security

Information security is always one of those topics that is hard to report on, especially with the sheer number of devices available today. The problem lies in what is dangerous, what is bad, or what is no-big-deal. Frankly, opinions vary on the risks and threats involved.

One neat feature in Windows Phone is the ability to select text and hit the Search key. The Windows Phone OS copies the information over to Bing (or Cortana), and it lets you search without having to copy/paste the selection. It is super useful and certainly convenient for speedy searches.

However, there does seem to be one instance where this feature works where it should not: password fields.

More →
4
124
80
0

Update: A new report in The Intercept claims that Gemalto is drastically downplaying the effects of this attack. In the report, several security researchers came to the conclusion that "the company made sweeping, overly-optimistic statements about the security and stability of Gemalto's networks, and dramatically underplayed the significance of the NSA-GCHQ targeting of the company and its employees."

Original story: Digital security vendor Gemalto revealed its findings today following last week's report of an incursion by the NSA and the GCHQ into the vendor's SIM card encryption keys. While Gemalto noted that an operation by NSA and GCHQ "probably happened" in 2010 and 2011, the intrusion could not have resulted in a "massive theft" of SIM card encryption keys as the breach affected the company's office network and not its secure networks.

More →
47
78
58
0

Lenovo has just released an automatic removal tool for the Superfish software it pre-installed on some of its notebooks in 2014. This follows a manual procedure that the company detailed yesterday, and an update to Microsoft's Windows Defender from this morning that will also remove the software and its root certificate.

More →
3
72
45
0

According to new documents leaked by Edward Snowden, the NSA and its UK counterpart, Government Communications Headquarters (GCHQ), hacked into the computers of Gemalto, a company that manufactures SIM cards for a large number of carriers around the world. In doing so, the intelligence agencies acquired encryption keys that would allow them to intercept communications from customers of all four major U.S. carriers, along with 450 others around the world.

More →
287
234
95
0

After having outed a vulnerability in Windows a few weeks ago, Google is at it again. This time a Google security researcher detailed another vulnerability in in both Windows 8.1 and Windows 7. Similar to the exploit that Google previously detailed, this vulnerability could allow a user to impersonate another ID, allowing encryption and decryption of data he or she otherwise wouldn't have access to.

More →
1
230
82
0

An unpatched vulnerability in Windows 8.1 has been disclosed on Google Security Research. The issue was subject to a 90-day automatic disclosure policy, meaning the existence of the vulnerability is published after 90 days without a broadly available patch for the issue. The issue allows for privilege elevation in ahcache.sys/NtApphelpCacheControl.

More →
1
152
64
0

T-Mobile US is quietly upgrading the security of their older 2G network, moving to more advanced encryption that prevents eavedropping. The new, more secure network has already been deployed in at least three locations, New York, Washington, and Boulder, Colorado. The T-Mobile 2G network has previously relied on older A5/1 encryption, with the new security standard known as A5/3.

More →
52
59
29
0

Earlier today, a thread surfaced on Reddit offering up 400 Dropbox usernames and passwords in plain text, with a note that over seven million accounts have been compromised in total. Dropbox has since announced on its blog that it wasn't hacked, and that the leaked passwords were stolen from a third party service.

More →
264
0
0
0

Another day, another apocalyptic prognostication of computer security doom, this time focusing on the omnipresent USB connection. It's called 'BadUSB', and it's a malware proof-of-concept created by security researchers Karsten Nohl and Jakob Lell that exploits a flaw in and resides in the firmware that controls the basic function of USB devices. The researchers claim that it's not a problem that can be patched, saying that they're "exploiting the very way that USB is designed," but in the end all they've done is highlight that you shouldn't go around plugging USB drives, devices, or whatnot that you don't trust into your computer.

More →
-
-
-
-

Microsoft has issued a security advisory that affects users of all currently supported versions of Windows, including Windows 8, Windows Phone, and Windows RT. Though no immediate action may be required from the user on select platforms, it is important to know what is happening as it relates to the improper issuance of SSL certificates, which Microsoft says "could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks."

More →
7
1
0
0

The UK government is looking to reinforce powers of security services to require internet and phone providers to maintain records of customer email and calls. Emergency laws are to be introduced into the Commons next Monday, following private talks and gaining support of both Labour and the Liberal Democrats on the basis that there will be new board to oversee the functioning of new powers. The move is an effort to continue protecting UK citizens from external threats.

More →
35
0
0
0

1Password is a solid solution for those who require apps to store randomized passwords. Agile Bits, the development house behind the service and apps, have announced version 4.0 for Windows on their blog. Sporting rather old and basic apps for both Windows Phone and Windows, this is welcomed news as what's contained in the release is a bunch of revamped features.

More →
3
0
0
0

Pages