Google is scrapping Pwnium, its annual bug hunting event, and folding it into an existing year-round program in part to reduce security risks.
The company held Pwnium annually at CanSecWest, a security conference in Vancouver, to find security problems in its Chrome OS, Chrome browser and affiliated applications.
Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy.
The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept encrypted HTTPS traffic for every website users visited – replacing legitimate site certificates with its own.
Linux admins were sent scrambling to patch their boxes on Monday after a critical vulnerability was revealed in Samba, the open source Linux-and-Windows-compatibility software.
The bug, which has been designated CVE-2015-0240, lies in the smbd file server daemon. Samba versions 3.5.0 through 4.2.0rc4 are affected, the Samba Project said in a security alert.
Hundreds of entrepreneurial and impatient hackers have exploited a loophole to purchase early tickets to the Burning Man festival.
Geeks meddled with Ticketfly's first-in-best-dressed system to jump the queue and push in ahead of the hordes hoping to attend the counter-cultural event.
The Cosmic Corporation, the event's organiser, issued a statement saying it busted the 200 hackers and axed their tickets. “Approximately 200 people created a technical backdoor to the sale and made their way to the front of the line,” it says.
Telegram users should be aware the messaging app's "Secret Chats" may not be so secret after all.
LinkedIn has agreed to pay $1.25 million to settle a class-action suit that alleged the company failed to protect the passwords and private information of its premium subscriber customers.
The case dates back to June 2012 when the company reported that Russian hackers stole more than six million passwords from the social networking site, about 5% of LinkedIn's user base. Shortly thereafter, a user launched a class-action lawsuit claiming LinkedIn violated its own user agreement and privacy policy.
Last week, a report in The Intercept revealed that GCHQ and NSA managed to hack into all of Gemalto’s systems and steal encryption keys for its SIM cards, credit card chips and so on. Gemalto is currently the largest SIM chip manufacturer in the world, serving over 3,000 banks and 450 carriers.
Such a hack could have potentially disastrous financial implications for the company. Within a day, the company had already lost $500 million in stock value. For a security company, having trustworthy products is critical to keeping customers buying products.
Google has added an early warning alert to Chrome that pops up when users try to access a website that the search giant suspects will try to dupe users into downloading underhanded software.
The new alert pops up in Chrome when a user aims the browser at a suspect site but before the domain is displayed. "The site ahead contains harmful programs," the warning states. Google emphasized tricksters that "harm your browsing experience," and cited those that silently change the home page or drop unwanted ads onto pages in the warning's text.
Lenovo's chief technology officer Peter Hortensius has issued another statement on how the company plans to handle Superfish.
The missive explains that Lenovo has worked with anti-virus vendors to get their products flattening Superfish whenever a PC starts up and issued a removal tool.
Hortensius says Lenovo is now “in the midst of developing a concrete plan to address software vulnerabilities and security with defined actions that we will share by the end of the week.”
New cases of insecure HTTPS traffic interception are coming to light as researchers investigate software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.
Over the weekend, a user reported on Hacker News that his system failed an online test designed to detect a man-in-the-middle vulnerability introduced by Superfish, a program preloaded on some Lenovo consumer laptops.
