All Windows versions are vulnerable to FREAK
When the FREAK vulnerability was brought to our attention earlier this week, Windows was not originally believed to be affected by it. Apple and Google took the heat, as the cryptographers who made the discovery named OpenSSL (which is used by Android, among others) and Apple TLS/SSL clients (like Safari) as being vulnerable to FREAK attacks (short for Factoring Attack on RSA-EXPORT Keys).
However, a new security advisory released by Microsoft yesterday paints a different picture. In reality, all supported versions of Windows, including Server products, are vulnerable to FREAK attacks. Microsoft isn't discussing non-supported versions of Windows -- like Windows XP -- for obvious reasons, but it is safe to say that they are also impacted.
Adobe gives up, asks others to find its security flaws
Adobe's security woes are well known, with major flaws plaguing Flash and other apps from the company. The software maker has now opted for an open approach to its problems, asking for users to begin searching for bugs in the software.
This is likely the best route to take. Independent security researchers have always found and reported the flaws and some companies pay a bounty for this information. Now Adobe is taking a similar approach, asking everyone to help out.
D-Link fixes the latest flaw in its routers, more patches on the way
You can't fling a rock these days without hitting a security vulnerability somewhere. From the Internet of Things to apps to Windows and even your own router. Yes, that D-Link box sitting on your desk can be a liability to you. That's a problem the company is attempting to clean up, after reports surfaced about the flaws.
The problems were discovered by a Canadian researcher and involve a remote access flaw that can leave users vulnerable. "Due to the nature of the ping.ccp vulnerability, an attacker can gain root access, hijack DNS settings or execute arbitrary commands on these devices [by] the user simply visiting a webpage with a malicious HTTP form embedded (via CSRF)", says Peter Adkins, who discovered the vulnerabilities.
New platform helps fend off high volume cyber attacks
Cyber attacks are getting bigger and more complex and are targeting many different types of organization and industry. This means defending against them is more than ever a major concern for businesses.
Attack mitigation specialist Radware has launched a new version of its DefensePro platform to provide enterprises with stronger protection.
MRG Effitas releases latest Online Banking Browser Security report
Security research company MRG Effitas has released its Q4 2014 Online Banking Browser Security report, awarding certification to the top four products: Kaspersky Internet Security, Quarri POQ, Webroot SecureAnywhere and Zemana Antilogger.
MRG also tested security suites from 14 other vendors: avast!, AVG, Avira, Bitdefender, ESET, F-Secure, G Data, McAfee, Microsoft, Norton, Panda, Trend Micro, VIPRE and Wontok.
Employee file transfer and email habits put corporate data at risk
Employees are putting business data at risk with their email and file sharing habits. This is among the findings of the latest survey by email encryption specialist DataMotion.
Although companies are increasingly putting security and compliance policies in place nearly 44 percent of respondents admitted that these are only moderately enforced at best.
What the FREAK? Huge SSL security flaw stems from US government backdoor
Seven hours is all it takes to crack the encryption that is in place on some supposedly secure websites. Security experts blame the US government's ban on the use of strong encryption back in the 1990s for a vulnerability that has just come to light. Named FREAK (Factoring attack on RSA-EXPORT Keys), the flaw exists on high-profile websites including, ironically, NSA.gov.
Restrictions that limited security to just 512-bit encryptions were lifted in the late 90s, but not before it was baked into software that is still in use today. The ban on the shipping of software with stronger encryption apparently backfired as it found its way back into the States. Security experts say the problem is serious, and the vulnerability is relatively easy to exploit.
Google reneges on its promise of encryption by default for Lollipop devices
Not wanting to be outdone by Apple, when it was announced that iOS 8 would encrypt data by default, Google felt compelled to follow suit. Back in September Google said that in Lollipop "encryption will be enabled by default out of the box, so you won't even have to think about turning it on". But six months is a long time, and it now seems that Google has had a change of heart.
Well, as noted by Ars Technica, many of the Lollipop handsets appearing at MWC 2015 -- including the Samsung Galaxy S6 -- do not have encryption enabled. Of course there is nothing to stop users from manually enabling it, but that's not really the point; the idea was that you "won't even have to think about turning it on". So what gives?
Monitoring third-party security is a major concern for enterprises
A new study carried out by Forrester Research for security rating company BitSight Technologies reveals that third-party security has become a major concern for enterprises.
The results show that when it comes to tracking third-party risk, critical data loss or exposure (63 percent) and the threat of cyber attacks (62 percent) rank as the top concerns. These come above standard business issues, including whether the supplier could deliver the quality of service they were contracted for.
DDoS attacks have major impact on service providers
A majority of service providers have experienced some form of DDoS attack and have experienced loss of revenue or customers as a result.
This is among the findings of a new report by security and DDoS protection specialist Black Lotus. Only 16 percent of service providers said they'd rarely or never experienced a DDoS attack whilst 35 percent are being hit by one or more attacks each week.
Protecting your brand in the new domain name era
The online world has long been a space in which brands and businesses have jostled for attention. Until recently, there have been only a small number of domain extensions available, with the most popular ones including .com, or .co.uk.
The limited number of possibilities meant that prime domain addresses were fiercely fought over, with the market becoming increasingly saturated as rising numbers of brands looked to establish an online presence. Now however, a new programme spearheaded by the Internet Corporation for Assigned Names and Numbers (ICANN) is changing the face of the domain name marketplace -- by introducing more than 1200 new domain suffixes to the Internet.
Apple Pay security scam nets fraudsters millions of dollars
The big names in tech are falling over themselves to get new payment systems out of the door at the moment. At MWC, Sundar Pichai confirmed Android Pay is on its way, and we've also learned about Samsung Pay from the Barcelona event. The convenience of paying with a smartphone is undeniable, but there are unavoidable security concerns.
Having been adopted by millions of Americans -- and with plans to expand into Europe and beyond -- Apple Pay is serving to highlight important security problems. Lax verification systems used by banks coupled with criminals exploiting stolen credit cards and IDs mean Apple Pay is used to make millions of dollars worth of fraudulent purchases. So how does it work?
New memory cards from SanDisk are designed for dashboard and security cameras
Cameras are everywhere these days, even on the dashboards of cars. In fact many of these, while in place for other reasons, have shown us all sorts of interesting stuff, including a recent meteor on its way to earth over the country of Russia. But where do you store all of this data?
SanDisk has a solution that could solve this problem. A new microSDXC card that comes with 64 GB of storage and promises up to 10,000 hours of HD video recording, though a caveat is offered in the fine print -- "video content recorded at 26 Mbps to one device; results, video support and performance may vary depending on host device, file attributes and other factors". Honestly, if it comes anywhere close to that then it's more than enough for any consumer.
Samsung Galaxy S6 and S6 Edge get pre-installed Intel Security protection
Samsung surprised many yesterday, when it revealed not one new flagship device, but two -- the Galaxy S6 and S6 Edge. Both devices are drop-dead gorgeous, although the Edge is more so. If you decide to buy either phone, it is highly recommended that you buy a durable case.
If you protect the hardware from damage, why not the inside too? Android is more open than iOS, and even if you stick to the Play Store, malware can still reach your device. Don't panic, however, as Samsung has wisely partnered with Intel Security to pre-load its anti-malware solution, McAfee VirusScan Mobile, on these new phones.
Blackphone 2 caters to the enterprise, the security-minded and the paranoid
Yep, we know all about the NSA, thanks Edward. Yeah, it's possible (probable?) that a government agent somewhere is listening to or recording your conversations. And yes, even if you're not one of the tin-foil hat brigade, there's a danger that someone could tap into your phone. But you don’t have to be paranoid to want security; there are plenty of companies and enterprise customers for whom security is of the utmost importance.
While much of the news coming out of MWC 2015 has been dominated by Microsoft's Lumia 640, the Samsung Galaxy S6 Edge, and tablets from Sony, there's always room for something a little different. Following on from the security-focused Blackphone, Silent Circle used the Barcelona event to announce the follow-up -- the Blackphone 2.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.