Flaws – WindowsTechs.com

libhairshirt vs libfootgun

Posted on February 16, 2021 by cryptosmith

Peter Gutmann, an interesting crypto-academic from New Zealand, has proposed discussing two crypto libraries, libhairshirt and libfootgun: In libhairshirt, the crypto is hard to use, and the API is hard to use. In libfootgun, the crypto is incredibly… Continue reading libhairshirt vs libfootgun→

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices

Posted on December 8, 2020 by Lindsey O'Donnell

A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns. Continue reading ‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices→

Bug-Bounty Awards Spike 26% in 2020

Posted on October 29, 2020 by Elizabeth Montalbano

The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify. Continue reading Bug-Bounty Awards Spike 26% in 2020→

Old Story: Leaked Voter Records

Posted on October 27, 2020 by cryptosmith

My previous posting on the Proud Boys spam email speculated that voter records were widely available for such purposes. Here’s a story from 2017 reporting that voter data for about 198 million Americans was spilled from a “storage bucket” on Amazon’s S… Continue reading Old Story: Leaked Voter Records→

WhatsApp Discloses 6 Bugs via Dedicated Security Site

Posted on September 4, 2020 by Elizabeth Montalbano

The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities. Continue reading WhatsApp Discloses 6 Bugs via Dedicated Security Site→

Critical Adobe Acrobat and Reader Bugs Allow RCE

Posted on August 11, 2020 by Lindsey O'Donnell

Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader. Continue reading Critical Adobe Acrobat and Reader Bugs Allow RCE→

Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft

Posted on August 3, 2020 by Lindsey O'Donnell

Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup “Groups.” Continue reading Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft→

Cisco issues urgent fixes for SD-WAN router flaws

Posted on March 23, 2020 by John E Dunn

Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routes and their management software. Continue reading Cisco issues urgent fixes for SD-WAN router flaws→

Intel patches graphics drivers and offers new LVI flaw mitigations

Posted on March 12, 2020 by John E Dunn

Intel’s March security updates reached its customers this week and the dominant theme is the bundle of flaws affecting Graphics drivers. Continue reading Intel patches graphics drivers and offers new LVI flaw mitigations→

One billion Android smartphones racking up security flaws

Posted on March 9, 2020 by John E Dunn

How long do Android devices continue to receive security updates after they’re purchased? The answer is: barely two years. Continue reading One billion Android smartphones racking up security flaws→