Researchers from security firm Bromium today revealed that they have discovered ways to bypass Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
EMET is designed to provide an additional layer of security to applications to reduce the risk of exploitation. While EMET prevents many attacker bullets from getting through to an application, Bromium now asserts that EMET is not bulletproof.
WhatsApp, the mobile messaging service Facebook just bought for US$19 billion, has several security weaknesses that experts say are worth addressing.
None of the flaws found this week by app security vendor Praetorian are critical. Instead, they represent lapses in best practices for securing mobile apps.
A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA.
"NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke in a speech at the Cloud Security Alliance summit in San Francisco on Monday. "Non-US companies are using NSA revelations as a marketing tool."
Apple on Friday issued an update that fixed a rather severe vulnerability in their SSL/TLS implementation in iOS. In short, the flaw allowed any hacker the ability to intercept data during supposedly secure and encrypted transfers when using an iPhone, iPad or iPod Touch on a public network. Estimates suggest that the vulnerability was introduced in iOS 6.0 back in September 2012 (Apple was added as a PRISM partner in October 2012, utterly circumstantial but just sayin'). After some reverse engineering of the patch, people discovered it overhauled some fairly major portions of iOS.
The Office of the Australian Information Commission (OAIC) has confirmed it won’t hold organisations accountable for the exposure of personal information when accessed via a cyber attack, as long as the Office is satisfied with the level of security in place within the targeted systems.
New privacy rules strengthening the enforcement power of the OAIC come into effect in 12 March 2014.