Saturday, May 4, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Mobile & Wireless

ComputerWorld Independent 

BlackBerry claims QNX automotive software is safe from CIA

admin , ,

Credit to Author: Lucas Mearian| Date: Fri, 10 Mar 2017 14:31:00 -0800

A day after it was revealed through WikiLeaks that the CIA has allegedly explored hacking vehicle computer-control systems, including BlackBerry’s QNX OS, the company said its software is safe.

“We are not currently aware of any attacks or exploits against BlackBerry products or services, including QNX. Still, the news is a bit frightening, now that we are in the semi-autonomous driving age and evolving towards fully self-driving cars,” Marty Beard, BlackBerry’s chief operating officer stated in a blog.

BlackBerry claims its QNX software is in 60 million cars represented by more than 240 car models. The company has its sights set on becoming the leading end-to-end software platform provider in connected cars.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Newer car tech opens doors to CIA attacks

admin , ,

Credit to Author: Lucas Mearian| Date: Fri, 10 Mar 2017 03:01:00 -0800

The revelation through Wikileaks that the CIA has explored hacking vehicle computer control systems should concern consumers, particularly as more and more cars and trucks roll off assembly lines with autonomous features.

“I think it’s a legitimate concern considering all of the computers being added to cars,” said Kit Walsh, a staff attorney with the privacy group Electronic Frontier Foundation (EFF). “There’s no reason the CIA or other intelligence agencies or bad actors couldn’t use those vulnerabilities to hurt people.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Security holes in Confide messaging app exposed user details

admin , ,

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 12:51:00 -0800

Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.

Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade” end-to-end encryption.

But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.

The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app’s account management system. Part of the problem resided with Confide’s API, which could be used to reveal data on user’s phone numbers and email addresses.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Android gets patches for critical OpenSSL, media server and kernel driver flaws

admin , ,

Credit to Author: Lucian Constantin| Date: Tue, 07 Mar 2017 08:37:00 -0800

A five-month-old flaw in Android’s SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.

The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.

One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google’s newer BoringSSL library, which is based on OpenSSL. What’s interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Here’s a new way to prevent cyberattacks on home devices

admin , , ,

Credit to Author: Matt Hamblen| Date: Tue, 28 Feb 2017 05:57:00 -0800

BARCELONA — Homeowners worried about cybersecurity attacks on IP-connected devices like lights, baby monitors, home security systems and cameras, will soon be able to take advantage of a $200 network monitoring device called Dojo.

The device was shown at Mobile World Congress here this week and will go on sale online in April. While the Dojo device isn’t intended to provide enterprise-level security, it could be used to help, in a small way, in warding off massive attacks like the one that used the Mirai botnet which took advantage of unsecure, consumer-grade cameras and other devices last October.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

By virtualizing the Android OS, Cog Systems says it adds more security to smartphones

admin , , , , ,

Credit to Author: Peter Sayer| Date: Mon, 27 Feb 2017 10:31:00 -0800

It sounds like a smartphone user’s worst fear: Software that starts up before the phone’s operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface.

This is not some new kind of ransomware, though. This is the D4 Secure Platform from Cog Systems.

The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security.

It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Samsung mulls iris scanners on smartphones to log into Windows PCs

admin , , ,

Credit to Author: Agam Shah| Date: Sun, 26 Feb 2017 16:51:00 -0800

Soon, your Samsung phone may be able to recognize your iris and log you into your Windows PC.

Iris-scanning via phone is not yet a feature available for Samsung’s latest Galaxy Book 2-in-1s, which were announced at Mobile World Congress. But the company wants to quickly bridge the gap between its Galaxy smartphones, which run on Android, and its Windows PCs and 2-in-1s.

Software called Samsung Flow links the company’s Android smartphones to Windows PCs. Samsung and Microsoft are looking to collaborate on logins via Windows Hello — designed to use biometric authentication to log into PCs — and one big Flow feature is the ability to use Galaxy smartphones to wirelessly log in to the new Galaxy Book.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Legislation revived to curb warrantless geolocation tracking

admin , , ,

Credit to Author: John Ribeiro| Date: Thu, 16 Feb 2017 03:45:00 -0800

Members of Congress reintroduced bills that would place curbs on warrantless access by the government to electronically generated geolocation information of Americans, including on the use of cell-site simulators that can capture cellphone data.

A bill introduced Wednesday, called the Geolocation Privacy and Surveillance Act, aims to create clear rules for when law enforcement agencies can acquire an individual’s geolocation information, generated from electronic devices like smartphones, GPS units and Wi-Fi equipped laptops.

Another bill, the Cell Location Privacy Act of 2017, requires law enforcement, including local, state and federal agencies, to obtain a warrant for the use of cell-site simulators, with exceptions such as the use of the technology in emergencies or for foreign intelligence surveillance. It also imposes a fine or imprisonment of up to 10 years, or both, for any one knowingly using a cell-site simulator, except under certain exceptions like a warrant.

To read this article in full or to leave a comment, please click here

Read more