Items tagged with security

The developers behind the uber-popular Plex media center software have revealed that their databases have been breached, and of course, that means just one thing: you might have a password or two to change. In an email sent to affected users, Plex developers note that only its forum and blog were compromised, and that no financial information is at risk, as that's located on external servers. That doesn't mean that this should be taken too lightly, though, as those who managed to break into the server got away with IP addresses, email addresses, encrypted (hashed + salted) passwords, and perhaps... Read more...
Microsoft's Windows 10 Mobile looks to be a tremendous upgrade over the previous version (the same could be said about the desktop versions as well), and features like "Wi-Fi Sense" could help set it apart from the rest. But, as cool as the feature is, it could become a breeding ground for exploitation. Wi-Fi Sense is a feature of Windows Phone 8.1, and soon Windows 10 Mobile, that allows people to connect to certain networks without effort. It works by tapping into an existing connection to a network that a friend nearby already has access to. By simply being... Read more...
A new device from an MIT alumnus will soon be helping police assess dangerous situations from a safe distance. The softball-sized explorer triggers its six cameras when tossed into a room. It then sends the images back to police, where they are rapidly stitched into a panoramic image for tactical assessment. The alumnus’ new company, Bounce, is gearing up to launch the Explorer for both police and rescue services. Image credit: MIT The Explorer was initially designed in response to the earthquake in Haiti in 2010, after which rescuers had difficulty locating survivors trapped in the rubble. “I... Read more...
Maybe someday the Chinese government will take a page from O.J. Simpson and write a book titled, "If I Did It: Confessions of a Hacker." After all, China is clinging to the innocence card just as adamantly as Simpson, never mind any evidence to the contrary. In fact, not only is the Chinese government saying it's not responsible for a massive security breach that compromised the personal information of millions of U.S. federal employees, but it claims that the accusations are the result of "absurd logic."The security breach was discovered in April, but actually began back in December of last year.... Read more...
Researchers at Tel Aviv University have developed a tool for stealing decryption keys from laptops. What sets the tool apart from other hacking tools is that it is untethered: it doesn’t need to connect to the target laptop (nor a hacker’s laptop) to operate. And, it’s small. As researchers point out, it could even be hidden in pita bread. The Portable Instrument for Trace Acquisition (PITA) makes use of inexpensive equipment and can breach ElGamal and RSA encryptions, according to the researchers. They build the PITA with software defined radio (SDR) USB dongle and a similar device with a standard... Read more...
Windows XP enjoyed a nice, long run, but after over a decade of faithful service, Microsoft finally pulled the plug on the legacy operating system and discontinued support in April of last year. All but the most diehard fans have since moved on, though it's still installed on more desktops than Windows 8.1, and on almost as many as Windows 8.1 and Windows 8 combined. You can count the U.S. Navy's system among them. According to a contract page at the U.S. Department of Defense, the Navy opted to pay Microsoft over $9.1 million dollars to continue offering custom support services... Read more...
Adobe's Flash Player has more holes than Swiss cheese, only Swiss cheese doesn't leave you vulnerable to hacker attacks. Flash Player often does, and yet again, there's a zero-day exploit that could allow an attacker to take control of an affected system. The discovered vulnerability and its severity has led to Adobe releasing an out-of-band security patch. This latest zero-day annoyance affects Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh, Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macs, and Flash Player 11.2.202.466... Read more...
If the state of the US government's security wasn't appalling before, it sure should be now. Earlier this month, we reported on a breach of government systems that saw the information of four million current and prior government employees get taken by a third-party -- a third-party that was highly believed to be China. Well, now it seems certain. As we learned before, that breach was discovered in April, but we now know that it began in December. That means that the attackers -- the Chinese -- had a free-for-all with this personal data for four months. According to... Read more...
Following reports that 600 million Samsung phones are vulnerable to a security flaw that could allow an attacker to remotely execute code as a privileged/system user, the South Korean handset maker said a fix is on the way. Samsung also downplayed the severity of the situation, saying that the exploit "requires a very specific set of conditions" in order for hackers to do any harm.The vulnerability exists in the pre-installed keyboard on millions of Samsung phones, including the company's flagship Galaxy S6. It's a customized version of SwiftKey that Samsung includes on its devices. Unfortunately,... Read more...
If you didn't know what HTTPS was two-years-ago, chances are you're familiar with it now. Ever since Edward Snowden blew the whistle on NSA spying, the world has gradually been improving its efforts to to protect its data - either at the user or government level. Last fall, Google said that it was going to begin preferring websites that use HTTPS, and if there was any doubt that HTTPS was important, even the US government has made it clear that its own websites need to have secure connections across the board. It looks like social site reddit is... Read more...
Major League Baseball has worked hard to improve its image and move on from the so-called steroids era, a period in baseball where many records were broken by players who were later found to have been doping up and using human growth hormones. But the latest scandal takes an unexpected and perhaps unprecedented twist into the field of cyber espionage. The Federal Bureau of Investigation (FBI) and Justice Department are currently investigating the St. Louis Cardinals for allegedly hacking internal networks belonging to the Houston Astros. Law enforcement officials are said to have uncovered evidence... Read more...
"Xara" might sound like a cool name for an exploit, but according to researchers at three different US universities, it's one that should cause some alarm. At its root, if Xara is properly exploited, attackers would be able to procure passwords stored in OS X's Keychain, which could be used for most or all of someone's applications. Specific details are not covered, but it seems that if an app is installed on OS X that takes advantage of this exploit, it can take control of the stored passwords, and other information that might be present (eg: the login username itself). Examples given are hijacking... Read more...
The pre-installed keyboard found on more than 600 million Samsung mobile devices has a vulnerability that could allow an attacker to remotely execute code as a privileged/system user. Ryan Welton, a researcher with mobile security firm NowSecure, discovered the flaw and gave Samsung a heads up back in December of last year.NowSecure also felt that the vulnerability was serious enough to warrant notifying CERT, which in turn contacted Google's security team for Android. To Samsung's credit, it whipped up a patch and provided it to wireless carriers in early 2015, but it's not known if the carriers... Read more...
Microsoft this week announced that web searches made using the company's Bing search engine will soon be encrypted by default. In actuality, users have been able to encrypt searches made via Bing for around a year and a half now, though sometime before summer comes to an end, it will be a standard option for all users. The move will level the playing field with Google and Yahoo, both of which already offer encrypted searches by default. Of course, the bodies at Microsoft still need to eat and so the company will conintue to pass along referrer strings to marketers and webmasters that identify traffic... Read more...
1 2 3 4 5 Next ... Last