A week in security (Feb 20th – Feb 27th)

Credit to Author: Malwarebytes Labs| Date: Mon, 27 Feb 2017 21:00:23 +0000

A compilation of notable security news and blog posts from the 20th of February to the 27th of February. This week, we look back at tech support scams, tax tips, updating your social media privacy settings, and more.



(Read more…)

The post A week in security (Feb 20th – Feb 27th) appeared first on Malwarebytes Labs.

Read more

Google shifts on email encryption tool, leaving its fate unclear

Credit to Author: Michael Kan| Date: Mon, 27 Feb 2017 13:34:00 -0800

Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether it’ll ever become an official feature in the company’s browser.

On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, it’s become a “full community-driven open source project,” the company said in a blog post.

The tool is designed to work as an extension to Google’s Chrome browser that uses the OpenPGP standard to encrypt emails, ensuring that only the recipient can read them, and not the email provider or a government.  

To read this article in full or to leave a comment, please click here

Read more

SSD Advisory – HTC Sync Remote Code Execution

Credit to Author: Maor Schwartz| Date: Mon, 27 Feb 2017 10:19:14 +0000

Vulnerabilities Summary The following advisory describes a remote code execution (RCE) found in HTC Sync version v3.3.63. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response The vulnerability was not reported to the vendor because the product has reached end of life on 31 August 2016 … Continue reading SSD Advisory – HTC Sync Remote Code Execution

Read more

SHA-1 collision can break SVN code repositories

Credit to Author: Lucian Constantin| Date: Mon, 27 Feb 2017 10:41:00 -0800

A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.

The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.

To read this article in full or to leave a comment, please click here

Read more

SK Telecom pushes for interoperable quantum crypto systems

Credit to Author: Martyn Williams| Date: Mon, 27 Feb 2017 10:34:00 -0800

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company’s quantum key server with an encryption device from Nokia.

The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.

Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.

To read this article in full or to leave a comment, please click here

Read more