OpenSSL Patches Five Flaws, Adds Protection Against Logjam Attack
The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software.
Dennis Fisher
About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Apple Moving to 2FA, Six-Digit Passcodes in iOS 9
In the forthcoming iOS 9.0 release, Apple is adding two-factor authentication and a number of other security features.
Congress Looking Into Restricting Power of Government-Owned CAs
UPDATE–As the debate over potential government interference with encryption technologies rages in countries around the world, Congress is now going down a different path, asking technology companies whether it’s feasible and potentially effective for certificate authorities to restricting the way that government-owned CAs can issue certificates. Members of the House Committee on Energy and Commerce […]
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims, including some related to the Iran nuclear talks […]
Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. The move is yet one more sign that major Internet and technology companies are becoming ever more resistant to large-scale, passive surveillance […]
Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all of their publicly accessible Web sites […]
In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to call the pump “the least secure IP enabled device I’ve ever touched in my life.” As it turns out, those same vulnerabilities exist in many of Hospira’s […]
UPDATE–Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher named Maxim Rupp has discovered a cross-sire request forgery vulnerability in the operating […]
Dennis Fisher and Mike Mimoso discuss Facebook’s moves toward encrypted notifications and SHA-2 usage, the audit of GitHub SSH keys and the awesome OpenSesame garage door hack from Samy Kamkar.
It’s been two years now since the first stories about NSA surveillance capabilities began to appear, and the environment has shifted dramatically in that time. Awareness of and resistance to mass surveillance has increased greatly, but the changes to policy and laws that many observers had hoped for haven’t necessarily emerged. A new report from Privacy […]
