A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected websites.
Anyone can hack a radio, but that doesn’t mean it’s easy: there’s a lot of mechanics that go into formatting a signal before you can decode the ones and zeros.
At his Shmoocon talk, [Paul Clark] introduced a great new tool for RF Reverse Engineering. It’s called WaveConverter, and it is possibly the single most interesting tool we’ve seen in radio in a long time.
WhatsApp’s much touted end-to-end encryption capability has become the subject of considerable scrutiny following a report by The Guardian Friday of a ‘backdoor’ in the messaging service that apparently allows for encrypted messages to be intercepted and read.
The Guardian’s report is based on a vulnerability disclosure that Tobias Boelter, a PhD student and computer scientist at the University of California made last April.
Marcan42 of Fail0verflow fame was at the CCC33 event this year, to explain how Fail0verflow exploited the PS4 hardware in order to run Linux on the PS4.
The lack of proper security mechanisms in travel booking systems exposes passengers’ personal information and allows fraudsters to steal tickets and loyalty bonuses, researchers have warned.
Last week, at the 33rd Chaos Communication Congress in Hamburg, Germany, Karsten Nohl and Nemanja Nikodijevic of Security Research Labs detailed the vulnerabilities affecting major travel booking systems and demonstrated how easily they can be exploited.
Hackers are targeting unsuspecting users with a new type of mobile virus that spreads through legitimate-looking word documents sent via WhatsApp, which could then steal sensitive information from users, including online banking credentials and other data.
Whether it was a billion compromised Yahoo accounts or state-sponsored Russian hackers muscling in on the US election, this past year saw hacks of unprecedented scale and temerity. And if history is any guide, next year should yield more of the same.
It’s hard to know for certain what lies ahead, but some themes began to present themselves toward the end of 2016 that will almost certainly continue well into next year. And the more we can anticipate them, the better we can prepare. Here’s what we think 2017 will hold.
A new jailbreak for iOS 10.1.1 has been released in beta form.
“Yalu” is the first jailbreak to support the iPhone 7 and you can get your hands on it now, but users are advised to wait for more stable releases.
Whether it's cars or frying pans, more and more things are connected to the internet. While this adds a level a convenience and control to everyday items, there is also an increased vulnerability for things to be hacked.
The US Food and Drug Administration recognizes this threat as a possibility for internet-connected medical devices and advises manufacturers to take precautions now on how to handle future threats.
Pesky hackers are at it again, and this time the target is the NFL. OurMine, the hacking group which has repeatedly targeted high-profile Twitter accounts, found itself in control of @NFL today, and took the opportunity to try to gain some clientele. The group, which also hacked Netflix today, posted the “we are just testing your security” notice that it always does, while offering to help the NFL shore up its cyber defenses.
