Amazon Web Services is actively searching a number of sources, including code repositories and application stores, looking for exposed credentials that could put users’ accounts and services at risk.
Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed over two dozen issues with the company’s Java Cloud Service platform.
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the paper he co-authored on the Extended Random extension for Dual EC DRBG and whether it could be considered a backdoor.
Apple has updated its Safari browser, dropping a pile of security fixes that patch more than 25 vulnerabilities in the WebKit framework.
Sell Hack’s controversial browser plug-in no longer works on LinkedIn pages and all publicly processed data the plug-in collected has been deleted.
The NSA searches the data it collects incidentally on Americans, including phone calls and emails, during the course of terrorism investigations.
Surveillance DVRs infected with Bitcoin mining malware scanning for network attached storage devices on port 5000.
The addition of the Extended Random extension to RSA BSAFE made it trivial to crack the Dual EC random number generator, researchers said.
When the venerable Full Disclosure security mailing list shut down abruptly last month, many in the security community were surprised. But a lot of people, even those who had been members of the list for a long time, greeted the news with a shrug. Twitter, blogs and other outlets had obviated the need for mailing[...]
Academics are expected to release a study this week that demonstrates how the NSA used a second cryptographic tool in RSA BSafe crypto libraries called Extended Random to facilitate its spying efforts.