Collaborate Disseminate
The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people’s reservations, cancel their flights and even use the refunds to book … Continue reading It’s 2017 and changing other people’s flight bookings is incredibly easy
A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.The flaw was found by a security researcher named Dawid Golunski and an initial f… Continue reading Critical flaw in PHPMailer library puts millions of websites at risk
A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.
The flaw was found by a security researcher named Dawid Golunski and an initial… Continue reading Critical flaw in PHPMailer library puts millions of websites at risk
Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.
The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.
ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It’s an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.
To read this article in full or to leave a comment, please click here
Continue reading Apple gives iOS app developers more time to encrypt communications
Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.
The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.
ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It’s an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.
To read this article in full or to leave a comment, please click here
Continue reading Apple gives iOS app developers more time to encrypt communications
The cyberespionage group blamed for hacking into the U.S. Democratic National Committee (DNC) earlier this year has also infiltrated the Ukrainian military through a trojanized Android application used by its artillery units.The group, which is know… Continue reading The group that hacked the DNC infiltrated Ukrainian artillery units
Developers of the popular Signal secure messaging app have started to use Google’s domain as a front to hide traffic to their service and to sidestep blocking attempts.
Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.
Open Whisper Systems, the company that develops Signal — a free, open-source app — faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple’s FaceTime and other voice-over-IP apps were also being blocked.
To read this article in full or to leave a comment, please click here
Continue reading Encrypted messaging app Signal uses Google to bypass censorship
VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.VDP is a disk-based backup and recovery product that runs as an open virtual… Continue reading VMware removes hard-coded root access key from vSphere Data Protection
Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.The company’s Project Wycheproof, which was released on GitHub, contains more than 80 test cases … Continue reading Google researchers help developers test cryptographic implementations
Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.The company’s Project Wycheproof, which was released on GitHub, contains more than 80 test cases … Continue reading Google researchers help developers test cryptographic implementations