Archives: March 2016
You are here: Home \ 2016 \ March \ Page 4
Google wants the internet to know that it’s keeping track of deployed certificates, whether they’re trusted or not. While the search behemoth has long maintained a list of trusted Certificate Authorities, it announced on Monday that it has created a new list of CAs that were once, or are not yet trusted, by browsers. Dubbed Submariner,...
The FBI’s motion for a continuance in its case against Apple has opened a new avenue in this debate as to the identity and means by which the mystery “outside party” could unlock terrorist Syed Farook’s iPhone. Late yesterday afternoon, the FBI filed a motion to vacate a hearing scheduled for today in a Riverside,...
In addition to fixing the serious crypto vulnerabilities in iMessage that surfaced yesterday, Apple also deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV’s tvOS, and watchOS. The iOS update, 9.3, is arguably the most pressing given the cryptographic issue dug up by researchers at Johns Hopkins University, but it...
Yahoo’s latest transparency report, published today, reflects a spike in government and law enforcement requests for user data following the Paris terrorist attacks of Nov. 13. The attacks resulted in the deaths of 130 people and injuries to more than 350 others; the situation remains fluid with speculation that today’s explosions in Brussels could be...
The FBI has dropped its case against Apple less than a day before a scheduled court hearing and showdown over its demands that Apple help unlock a terrorist’s iPhone. The government late Monday afternoon filed a motion to vacate its case, putting a halt to a saga that began in mid-February when a federal magistrate...
BinDiff is a constant presence inside a security researcher’s toolbox, ideal for patch and malware analysis or reverse engineering of code. The Google-owned software allows researchers to conduct side-by-side comparisons of binary files in disassembled code looking for differences in the samples. Until last week, BinDiff came with a price, but on Friday Google announced...
When Apple released its iOS Security Guide for public consumption, it was an unprecedented look inside the security architecture behind its products. For cryptographer and professor Matthew Green and a team of four Johns Hopkins University graduate students, it was a road map to understanding not only how secure Apple’s iMessage messaging application was, but...
Security researchers are applauding the FBI and the National Highway Traffic Safety Administration for warning the auto industry that cars and trucks are vulnerable to internet-based attacks. But, they argue, more needs to be done by the government and car makers to protect drivers. Last week, in a joint public service announcement, the FBI and NHTSA...
In hopes of eliminating the password, at least on the company’s mobile apps, Yahoo on Friday deployed a stable version of its Account Key mechanism. The feature, essentially two-step authentication—without the first step—allows Yahoo users to log into the company’s Finance, Fantasy, Mail, Messenger, or Sports apps on iOS and Android devices. When users attempt to...
Home Depot agreed to pay $19.5 million to compensate the 40 million cardholders it said were impacted by a massive 2014 data breach. As part of a proposed settlement by Home Depot, it admits no wrongdoing or liability in the breach, according to court filings with the US District Court for the Northern District of...