A German security company has released an unauthorized patch for Apple's OS X Mavericks that it claimed closes the hole the Cupertino, Calif. giant left wide open in the operating system's implementation of basic Internet encryption.
Researchers from security firm Bromium today revealed that they have discovered ways to bypass Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
EMET is designed to provide an additional layer of security to applications to reduce the risk of exploitation. While EMET prevents many attacker bullets from getting through to an application, Bromium now asserts that EMET is not bulletproof.
WhatsApp, the mobile messaging service Facebook just bought for US$19 billion, has several security weaknesses that experts say are worth addressing.
None of the flaws found this week by app security vendor Praetorian are critical. Instead, they represent lapses in best practices for securing mobile apps.
A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA.
"NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke in a speech at the Cloud Security Alliance summit in San Francisco on Monday. "Non-US companies are using NSA revelations as a marketing tool."
Apple on Friday issued an update that fixed a rather severe vulnerability in their SSL/TLS implementation in iOS. In short, the flaw allowed any hacker the ability to intercept data during supposedly secure and encrypted transfers when using an iPhone, iPad or iPod Touch on a public network. Estimates suggest that the vulnerability was introduced in iOS 6.0 back in September 2012 (Apple was added as a PRISM partner in October 2012, utterly circumstantial but just sayin'). After some reverse engineering of the patch, people discovered it overhauled some fairly major portions of iOS.
The Office of the Australian Information Commission (OAIC) has confirmed it won’t hold organisations accountable for the exposure of personal information when accessed via a cyber attack, as long as the Office is satisfied with the level of security in place within the targeted systems.
New privacy rules strengthening the enforcement power of the OAIC come into effect in 12 March 2014.
WhatsApp founder Jan Koum on Sunday issued an apology and blamed a network router for Saturday's outage of the mobile messaging app.
"We are sorry about the downtime," wrote Koum. "It has been our longest and biggest outage in years. It was caused by a network router fault which cascaded into our servers."
I've been preaching the gospel of Linux security for decades now, but it's always nice to see proof-positive from an independent organization that Linux is indeed the most secure operating system around.
The Communications-Electronics Security Group (CESG), the group within the UK Government Communications Headquarters (GCHQ) that assesses operating systems and software for security issues, has found that while no end-user operating system is as secure as they'd like it to be, Ubuntu 12.04 is the best of the lot.
The new release proves controversial as Google tightens control over the browser to the anger of some users.
In terms of new features, version 33 is rather disappointing – despite debuting in the beta channel a few weeks ago, Google Now notifications have yet to make their way across to the stable channel. In fact, version 33 is little more than a bug-fix release, with 28 security fixes the only notable highlight.
Neiman Marcus has revised downward the number of credit and debit cards exposed in a data breach, from 1.1 million to 350,000, according to a notice posted Friday on its website.
“The number has decreased because the investigation has established that the malware was not operating at all our stores, nor was it operating every day in those affected stores,” wrote Neiman Marcus Group President and CEO Karen Katz.
