Apple Fixes Three iOS Zero Days Used in Targeted Attack
Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix […]
Lieu Presses FCC to Speed Up Investigation Into SS7 Flaw
The FCC is four months into its investigation into security issues with the SS7 phone protocol, and a key member of Congress is pushing for the commission to speed up its work and also to brief lawmakers on what the probe has found so far. In letter sent to FCC Chairman Thomas Wheeler earlier this […]
On the Wire Podcast: Jon Oberheide and Mikhail Davidov
It’s not often that we get to talk to someone who has launched something into space, but this week we had the chance to speak to Mikhail Davidov and Jon Oberheide of Duo Security about the company’s Duo in Space project. Using a large latex balloon, the company launched a small-ish device into near space […]
New Sweet32 Attack Hits Blowfish, 3DES
Researchers have developed a practical, relatively fast attack on 64-bit block ciphers that can allow attackers to recover authentication cookies as well as other credentials from some HTTPS-protected sessions. The attack, known as SWEET32, specifically affected TripleDES and Blowfish, two of the more popular such ciphers, and their implementations in TLS and the OpenVPN protocols. […]
Google to Punish the Use of Some Interstitials on Mobile Sites
Google is making a significant change to the way that it handles page ranking for mobile sites in an effort to discourage site owners from throwing up intrusive interstitials such as ads and newsletter signup dialogs before users can view a site. The change involves the way that Google will rank mobile sites that use […]
Snowden’s Long Shadow Darkens NSA’s Reputation
The massive data dump by the Shadow Brokers has become a kind of fun house mirror for the security industry. People come at it with all of their suppositions, biases, and baggage, and walk away with a distorted view of what’s actually there and what it means. There are nearly as many opinions on what […]
Google to Update Android Nougat Quarterly
As Google begins rolling out the next version of Android, called Nougat, to users this week, the company already is planning a new strategy for providing updates to the operating system more frequently. Traditionally, Google has updated Android essentially once a year, putting a new major release about every 12 months. But as the mobile […]
Critical RNG Flaw Fixed in GnuPG
Researchers have uncovered a critical vulnerability in the GnuPG and Libgcrypt encryption apps that has been around since 1998 and allows an attacker to predict output from the software’s random number generator under some conditions. The vulnerability was discovered by a team from Karlsruhe Institute of Technology in Germany, and the people behind the GnuPG […]
Juniper Investigating NetScreen Exploit
Following Cisco’s lead, Juniper is now investigating the effects of the Shadow Brokers release on its products, specifically an exploit that affects the company’s NetScreen firewalls. The dump of tools, exploits, and data stolen from a hacking team called the Equation Group–which is believed to be affiliated with the NSA–included a number of exploits for […]