Blog: In The News
You are here: Home \ Blog
LAS VEGAS – There is no guarantee that the internet will succeed. And if we aren’t careful we can really screw it up. It has happened before and we can do it again. The warning comes from technologist Dan Kaminsky who says there is a need to treat the internet similarly to the way the...
LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption backdoors are fraught with potential...
LAS VEGAS — Black market machine trading of PC and server resources is maturing at alarming speeds. Underground networks such as xDedic have fine-tuned their compute platform to the point where they are almost indistinguishable to legitimate networks such as Amazon Web Services and Rackspace. Those observations come from Israel Barak, head of incident response...
LAS VEGAS — A government project in the works since 2013 is set to conclude Thursday at DEF CON when DARPA’s Cyber Grand Challenge culminates with a competition it’s calling the CGC Final Event. The challenge will mirror Capture the Flag competitions usually held at the hacking conference. CTF contests pit groups of hackers against each other to explore code, identify weaknesses...
Yahoo says it is investigating reports of 200 million user credentials advertised for sale on the Dark Web by a hacker that goes by the handle “peace_of_mind”. The Yahoo credentials, according to the site listing the database for sale, includes usernames, passwords (hashed using the MD5 algorithm), birthdates and backup emails for some accounts. The...
Mike Mimoso, Tom Spring, and Chris Brook preview Black Hat 2016, including Ivan Krstic’s talk on Apple/iOS security, Dan Kaminsky’s keynote, IoT, PAC malware, and more. Download: Threatpost_Black_Hat_2016_Preview.mp3 Music by Chris Gonsalves
LAS VEGAS – Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. The bounty begins tomorrow on the HackerOne platform, and the first phase will run for six months. The company said that during...
Google today patched more than three-dozen critical vulnerabilities in Qualcomm components embedded in the Android operating system, all of them allowing attackers to gain a foothold on devices to launch further attacks. The Qualcomm-related patches are among dozens in the monthly Android Security Bulletin, which marks its first anniversary this week after its maiden voyage...
Google is adding HTTP Strict Transport Security (or HSTS) to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection. By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS version of the Google domain. The effort, announced Friday, is...
LAS VEGAS — It wasn’t long ago that ROP, or return-oriented programming, was a hacker’s best friend when it came to bypassing mitigations against memory-based attacks such as DEP and ASLR. ROP, however, is so 2005. In the last couple of years, researchers and attackers have figured out how to bypass popular tools such as...
... 176177178179180181182183184 ... 189 ... 198 ... 207 ... 216 ... 225 ... 234 ... 243 ... 252 ... 261 ...