Apple has released another new version of its iOS operating system for iPhones and other devices that fixes a security vulnerability in the way that the software handled SSL certificates and validated their authenticity. An attacker exploiting the bug might be able to intercept SSL traffic, Apple warned.
Apple has released the newest version of its OS X operating system, dubbed Lion, and it includes a batch of new security protections that bring it up to the level of Windows and Internet Explorer. The most significant additions, experts say, is the full implementation of ASLR and a sandbox that make it much more difficult for attackers to exploit browser bugs via a drive-by download to install malware on a victim’s machine.
A group of researchers from the University of Michigan and the University of Waterloo have developed a proxy system called Telex that provides a method for users to circumvent state-level censorship of the Web. It uses an architecture that includes a proxy at the ISP level and uses connections to benign sites to disguise traffic going to censored sites. Threatpost editor Dennis Fisher spoke with J. Alex Halderman, one of the creators of the system, about its potential, its limits and what remains to be done before it can be deployed broadly.
As state-level censorship continues to grow in various countries around the globe in response to political dissent and social change, researchers have begun looking for news ways to help Web users get around these restrictions. Now, a group of university researchers has developed an experimental system called Telex that replaces the typical proxy architecture with a scheme that hides the fact that the users is even trying to communicate at all.
Mozilla has released a new browser-based federated login mechanism called BrowserID that is designed to replace the login process on Web sites that requires users to supply an email and password. The experimental system relies on the Verified Email protocol and also works on other browsers, including Internet Explorer.
Cyber security experts warned on Thursday that the U.S. government is failing to learn the lessons of past computer and intelligence breaches and often exhibits a careless attitude towards securing the data it keeps.
The Internet was not designed to be a secure network, not by any stretch of the imagination. It was meant to enable giant PDPs and IMPs at one college to talk to their brethren at another college across the country. SSL was an attempt to impose some level of security and trustability on this system after the fact, but the last few years have shown that it has a lot of limitations, and to some degree has given users a misplaced faith in the fragile certificate authority infrastructure. Now, security researcher Moxie Marlinspike is hoping to change some of that.
Digital civil liberties organization, the Electric Frontier Foundation (EFF), appealed to the U.S. District Court of Colorado arguing that encrypted personal data is covered by the Fifth Amendment’s protection against self incrimination.
Most Internet users at this point understand that Web sites routinely and extensively track the behavior and movements of their visitors. It’s an unsettling reality. But few people have a handle on just how widespread and pervasive the practice is. Now, a developer has released an add-on for Firefox called Collusion that enables users to see exactly which sites and third parties are tracking them, in real time.
It wasn’t long ago – just a month in fact – that Apple’s iOS mobile operating system was being called the ‘Most secure’ OS. Period.’ A few weeks later, and the security of that OS has fallen (again) to the talents of Comex, an as-yet-unnamed mobile device hacker whose work is attracting kudos from some of the world’s top hackers, vulnerability researchers and exploit writers.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
