Attack Can Steal Keystrokes From Hundreds of Feet Away
Wireless keyboards from several top manufacturers, including HP, Kensington, and Toshiba, are susceptible to an attack that allows anyone within range to eavesdrop and record every keystroke made on the devices. The vulnerability is a result of the manufacturers failing to implement encryption between the keyboard and the computer, and it allows an attacker to intercept […]
NIST Plans to Drop SMS for Two-Factor Authentication
UPDATED–The move toward two-factor authentication and two-step verification for high-value services has been a positive one for user security, but many of those services use SMS as the channel for the second step in the authentication process, a method that the United States government is preparing to recommend against using. The National Institute of Standards and Technology […]
Peering Into the iPhone’s Security With an Introspection Engine
A new hardware device that’s in development promises to alert users when their phones are transmitting data without their knowledge, but some security researchers say the device looks like an overly complicated solution to a limited problem. Reporters often are targets of surveillance, both overt and covert, and that means that their laptops and phones are […]
Auto Group Pushes Best Practices for Vehicle Security
An auto industry group has released a set of best practices to help manufacturers design and build more secure vehicles. The document focuses on broad concepts, such as risk assessment and threat detection, rather than specific guidance. The release of the best practices by the Auto-ISAC comes at a time when security researchers are shining a […]
FCC Pressures Carriers to Block Robocalls
The FCC is putting new pressure on both wireless carriers and traditional phone companies to give customers technology to block unwanted robocalls. FCC Chairman Tom Wheeler has told the carriers that they need to give their customers the option to block robocalls, which have become the largest source of complaints that the commission receives. The FCC […]
PayPal, Visa Partner for Improved Payment Security
PayPal is forming a new partnership with Visa for digital payments, a deal that will allow consumers to use their Visa cards as easily as PayPal in electronic transactions. The new agreement will see PayPal avoiding ACH transactions in some cases, a significant change for the company, which historically has used the network. The ACH […]
HHS Issues Vague Guidance on Ransomware and HIPAA Disclosures
The federal government has issued new guidelines for dealing with ransomware attacks under the HIPAA law, but the document still leaves a lot of grey area that could lead to questions about what is or isn’t considered a breach. The new guidance comes as ransomware attacks have grown from a nuisance to a looming menace […]
Researchers, EFF Sue US Government Over DMCA Restrictions
A top hardware hacker and a well-known academic security researcher are suing the United States federal government over section 1201 of the controversial Digital Millennium Copyright Act, which he claims “chills protected and noninfringing speech”. The suit, filed by hardware researcher Andrew Huang, cryptographer Matthew Green, and the EFF, challenges the legality of a specific position […]
Apple Patches Code Execution Flaws in iOS
Apple has fixed a series of high-risk vulnerabilities in iOS, including three that could lead to remote code execution, with the release of iOS 9.3.3. One of those code-execution vulnerabilities lies in the way that iOS handles TIFF files in various applications. Researchers at Cisco’s TALOS team, who discovered the flaw, said that the vulnerability has a […]