The researchers call the vulnerability 'Devil's Ivy'. The only way to fix it is through a firmware upgrade.
Brian Krebs' report states that it'll be hard to exploit en-masse, but it's very serious nonetheless.
The new IBM Z wants to give financial institutions the processing power to encrypt all their transactions, up to 12 billion per day. It can encrypt a whopping 13 gigabytes of data per second per chip, and has an average of 24 chips per mainframe.
It's based on the malware-as-a-service OmniRAT. It has some advanced capabilities, like controlling the infrared transmitter, use the text-to-speech function, terminate ongoing calls, and more.
Coindash, a trading platform for ether, launched its ICO (Initial Coin Offering, sort of an investment run) this week. However, right when the ICO started, someone changed the address where the money was supposed to be sent. More than $7.4 million was 'invested' in to the hacker's own wallet.
Which, considering the vast amount of issues with SMS security, is really good news. They'll nudge SMS-based 2fa users to their own 'Google prompt' 2fa solution. The usual authenticator apps still remains an option of course.
Speaking of 2fa, an article by the Verge states what we've all come to realise: "get two-factor authentication" is good advice, but it's not enough. And no one really seems to know how to fix it.
There's no solutions in this article, but if you want to read a rant and agree with it, it's a good place to go.
This is in a closed lab setup, but fascinating nonetheless. They use a technique knows as Van Eck phreaking to determine the encryption key based on power consumption spikes, detected through EM waves. When the devices is 30 centimeters removed from the computer it takes 50 seconds to get the key.
It will support unlimited sharing for up to six family members, and have the emergency access feature available. You'll be able to merge existing accounts. Early access is starting soon.
Considering the multitude of S3-related data leaks, including the last one of Dow Jones customers, this seems useful.
It seems AWS has noticed the rise in issues as well. I got an automated e-mail this week reminding me of two buckets which were publicly accessible (by design, fortunately).
if you use WebEx in your company, time to update. And while your at it, thank Tavis Ormandy. Again.
Nice useful toolset by Patrick Wardle, Chief Security Researcher at Synack. OverSight, for example, notifies you when audio or video recording was activated.
A little under eleven days remaining. You can get a good pile of great security books for a really good price. See Hackernews for discussions on the offered books.
Github repository holding a giant set of passwords, dug out from previous leaks, ordered by popularity. Could be useful to validate newly chosen passwords against in your own applications.