Independent – Page 202 – Computer Security Articles

Credit to Author: Lucas Mearian| Date: Fri, 23 Mar 2018 03:20:00 -0700

Blockchain could be the answer to increasingly tough anti-money laundering (AML) statutes and enterprise fraud management (EFM) requirements looming for the financial services industry.

In a report released this week by Forrester Research, blockchain’s distributed ledger technology – because it is both secure and immutable – is ideal for meeting new government requirements and serving as a trusted repository for identification purposes.

To read this article in full, please click here

Independent Krebs

March 22, 2018 admin

Survey: Americans Spent $1.4B on Credit Freeze Fees in Wake of Equifax Breach

Credit to Author: BrianKrebs| Date: Thu, 22 Mar 2018 14:08:46 +0000

Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state. The figures, commissioned by small business loan provider Fundera and conducted by Wakefield Research, surveyed some 1,000 adults in the U.S. Respondents were asked to self-report how much they spent on the freezes; 32 percent said the freezes cost them $10 or less, but 38 percent said the total cost was $30 or more. The average cost to consumers who froze their credit after the Equifax breach was $23. A credit freeze blocks potential creditors from being able to view or “pull” your credit file, making it far more difficult for identity thieves to apply for new lines of credit in your name.

Independent Securiteam

March 21, 2018 admin

SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Credit to Author: SSD / Noam Rathaus| Date: Wed, 21 Mar 2018 14:48:51 +0000

Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Response The vendor was notified on the 28th of November 2017, and responded that they take security … Continue reading SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Independent Krebs

March 21, 2018 admin

15-Year-old Finds Flaw in Ledger Crypto Wallet

Credit to Author: BrianKrebs| Date: Tue, 20 Mar 2018 17:19:11 +0000

A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Hardware wallets like those sold by Ledger are designed to protect the user’s private keys from malicious software that might try to harvest those credentials from the user’s computer. The devices enable transactions via a connection to a USB port on the user’s computer, but they don’t reveal the private key to the PC. Yet Saleem Rashid, a 15-year-old security researcher from the United Kingdom, discovered a way to acquire the private keys from the Ledger devices. Rashid’s method requires an attacker to have physical access to the device, and normally such attacks would fall under the #1 rule of security — namely, if an attacker has physical access to your device it is not your device anymore.

ComputerWorld Independent

March 21, 2018 admin

Could these grain-sized computers using blockchain networks thwart counterfeiters?

Credit to Author: Lucas Mearian| Date: Tue, 20 Mar 2018 10:39:00 -0700

Within five years, IBM researchers hope to deploy granular microcomputers that, in conjunction with a blockchain electronic ledger, could be used to verify and track goods all over the world.

IBM has created a microcomputer technology called cryptographic anchors (abbreviated: crypto-anchors) and says they could be used to authenticate anything from pharmaceuticals to luxury goods, such as diamonds, from point of origin to merchant.

To read this article in full, please click here

Independent Krebs

March 19, 2018 admin

Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37

Credit to Author: BrianKrebs| Date: Mon, 19 Mar 2018 03:53:12 +0000

Adrian Lamo, the hacker probably best known for breaking into The New York Times’s network and for reporting Chelsea Manning’s theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapter of his life eclipsed the profile of a complex individual who taught me quite a bit about security over the years. Adrian Lamo, in 2006. Source: Wikipedia. I first met Lamo in 2001 when I was a correspondent for Newsbytes.com, a now-defunct tech publication that was owned by The Washington Post at the time. A mutual friend introduced us over AOL Instant Messenger, explaining that Lamo had worked out a simple method allowing him to waltz into the networks of some of the world’s largest media companies using nothing more than a Web browser.

Independent Securiteam

March 16, 2018 admin

SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for HTTP basic and HTTP digest login types. Confirmed Vulnerable … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

Understand history, but don’t repeat it