The latest OpenSSL security hole isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.
Fortunately, the affected OpenSSL versions are not commonly used in enterprise operating systems. For example, it doesn't impact shipping and supported versions of Red Hat Enterprise Linux (RHEL) or Ubuntu. In the case of Ubuntu, it does affect the 15.10 development release, but the patch is already available.
Yesterday FBI Director James Comey and Deputy Attorney General Sally Quillian Yates testified before a Senate Judiciary committee that they are stumped by end-to-end encryption and that while they want to work with the private sector to come up with a solution Yates noted that a legislative mandate “may ultimately be necessary” to force companies to comply.
Adobe patches a Flash zero-day vulnerability found as part of the massive data breach of Hacking Team. Experts recommend speedy remediation as the flaw has been added to multiple exploit kits.
The massive Hacking Team data breach led to the release of 400GB worth of data including a zero-day vulnerability for Adobe Flash. Adobe has released an out-of-band patch for the flaw just two days after it was discovered.
Apple on Wednesday confirmed that the removal of a pesky Recovery Key security mechanism will be one of the changes coming to its two-factor authentication solution when iOS 9 and OS X 10.11 El Capitan are released this fall.
Currently, the Recovery Key system in Apple's "two-step" protocol works as a failsafe for accessing an Apple ID when registered trusted device or phone number is unavailable. Under the existing setup, losing both a trusted device and Recovery Key renders the account inaccessible, which has in the past forced some users to abandon their Apple IDs altogether.
On Sunday, while most of Twitter was watching the Women's World Cup – an amazing game from start to finish – one of the world's most notorious security firms was being hacked.
Specializing in surveillance technology, Hacking Team is now learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense.