Although fiber cuts happen daily all over the world, last weeks cuts in the Bay Area suddenly became interesting news. Why? Not because of the massive outages (seriously, there have been incidents with underseas cables that have left entire countries offline for days or weeks. The reason this became newsworthy was the fact that these [...]
The Dutch Ministry of Health announced yesterday that the rollout of the national Electronic Healt Records system EPD has been delayed until later this year. One of the reasons is that experts found a vulnerability in the chipcard used to access patient records. The implementation of the encryption algorithm on the cards enabled an attacker [...]
Of the four browsers that were targeted in this year’s Pwn2Own contest at CanSecWest, only Google Chrome wasn’t successfully hacked despite the $5000 reward offered: The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and FireFox. The Chrome browser gets a small nod for being impacted by one [...]
Almost a month after admitting there was an easily exploitable buffer overflow in its Reader product, Adobe has finally managed to produce patches for Adobe Reader versions 7 and 8.
Along with the release of Microsoft’s Internet Explorer 8, a report by research firm NSS was presented that shows the new version of Internet Explorer is better at protecting users from malware. The (Microsoft-sponsored) study looked at the blacklist features of all modern browsers, using real malware URL’s, over a period of several days. The [...]
Last week, Matthew Dempsky posted an attack against Dan Bernstein’s djbdns software. Djbdns is one of several alternatives for the popular BIND nameserver, and is backed by a unique security guarantee that offers $1000 to the first person to publicly report a verifiable security hole in djbdns. The problem found by Dempsky allows an attacker [...]
Eurojost, the European Union’s Judicial Cooperaion Unit, has just issued a press release that was meant to clarify reports about the EU looking into methods to intercept Skype calls. Instead, it has only increased speculation about alleged backdoors built into the Skype software:
Next week, the first real public review of the contenders for the SHA-3 algorithm will take place in Belgium at Leuven University. The competition is run by the National Institute of Standards and Technology (NIST); the winner of the competition will likely become the default hash algorithm for US agencies by 2012, replacing the current [...]
A zero-day exploit for Adobe Reader has been making the rounds since yesterday. From Adobe’s advisory: A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are [...]
The new attack against websites using SSL encryption presented at Black Hat this week shows some interesting possibilities. To recap, this is the most important part of what SSLstrip does: SSLstrip manages to fool the user into believing he has an encrypted connection with the intended website through several clever slights on hand. First, [...]
