Collaborate Disseminate
Add to the "not very smart criminals" file: According to court documents, Tinley provided software services for Siemens’ Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The spreadsheets included custom scripts that would update the content of the file… Continue reading Insider Logic Bombs
According to a survey: "68% of the security professionals surveyed believe it’s a programmer’s job to write secure code, but they also think less than half of developers can spot security holes." And that’s a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a priority. Worse still, 68% of… Continue reading Software Developers and Security
Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys… Continue reading Yubico Security Keys with a Crypto Flaw
Stanford University’s Cyber Policy Center has published a long report on the security of US elections. Summary: it’s not good…. Continue reading Election Security
Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major… Continue reading Hacking Hardware Security Modules
Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of… Continue reading Hacking Hardware Security Modules
Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system: Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US’ hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac…. Continue reading Chinese Military Wants to Develop Custom OS
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they’re not going to do a very good job at it. In an experiment that involved 43 programmers hired via the … Continue reading Programmers Who Don’t Understand Security Are Poor at Security
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they’re not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy… Continue reading Programmers Who Don’t Understand Security Are Poor at Security
Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted — and that this system in particular should never… Continue reading Critical Flaw in Swiss Internet Voting System