Nearly six months after first introducing two-step verification for its Gmail service, Google has expanded the security feature to users outside the English-speaking world, opening it up to people in more than 150 countries.
Browsing Tag: vulnerabilities
If you think your car is safe and secure sitting in your driveway at night with its fancy alarm system enabled, Don Bailey has some bad news for you: he can unlock it and turn it on. Whenever he wants. From the other side of the country.
Apple has released another new version of its iOS operating system for iPhones and other devices that fixes a security vulnerability in the way that the software handled SSL certificates and validated their authenticity. An attacker exploiting the bug might be able to intercept SSL traffic, Apple warned.
Microsoft’s Vulnerability Research team is keeping itself busy finding bugs in other vendors’ products, with the two latest being a vulnerability in Google’s Picasa photo editing and sharing application and a bug in Facebook that could lead to the compromise of a victim’s account.
Oracle on Tuesday will issue fixes for 78 vulnerabilities in a number of the company’s products, including its Database Server, Fusion, PeopleSoft and Secure Backup. A number of the bugs Oracle is fixing can be used for remote code execution.
If the events of the last few months have served any purpose, it’s to illustrate once again that security is broken. This isn’t a new sentiment and few of the problems plaguing users and enterprises today are new, either. In this video, longtime security consultant and writer Rik Farrow outlines the missteps that got us into this situation and what can be done to alleviate it. Oh, and this talk was created in 2006.
MALAGA, SPAIN–While the high-profile attacks against RSA, Google and others over the last couple of years has focused a lot of attention on defending against advanced, targeted attacks, the fact remains that most attackers are in fact relying on crimeware packs loaded with commodity exploits for older vulnerabilities that have no trouble bypassing the security systems deployed at the vast majority of enterprises today.
The team behind the Metasploit Project is launching its own version of a bug bounty program: cash payouts for working exploits. The group is hoping to get explit code for as many of its top 30 vulnerabilities as possible before the program expires later this summer.
The Department of Commerce’s Internet Policy Task Force released a proposal Wednesday calling for a voluntary code of conduct for companies that do business online.
The media storm over the Stuxnet worm may have passed, but many of the software holes that were used by the worm remain unpatched and leave Siemens customers open to a wide range of potentially damaging cyber attacks, according to industrial control system expert Ralph Langner.