Dennis Fisher and Mike Mimoso look back on the news from the last week in Las Vegas at Black Hat and DEF CON, including the Blackphone rooting, the Computrace research and the more upbeat mood at the conferences this year.
Browsing Tag: vulnerabilities
There’s a remotely exploitable authentication bypass vulnerability in the BlackBerry Z10 phone that affects the service that lets users share files with machines on a wireless network. The bug could allow an attacker to steal users’ personal data or hit them with targeted malware.
Vulnerabilities in the secure Blackphone reported during DEF CON require unusual circumstances to exploit.
LAS VEGAS–Mobile broadband modems can be a great alternative if you can’t find a WiFi network or don’t trust the ones you can find. But many of the models sold by the major manufacturers contain bugs and functionality that a remote attacker can exploit without much difficulty. Much of the market for these devices is[...]
A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The eBay and[...]
A remote code execution vulnerability has been patched in Samba, open source software that enables file and print server interoperability for Windows clients with Linux and UNIX servers.
A talk at Black Hat will expose security weaknesses introduced by multipath TCP, extensions to TCP that bring resilience and efficiency to networking.
Tor is warning users of its hidden services to upgrade relays after attackers were discovered on the network trying to deanonymize users.
The informational systems that the National Oceanic and Atmospheric Administration (NOAA) runs are fraught with vulnerabilities and what the U.S. Department of Commerce deem “significant security deficiencies.”
Georgia Tech Research Institute has released an open source threat intelligence gathering tool called BlackForest that automates attack-data mining.