PINDROP BLOG

Category: Device Security

September 26, 2016
OpenSSL Fixes Critical Bug Introduced in Patch Last Week
Four days after releasing a new version that fixed several security problems, the OpenSSL maintainers have rushed out another version that patches a vulnerability introduced in version 1.1.0a on Sept. 22. Last week, OpenSSL patched 14 security flaws in various versions of the software, which is the most widely used toolkit for implementing TLS. One of…
Read More →
September 20, 2016
‘The Horse is Out of the Barn’ on Government Control of Encryption
Controlling the development and deployment of strong encryption may have once been a possibility for intelligence and law enforcement agencies, but those days have passed and will not return, current and former U.S. intelligence officials said Tuesday. The current version of the encryption debate has much to do with the desire of law enforcement agencies and…
Read More →
September 20, 2016
Hackers Activate Tesla’s Brakes From Miles Away
The amount of technology packed into modern cars is kind of amazing. Just a few years ago, the most advanced thing in most vehicles was the cell phone in the user’s pocket. Now, many cars have computer-controlled engines, brakes, entertainment systems, and communications. Cool. The downside of this revolution is that some of these systems can…
Read More →
September 19, 2016
Experts Question Legality of Government Hacking
The emergence into the public consciousness of government hacking techniques and activities in recent years has sparked an increasingly loud debate over how and when law enforcement agencies should be allowed to employ these tactics. But that conversation ignores the fact that these techniques may not actually be legal, experts say. Law enforcement agencies, especially the…
Read More →
September 19, 2016
Cisco Warns of Second Firewall Bug Exposed by Shadow Brokers
Cisco is scrambling to patch another vulnerability in many of its products that was exposed as part of the Shadow Brokers dump last month. The latest vulnerability affects many different products, including all of the Cisco PIX firewalls. The latest weakness lies in the code that Cisco’s IOS operating system uses to process IKEv1 packets.…
Read More →
September 16, 2016
The FBI Wants Your Ransomware Infection Story
As ransomware infections have spread through enterprise networks and infected millions of consumer devices, security experts and law enforcement officials have continued to search for answers. Now, the FBI is asking for victims who have been infected to come forward and detail their issues as a way for the agency to get a better understanding of…
Read More →
September 15, 2016
Researcher Bypasses iOS Passcode Limit With NAND Mirroring
Using easily available and inexpensive parts, a security researcher has been able to bypass the passcode retry restrictions on an iPhone 5C through hardware mirroring of the NAND memory. The researcher’s technique involved several steps and quite a bit of patience and work, but eventually Sergei Skorobogatov of the University of Cambridge in the UK was able…
Read More →
September 15, 2016
Ash Carter: Government Isn’t Going to Invent a Solution to Crypto Problem
As government leaders and technologists continue to butt heads over the use of strong encryption, the  top defense official in the United States said he supports users’ rights to employ the technology and does not thing the government will come up with a magic answer to the crypto problem. Speaking at the TechCrunch Disrupt conference this…
Read More →
September 14, 2016
Years After Disclosure, Apple Was Still Sending Updates Over HTTP
With the release of iOS 10 on Tuesday, Apple made a number of significant changes to the mobile operating system. The most attention-grabbing security upgrade is the move to push software updates over an encrypted connection, a fix that is more than two years in the making. In 2014, researcher Raul Siles of DinoSec discovered that an…
Read More →
September 13, 2016
Apple Moves to HTTPS for Updates With iOS 10
Apple has fixed seven security vulnerabilities with the release of iOS 10, none of which involve arbitrary code execution. The new release is a major overhaul for iOS and the biggest security change is that Apple now performs software updates over HTTPS. The most interesting vulnerability patched in iOS 10 is one that an attacker could…
Read More →