can enable an attacker to retrieve a supposedly secure cookie […]
Fixes for IE, Flash Player in October Patch Tuesday Release
Microsoft posted eight bulletins for Patch Tuesday, three of which are considered critical including a cumulative Internet Explorer update, while Adobe has fixes for Flash Player and ColdFusion.
Dropbox Denies Hack, Says ‘Your Stuff is Safe’
Dropbox officials on Monday said that a large cache of usernames and passwords posted online and alleged to have come from the company’s users are not related to Dropbox customer accounts. A spate of media reports reported yesterday that attackers had stolen several million sets of credentials from Dropbox and posted them online. The claim of […]
EFF Launches New Anti-Surveillance Site
The EFF has launched a new site dedicated to educating users about how to resist pervasive surveillance online, through the promotion of encryption and other tools and the publication of first-person stories from people around the world who have fought surveillance in various ways. The new site, I Fight Surveillance, is designed to bring attention […]