July 27th, 2015
A researcher has found a serious Android vulnerability that requires no interaction at all by the user to hijack their device. In fact, the vulnerability could allow a hacker to infect your mobile phone, while you’re fast asleep.
July 13th, 2015
Operation Pawn Storm is up to its dirty tricks again, this time with what is claimed to be the first new Java zero-day vulnerability in two years.
June 19th, 2015
It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?
June 1st, 2015
Over the last couple of weeks I’ve seen a pattern of companies frustrating an individual to the point where the person gives up trying to communicate with the company and hacks them in a major way instead. I guess you could call it Revenge Hacking. In each case, the company was communicating with the person […]
May 25th, 2015
You’ve probably heard the idiom “No good deed goes unpunished.” It looks like that phrase will survive even the cyber age. There have a been few news stories about how vulnerability disclosures were handled, or mishandled. Some made me laugh, some made me cringe. When IT Security professionals find a vulnerability, they know what to […]
May 20th, 2015
Researchers discover a new attack against encrypted communications on the internet.
May 18th, 2015
A few weeks ago a story appeared on Slashdot about a new marketplace on the Dark Web called The Real Deal. Since it’s already in the press, hopefully there’s no harm in describing it here. I do risk being banned from the site for discussing it, but I’m optimistic they’ll see it as free publicity rather […]
April 17th, 2015
If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]
March 28th, 2015
Anata no joho sekyuritei konshu no haiku Twenty Percent of Top Sites Are Running Bad Code. Please Patch Your Site Now! ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your […]
March 27th, 2015
Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware. In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware. […]
March 7th, 2015
Anata no joho sekyuritei konshu no haiku Has Rick James Returned? No – This FREAK Attack Hits Flaws In All Your Browsers ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit […]
February 26th, 2015
For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference […]
February 24th, 2015
Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept […]
January 20th, 2015
For the third time in a month, Google has gone public about a security vulnerability in Microsoft’s code – and not been prepared to wait for the software giant to publish a patch. The security hole, which exists in Microsoft Windows 7 and 8.1 is expected to be patched in Microsoft’s regular monthly security update […]
January 5th, 2015
If I told that you that a bunch of hackers had found a zero-day vulnerability in Microsoft Windows 8.1 you would probably be concerned. Especially if details of the unpatched security bug had not only been made public, but actual working exploit code had also been released on the internet for anyone else to use. […]