Dennis Fisher and Mike Mimoso discuss Facebook’s moves toward encrypted notifications and SHA-2 usage, the audit of GitHub SSH keys and the awesome OpenSesame garage door hack from Samy Kamkar.
It’s been two years now since the first stories about NSA surveillance capabilities began to appear, and the environment has shifted dramatically in that time. Awareness of and resistance to mass surveillance has increased greatly, but the changes to policy and laws that many observers had hoped for haven’t necessarily emerged. A new report from Privacy[…]
Any human with an email address likely has gotten thousands of spam messages that look like delivery notifications, invoices, or other alleged communications from shipping companies such as UPS or DHL. They typically contain malicious attachments with exploits for a browser or plug-in vulnerability, but a researcher at the University of Cambridge has run across[…]
The latest campaign to leverage Skype – a botnet circulating adware, composed entirely of Skype users – was recently disrupted by researchers.
Tesla Motors has started a bug bounty program that will pay researchers up to $1,000 for disclosing vulnerabilities.
The developer behind Tox, a ransomware-as-a-service tool that only surfaced late last month, acknowledged he’s over his head and will sell the platform off.
It may be time to upgrade your garage door opener. Security researcher Samy Kamkar has developed a new technique that enables him to open almost any garage door that uses a fixed code–and he implemented it on a $12 child’s toy.
Privacy advocates are calling on Mozilla to better deploy Tracking Protection, a technology that offers more stringent privacy and speeds up page loads by blocking requests to tracking domains, in its Firefox browser.
Facebook has put developers on notice that as of Oct. 1, apps that do not support SHA-2 will no longer connect to its network.
A zero-day vulnerability has been disclosed in the popular Unity Web Player browser plugin. The flaw allows an attacker crossdomain access to websites and services using the victim’s credentials.