Security

Software makers like Microsoft put a lot of effort into ensuring that the operating system and application updates they deliver to your system are secure, so that hackers can’t hijack updates to get into your computer.

But it turns out that PC hardware makers are not so careful. An investigation conducted by Duo Security into the software updaters of five of the most popular PC manufacturers—HP, Dell, Acer, Lenovo, and Asus—found that all had serious security problems that would allow attackers to hijack the update process and install malicious code on victim machines.

You may have left Myspace and its indie bands behind years ago, but Myspace hasn’t forgotten you. Or rather, it hasn’t forgotten your password, which is unfortunate, because it just revealed that a hacker stole username and password infomation from what could be more than 360 million accounts.

Facebook plans to tighten security on its popular Messenger platform this summer, but it won’t be turned on for all users by default.

Messenger will add a new end-to-end encryption feature that prevents hackers and the government from being able to read your text messages. Facebook won’t be able to read your messages either though, and that will seriously hurt its ability to make bots great if you decide to opt-in to better security.

Many of today's security laws will be unworkable according to one security expert speaking at today's 7th Hack in The Box (HITB) conference in Amsterdam.

John Adams, head of security for Bolt Financial, treated the HITB conference to a state of play in the ongoing crypto-wars between the private and public spheres.

Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access—even on the latest versions of iOS—to swap out legitimate apps with malicious versions undetected on the device.

Researcher Chilik Tamir of mobile security company Mi3 Security disclosed last week during his talk at the show that an iOS mitigation for a previous attack he’d developed was incomplete and with a modification, he could still infect non-jailbroken iOS devices with malicious or misbehaving apps.

A security researcher has shown how Intel CPU's among others are vulnerable to cache side channel attacks at the the 7th Hack in the Box Amsterdam.

The possibility  of cache side channels attacks occurred to Anders Fogh, co-founder/ vice president of engineering, Protect Software GmbH, after one researcher brought up over twitter an oversight in a talk Fogh was about to give at Blackhat. The researcher's addition of side channel attacks, “threw my plans to the wind” said Fogh.

Recent headlines warn that the government now has greater authority to hack your computers, in and outside the US. Changes to federal criminal court procedures known as Rule 41 are to blame; they vastly expand how and whom the FBI can legally hack. But just like the NSA’s hacking operations, FBI hacking isn’t new. In fact, the bureau has a long history of surreptitiously hacking us, going back two decades.

A well known underground hacking forum has been hit with a massive data breach which exposed IP and email addresses, private messages and password data of around 500,000 members who used the website to expedite the selling and sharing of compromised passwords and stolen credentials. The hacker leaked the data on 6 May in a 1.3 GB tar archive file.

Apple has punted hacker Stefan Esser's app designed to highlight the security posture and running processes on iOS devices.

The app System and Security Info shows detailed data on the state of security including possible anomalies like injected libraries and the state of code-signing and AppStore binary encryption, and a breakdown of any installed jailbreak.

Cupertino wrote in a message to Esser (@i0n1c) that his app was torpedoed from the App Store because it "provides potentially inaccurate and misleading diagnostic functionality for iOS devices".

John McAfee, noted liar and one-time creator of anti-virus software, apparently tried to convince reporters that he hacked the encryption used on WhatsApp. To do this, he attempted to send them phones with preinstalled malware and then convince them he was reading their encrypted conversations.

In April, WhatsApp announced that it had added automatic end-to-end encryption for its billion plus users. The company touted the move as one that would help protect and secure the communications of all WhatsApp users around the world.