An audit of the SSH keys associated with more than a million GitHub accounts shows that some users have weak, easily factorable keys and many more are using keys that are still vulnerable to the Debian OpenSSL bug disclosed seven years ago.
Browsing Category: Web Security
The United States and Japan have agreed to cooperate more closely on cybersecurity and information sharing initiatives as a way to help both countries defend against future threats and attacks. The new initiative will include a variety of components, most notably cooperation during serious incidents, cooperation between the two countries’ cybersecurity and defense units, and[…]
Now that provisions in Section 215 of the PATRIOT Act allowing for bulk collection of phone metadata have been shot down, all eyes turn to the USA FREEDOM Act.
Researchers have identified dozens of vulnerabilities in several D-Link products, some of which allow attackers to bypass authentication requirements or upload arbitrary files to target devices. The vulnerabilities lie in a variety of D-Link network storage devices and the company has produced updated firmware to address some of the problems. Researchers at Search-Lab discovered the[…]
Facebook announced early Monday that has adopted OpenPGP encryption and will let users post their public keys on their profile.
Researchers who discovered a half-dozen vulnerabilities in the free Hola VPN said today that fixes rolled out by Hola do not address the security issues they identified.
A poor crypto implementation in the Blockchain Android app results in lost Bitcoin for a number of affected users.
A dozen vulnerabilities, including three critical architectural issues, in PeopleSoft implementations were discussed this week at Hack in the Box, putting ERP security in the spotlight.
Apple announced that it will block out of date versions of Flash Player after a major update to the Adobe software two weeks ago.
French researcher Kafeine has found an exploit kit delivering cross-site request forgery attacks that focus on SOHO routers and changing DNS settings to redirect to malicious sites.