Almost a third of the world's encrypted Web connections can be cracked using an exploit that's growing increasingly practical, computer scientists warned Wednesday. They said the attack technique on a cryptographic cipher known as RC4 can also be used to break into wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol.
If you’re an avid video gamer, chances are that you know of Epic Games.
They’re the developers of popular games such as Infinity Blade, Gears of War, Unreal Tournament… and – if you’re as old as me – you might even remember their founder Tim Sweeney’s classic DOS era shareware game ZZT.
In other words, they’re great at making video games. But if you visit the forum of Epic Games right now, this is what you’ll see…
Today, we’re continuing to roll out to all users the Twitter data dashboard — a new tool to help you monitor and manage your account.
Have you seen Mr. Robot? The show is only three episodes in, but it’s already shaping up to be a surprisingly awesome hacking drama. And I don’t mean “hacking” in the CSI/NCIS/Scorpion “120WPM and 60 flashing windows” kind of hacking – the protagonist and his Anonymous-style compatriots use real methods and technology, mostly relying on a combination of known vulnerabilities, social engineering, and brute force attacks to play at being cyber-vigilantes. You should check it out – USA has the first three episodes available for free on its website.
A group of 11 computer scientists and encryption experts breathed a little easier in January 2015 when the National Institute of Standards and Technology (NIST) proposed the retirement of six Federal Information Processing Standards (FIPS), including FIPS-185. The 11 experts were instrumental in this standard's demise.
This being the second Tuesday of the month, it’s officially Patch Tuesday. But it’s not just Microsoft Windows users who need to update today: Adobe has released fixes for several products, including a Flash Player bundle that patches two vulnerabilities for which exploit code is available online. Separately, Oracle issued a critical patch update that plugs more than two dozen security holes in Java.
Imagine a security researcher has plucked your customer invoice database from a command and control server. You're nervous and angry. Your boss will soon be something worse and will probably want you to explain who pulled off the heist, and how.
But only one of these questions, the how, is worth your precious resources; security experts say the who is an emotional distraction.
Earlier this week an exploit for Adobe Flash was revealed -- a shock, I know. Now a second is in the wild and already being used. Known by the catchy name CVE-2015-5122, security firm FireEye discovered the flaw buried in the Hacking Team leak and alerted Adobe to it.
Spyware service provider Hacking Team orchestrated the hijacking of IP addresses it didn't own to help Italian police regain control over several computers that were being monitored in an investigation, e-sent among company employees showed.
The latest OpenSSL security hole isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.
Fortunately, the affected OpenSSL versions are not commonly used in enterprise operating systems. For example, it doesn't impact shipping and supported versions of Red Hat Enterprise Linux (RHEL) or Ubuntu. In the case of Ubuntu, it does affect the 15.10 development release, but the patch is already available.
