Issue 22

Flaws found in 20 Linksys Smart Wifi routers

Researchers from IOActive have identified 10 security issues across 20 Linksys devices. Owners are advised to disable their guest network while waiting for patches. The original IOActive post can be found here.


Antivirus provider Webroot melts down as update quarentines hundreds of legit files

The anti-virus application Webroot widely identified regular Windows files as malware and started to quarantine them, which hasn't quite endeared them to their customers.


Atlassian resets HipChat passwords following breach

Atlassian has executed a service-wide password reset for HipChat, saying that a breach might have happened due to an insecure third-party library. Passwords might have leaked, which fortunately were hashed with bcrypt.


Smart TV hack embeds attack code into broadcast signal—no access required

An interesting attack on Samsung Smart TV's uses a manipulated radio signal to trigger an exploit in the built-in browser through the DVB receiver. Being radio waves, it can potentially be done on a large scale.


Interpol identifies 8,800 malicious C&C servers in South-East Asia

Interpol, together with investigators of various countries and private companies, has identified 8.800 command & control servers in South-East Asia used to host malware, launch DDOS attacks, and more. Reports were given to the proper authorities in the hopes of taking them down.


Thousands of Windows computers infected by leaked NSA backdoor

The NSA backdoor exploit called DoublePulsar, leaked by the Shadow Group recently, has been used by others to infect between 30.000 and 100.000 Windows computers. A tool was also released to disinfect a remote computer, with our without the owner's consent.


Air Force hopes to attract hackers with bug bountry program

The US Air Force has launched a bug bounty program, "Hack the Air Force", following the similar programs "Hack the Army" and "Hack the Pentagon". The programs are managed by bug bounty platform HackerOne.


Facebook released SDK for Delegated Recovery service

Facebook and Github teamed up a while ago around 'Delegated Recovery', a way to regain access to Github through your Facebook account. Facebook has now released a beta SDK to let other services try it out too.


The backstory behind carder kingpin Roman Seleznev’s record 27 year prison sentence

Brian Krebs writes the backstory of Roman Seleznev, a hacker and credit card thief who just received 27 years in prison in the US, the most severe hacking-related sentence to date.


The Line of Death – text/plain

An interesting look at what the author (a bit theatrically) refers to as the 'line of death', the divide in a browser window between what the website controls and what the browser itself controls, and how it can impact user security.


Serverless security implications - from infra to OWASP

A good high-level overview of which security concerns either improve or become worse by deploying code to 'serverless' infrastructure (think Ironworker, AWS Lambda).


Top 10 developer crypto mistakes

Very interesting writeup on mistakes that developers often make with regards to crypto.