Sunday, May 3, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

CIA-made malware? Now antivirus vendors can find out

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 04:29:00 -0800

Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.

On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.

WikiLeaks has redacted the source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump — if real — still exposes some of the techniques that the CIA has allegedly been using.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Senate resolution aims to roll back privacy rules for ISPs

Credit to Author: John Ribeiro| Date: Wed, 08 Mar 2017 03:57:00 -0800

A resolution introduced in the U.S. Senate on Tuesday aims to roll back privacy rules for broadband service providers that were approved by the Federal Communications Commission in October.

The rules include the requirement that internet service providers like Comcast, AT&T, and Verizon obtain “opt-in” consent from consumers to use and share sensitive personal information such as geolocation and web browsing history and also give customers the choice to opt out from the sharing of non-sensitive information such as email addresses or service tier information.

The rules have been opposed by ISPs that argue that they are being treated differently from other Internet entities like search engines and social networking companies.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Apple says it has already patched ‘many’ (not all) leaked CIA exploits

Credit to Author: Jonny Evans| Date: Wed, 08 Mar 2017 03:51:00 -0800

Details concerning multiple iOS, Mac, and AirPort exploits allegedly used by the CIA were published by Wikileaks late last night.

The documents reveal an extensive quantity of exploits used against Apple devices, thought WikiLeaks has not published any of the technical details or computer code that was also leaked to prevent these hacks disseminating any further. (Though we don’t know who else got the data).

Post-privacy

The documents offer the deepest look yet into how intelligence services (including the CIA, GCHQ, and others) have worked together to undermine the security of products from multiple vendors, including Apple.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Android gets patches for critical OpenSSL, media server and kernel driver flaws

Credit to Author: Lucian Constantin| Date: Tue, 07 Mar 2017 08:37:00 -0800

A five-month-old flaw in Android’s SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.

The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.

One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google’s newer BoringSSL library, which is based on OpenSSL. What’s interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

WikiLeaks' CIA document dump shows agency can compromise Android, TVs

Credit to Author: Grant Gross| Date: Tue, 07 Mar 2017 08:22:00 -0800

WikiLeaks has released more than 8,700 documents it says come from the CIA’s Center for Cyber Intelligence, with some of the leaks saying the agency had 24 “weaponized” and previously undisclosed exploits for the Android operating system as of 2016.

Some of the Android exploits were developed by the CIA, while others came from the U.S. National Security Agency, U.K. intelligence agency GCHQ, and cyber arms dealers, according to the trove of documents released Tuesday. 

Some smartphone attacks developed by the CIA allow the agency to bypass the encryption in WhatsApp, Confide, and other apps by collecting audio and message traffic before encryption is applied, according to the WikiLeaks analysis.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

CA to acquire security testing firm Veracode for $614M

Credit to Author: John Ribeiro| Date: Tue, 07 Mar 2017 03:58:00 -0800

CA Technologies is acquiring application security testing company Veracode for $614 million in cash, in a bid to broaden its development and testing offering for enterprises and app developers.

The acquisition is expected to be completed by the second quarter of this year.

Privately held Veracode has offices in Burlington, Mass. and London, and employs over 500 people worldwide. The company has around 1,400 small and large customers.

Offering a software-as-a-service platform, Veracode is focused on technologies that let developers improve the security of applications from inception through production.

“Embedding security into the software development lifecycle and making it an automated part of the continuous delivery process means that developers can write code without the hassles of a manual and fragmented approach to security,” CA president and chief product officer Ayman Sayed wrote in a blog post.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Consumers are wary of smart homes that know too much

Credit to Author: Stephen Lawson| Date: Mon, 06 Mar 2017 18:10:00 -0800

Nearly two-thirds of consumers are worried about home IoT devices listening in on their conversations, according to a Gartner survey released Monday.

Those jitters aren’t too surprising after recent news items about TV announcers inadvertently activating viewers’ Amazon Echos, or about data from digital assistants being used as evidence in criminal trials. But privacy concerns are just one hurdle smart homes still have to overcome, according to the survey.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

A hard learned lesson in VPNs and secure websites

Credit to Author: Michael Horowitz| Date: Mon, 06 Mar 2017 17:00:00 -0800

Being a Defensive Computing kind of guy, I am a frequent flyer when it comes to VPN usage. But VPNs have both an upside and a downside.

Previously, I wrote about an unexpected downside that I ran into while making a purchase while logged into a VPN server in another country. I won’t be doing that again.

This time, a VPN interfered with a charitable donation.

I am a big fan of Libre Office. Yesterday, I tried to make a donation to the organization behind it, The Document Foundation, but my credit card was denied with a “transaction failed” error message.

To read this article in full or to leave a comment, please click here

Read More