Oh great, as if it wasn't bothersome enough knowing that all our online communications are susceptible to government spying with very little we can do about it, now we've come to find out that just by having a USB port, there exists a pretty serious security risk every time we plug in a compatible peripheral. The problem is that virtually any of the millions of USB devices out there can be reprogrammed for malicious purposes, and there doesn't appear to be much we can do about it.
An effort is currently underway to switch Google Chrome over to BoringSSL, an OpenSSL fork the search engine giant announced last month. Weaning the world’s most popular browser off of the two cryptographic software libraries it currently uses (OpenSSL on Android and Mozilla NSS on all other platforms) is proving somewhat difficult at this early stage, though.
Country came close to outlawing anonymizing software last year
The Russian Ministry of Internal Affairs (MVD) recently floated a tender inviting bids for help with “obtaining technical information” about users of Tor, the increasingly popular anonymizing network. Bidding ends on August 13, 2014 and the ministry hopes to announce the winner of the 3.9 million ruble contract ($111,000) a week later on August 20.
Perhaps one day you won't need a password to log into your accounts
Everyone knows you're not supposed to use the same password for multiple websites and services. If you follow that advice right down to the letter, then you're juggling numerous passwords, depending on how many banking sites, forums, auction portals, and everything else you're signed up for. It's a pain, and perhaps an unnecessary one -- device-based authentication could render passwords a thing of the past.
Over 86 percent of all Android devices remain vulnerable
The flagrant fragmentation that has come to be associated with Android is once again in focus, with IBM Security researchers shedding light on a major vulnerability (CVE-2014-3100) affecting the all-important Android KeyStore service, which is used for storing cryptographic keys and other sensitive credentials. Although the said vulnerability has been fixed in the latest version of the operating system (Android Kitkat 4.4), the problem is that the vast majority of Android users don’t have the latest version.
iPhone thefts are down as a result of kill switch technology in iOS 7
One of the debates in the mobile phone industry is whether or not so-called kill switches can actually reduce smartphone theft. Well, early indications suggest that they do. Authorities in New York and San Francisco -- two locations where smartphone theft is a growing epidemic -- say they've seen a drop in iPhone robberies since Apple implemented its Activation Lock feature in iOS 7.
"[Microsoft] should try and kill this beast!" - F-Secure on Windows XP
It's not cockroaches that would survive a nuclear war, but Windows XP, the legacy operating system that simply refuses to give up the ghost. Officially, Microsoft ended support for XP back in April, but companies still have the option of paying for continued security updates. Security firm F-Secure isn't real pleased with Microsoft's handling of XP or the fact that so many businesses and users are still running the OS.
Even after applying a Heartbleed patch, many websites are still vulnerable
Heartbleed received a ton of media attention, and for good reason -- the security flaw in OpenSSL caught the Internet with its collective pants down, which in turn prompted website owners, IT workers, and web admins to all go scrambling for a fix. Now that there's a patch available, are we once again safe? Not really, says AVG, According to AVG, thousands of popular websites need to update their servers to stay protected from a new vulnerability.
You don't have to be a seasoned hacker to break into an ATM, nor do you need to play with explosives or take other extreme measures. In some cases, thwarting an ATM's security is as easy as reading the flipping manual. That's what a pair of 9th grade students in Canada did. Matthew Hewlett and Caleb Turon, both 14 years old, 'hacked' an ATM by looking up the unit's user manual online.
Registry hack for Windows XP catches Microsoft's attention
Microsoft finally and officially ended support for Windows XP back in April, though not without throwing XP users a bone in the form of one last out-of-cycle security patch for a pretty serious vulnerability affecting most versions of Internet Explorer. However, that was a one-time thing, and now XP users are left out in the cold. Or are they? A registry hack that allows Windows XP to continue to receive security updates is making the rounds, and it's caught the attention of Microsoft.