Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the company’s stated position from just a few months ago, but it may not have[…]
Latest posts
Government Report Critical of FAA Security Controls
Categories: Critical Infrastructure, Government, Vulnerabilities
A GAO report takes the Federal Aviation Administration to the woodshed over its sub-par information security controls and policies.
Signal 2.0 Brings Encrypted Messaging to iPhone
Categories: Apple, Cryptography, Mobile Security
Signal 2.0 is available from Open WhisperSystems, and brings encrypted messaging to the iPhone.
D-Link Routers Haunted by Remote Command Injection Bug
Categories: Vulnerabilities, Web Security
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it.[…]
Older Keen Team Use-After-Free IE Exploit Added to Angler Exploit Kit
Categories: Malware, Microsoft, Vulnerabilities, Web Security
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft’s Internet Explorer browser.
