{"id":17053,"date":"2019-11-30T10:45:17","date_gmt":"2019-11-30T18:45:17","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/11\/30\/news-10789\/"},"modified":"2019-11-30T10:45:17","modified_gmt":"2019-11-30T18:45:17","slug":"news-10789","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/30\/news-10789\/","title":{"rendered":"The 25 Most Dangerous Software Vulnerabilities"},"content":{"rendered":"

<\/p>\n

Credit to Author: Brian Barrett| Date: Sat, 30 Nov 2019 14:00:00 +0000<\/strong><\/p>\n

DMV privacy, a password ruling, and more of the week's top security news.<\/p>\n

Happy post-Thanksgiving weekend! Hope you\u2019re still in a turkey coma and survived the lively political discourse with your various uncles. As you shop leftover Black Friday and upcoming Cyber Monday sales, please be safe out there<\/a>; it\u2019s a scammer\u2019s paradise. Oh, and think twice before you give a device with a microphone or camera<\/a>, especially to someone who may not realize the privacy and security implications.<\/p>\n

This week we took a look at how privacy-focused cryptocurrencies aren\u2019t as private as they seem<\/a>\u2014not even Harry Potter-inspired protocols. Trump won\u2019t let go of his Ukraine server conspiracy<\/a>, so neither will we. We spoke with UN Secretary-General Ant\u00f3nio Guterres<\/a> about conflict in cyberspace. And we explored how AI can be \u201chacked\u201d by feeding it faulty data<\/a>.<\/p>\n

And if you thought your Thanksgiving debates were bad, know that the IoT encryption community is going through it, too<\/a>.<\/p>\n

And there's more. Every Saturday we round up the security and privacy stories that we didn\u2019t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.<\/p>\n

For the first time in nearly a decade, the Department of Homeland Security has updated its Common Weakness Enumeration list of the 25 mosts dangerous software errors. In other words, the most common and critical vulnerabilities in tech today, based on a combination of prevalence and severity. You can read the list in full at the link above, but top honors to go CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. It knocks \u201cImproper Neutralization of Special Elements used in an SQL Command\u201d out of the top spot. Better luck next time, SQL injection; remember that it\u2019s an honor just to be nominated.<\/p>\n

Insert your own joke about yet another reason to hate the DMV here. Motherboard reports that California\u2019s Department of Motor Vehicle\u2019s has made anywhere from $41 million to $52 million each year by selling names, addresses, and car registration info of drivers. The customers include insurance companies and car companies. California\u2019s not the only state to do this, but the number alone is eye-popping, as is the fact that most people don\u2019t realize that the simple act of registering their car or getting their license puts their personal info in a third-party\u2019s hands.<\/p>\n

The Pennsylvania Supreme Court ruled this week that a suspect in a child pornography case did not have to turn over the password to his computer, overturning a lower court\u2019s decision. In its decision, the court wrote that disclosing a password is a verbal communication, rather than a physical act like handing over a key, and therefore the \u201cforegone conclusion exception\u201d that prosecutors had argued does not apply. Digital rights advocates applauded the decision.<\/p>\n

Another week, another unsecured database. This time its online printing company Vistaprint\u2019s turn. Security researcher Oliver Hough found a database with information related to 51,000 customer service interactions, which included some personally identifiable information and full online chats. As is often the case, it\u2019s unclear if anyone other than Hough accessed the database before it was secured, but either way, it\u2019s an inexcusable lapse.<\/p>\n

https:\/\/www.wired.com\/category\/security\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Brian Barrett| Date: Sat, 30 Nov 2019 14:00:00 +0000<\/strong><\/p>\n

DMV privacy, a password ruling, and more of the week’s top security news.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10607],"tags":[714,21357],"class_list":["post-17053","post","type-post","status-publish","format-standard","hentry","category-security","category-wired","tag-security","tag-security-security-news"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17053"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17053\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17053"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}