Sounds like it's going to be a busy few days for R&D and PR departments at least two security companies.
This weekend, vulnerability researchers have separately disclosed flaws in products from Kaspersky and FireEye that could be exploited by malicious hackers.
First up was Tavis Ormandy. Ormandy, a security researcher at Google, has made a controversial name for himself over the years disclosing security vulnerabilities in products from other software vendors.
Following a court-ordered block of The Pirate Bay and a number of other file-sharing websites in Norway, the Norwegian Pirate Party (Piratpartiet Norge) has now set up free, uncensored DNS servers that anyone can use to bypass the block. While the DNS servers are based in Norway, anyone can use them: if your ISP is blocking access to certain sites via DNS blackholing/blocking, using the Piratpartiet's DNS servers should enable access.
An unpatched vulnerability affecting PayPal’s mobile applications can be exploited to access restricted accounts and even bypass the two-factor authentication (2FA) mechanism, a researcher claims.
PayPal can ask users to confirm their identity for fraud protection and due to regulatory obligations. When users are asked to verify their identity, they are blocked from accessing their account and instructed to call or email PayPal to complete the process.
The U.S. government has not yet notified any of the 21.5 million federal employees and contractors whose security clearance data was hacked more than three months ago, officials acknowledged on Tuesday.
The agency whose data was hacked, the Office of Personnel Management (OPM), said the Defense Department will begin "later this month" to notify employees and contractors across the government that their personal information was accessed by hackers.
Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure.
The average user has some 20 passwords today, and in general the easier they are to remember, the less secure they are. When passwords are used across multiple websites, they become even weaker.