AV engines are riddled with exploitable bugs

Tuesday, July 29th, 2014

A security researcher has found a great number of exploitable vulnerabilities in popular security solutions and the AV engines they use, proving not only that AV engines are as vulnerable to zero day attacks as the applications they try to protect, but can also lower the operating system's exploit mitigations. "Installing ...

“TrueCrypt is not secure,” official SourceForge page abruptly warns

Wednesday, May 28th, 2014

One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use. "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of ...

Private photos exposed in Instagram hack

Tuesday, February 11th, 2014

Private profiles of Instagram users could be made public as a result of a vulnerability that took almost six months to fix. The flaw would have enabled hackers to change privacy settings within user profiles to expose potentially sensitive photos to the internet, or to lock down popular pages by marking ...

New mobile exploits demonstrated at Pwn2Own event

Wednesday, November 13th, 2013

At information security conference PacSec 2013 in Tokyo, two teams have accepted rewards for demonstrating exploits against cell phones in the Mobile Pwn2Own 2013 contest sponsored by HP. Japanese squad Team MBSD, of Mitsui Bussan Secure Directions, Inc., collected $40,000 for installing malware and collecting personal data on the Android-powered Samsung Galaxy S4. The group ...

Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

Wednesday, November 13th, 2013

Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital ...