Tuesday, April 28, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

SHA-1 collision can break SVN code repositories

Credit to Author: Lucian Constantin| Date: Mon, 27 Feb 2017 10:41:00 -0800

A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.

The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

SK Telecom pushes for interoperable quantum crypto systems

Credit to Author: Martyn Williams| Date: Mon, 27 Feb 2017 10:34:00 -0800

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company’s quantum key server with an encryption device from Nokia.

The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.

Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

By virtualizing the Android OS, Cog Systems says it adds more security to smartphones

Credit to Author: Peter Sayer| Date: Mon, 27 Feb 2017 10:31:00 -0800

It sounds like a smartphone user’s worst fear: Software that starts up before the phone’s operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface.

This is not some new kind of ransomware, though. This is the D4 Secure Platform from Cog Systems.

The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security.

It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: February Patch Tuesday updated

Credit to Author: Greg Lambert| Date: Mon, 27 Feb 2017 07:45:00 -0800

Microsoft released a single update last week with this February Patch Tuesday, after a week’s delay. Or, perhaps MS17-005 is considered an out-of-band update from Microsoft?

I am not sure, as it does not look like we will see the usual accompanying updates to Microsoft, .NET and the Windows (desktop and server) platforms. This sole update to Adobe Flash Player is worth deploying immediately. Evergreen browsers such as Microsoft Edge and Google Chrome will automatically update (using the default settings) and so will patch this serious memory-related vulnerability in Flash Player. 

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

MWC 2017: Avast finds over 5.3 million hackable smart devices in Spain

Credit to Author: Darlene Storm| Date: Mon, 27 Feb 2017 07:09:00 -0800

Since Mobile World Congress takes place in Barcelona, security product vendor Avast took aim at the Internet of Things there. Among the findings in this latest research experiment, Avast discovered there were more than 22,000 webcams and baby monitors which are vulnerable to attack. Of course this is not a problem only in Spain, but hacking vulnerable baby monitors and webcams to spy on unsuspecting people in their homes is especially creepy and invasive.

Avast has a habit of conducting Wi-Fi experiments at big events such as the Republican National Convention and Mobile World Congress 2016. The research for MWC 2017 dived deeper than IoT flaws in Barcelona as Avast also took a look at IoT security in Spain and found it lacking. It found more than 5.3 million vulnerable smart devices in Spain, 493,000 of those in Barcelona.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

RSA Conference is a timesaver

Credit to Author: Mathias Thurman| Date: Mon, 27 Feb 2017 04:23:00 -0800

I spent several days in San Francisco on my annual pilgrimage to the RSA security conference.

This year, I attended a few sessions related to cloud security, privacy and compliance, since my world these days is consumed with enhancing the security of our cloud platform and addressing the never-ending burden of maintaining compliance with the likes of PCI, SSAE 16, SOC 2 and HIPAA, and the recent changes related to Privacy Shield, which is the replacement for the European Union’s Safe Harbor.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Now THAT'S secure!

Credit to Author: Sharky| Date: Mon, 27 Feb 2017 03:00:00 -0800

When it comes to website security questions, this pilot fish has a bad attitude — and that’s “bad” spelled P-R-A-C-T-I-C-A-L.

“When they let me write my own questions, I write stuff like ‘Top line of the Spanish text on the control box of the computer speakers,'” says fish.

“It’s easy enough for me to find that answer — just look down and read it — but unless you’re in my house or know exactly what speakers I bought five years ago, you aren’t gonna get it.

“Otherwise, I usually type in nonsense, because I don’t forget my passwords.

“Then sometimes the company has a security breach, locks every affected account and says, ‘You’ll need to reset your password using your security questions.’

To read this article in full or to leave a comment, please click here

Read More
IndependentKrebs
admin

More on Bluetooth Ingenico Overlay Skimmers

Credit to Author: BrianKrebs| Date: Mon, 27 Feb 2017 01:54:58 +0000

This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers.

Read More