Sources on this Page

> Headlines by Category

 Home / Technology / Security / Authentication & Encryption

You are using the plain HTML view, switch to advanced view for a more complete experience.

Critical flaws in ImageMagick library expose websites to hacking

A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there's no official patch yet and exploits are already available.

The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.

Furthermore, there is evidence that people aside from security researchers and  ImageMagick developers know about the flaws, which is why their existence was publicly disclosed Tuesday. The flaws can be exploited by uploading specially crafted images to Web applications that rely on ImageMagick to process them.

To read this article in full or to leave a comment, please click here

Google turns on HTTPS for all blogspot blogs

All blogs hosted on Google's blogspot.com domain can now be accessed over an encrypted HTTPS connection. This puts more control into the hands of blog readers who value privacy.

Google started offering users of its Blogger service the option to switch their blogspot.com sites to HTTPS in September, but now that setting was removed and all blogs received an HTTPS version that users can access.

Instead of the "HTTPS Availability" option, blog owners can now use a setting called "HTTPS Redirect," which will redirect all visitors to the HTTPS version of their blogs automatically. If the setting is not used, users will still be able to access the non-encrypted HTTP version.

To read this article in full or to leave a comment, please click here

Researchers nab millions of stolen credentials for Gmail, Hotmail, Yahoo, banking

What’s the going rate for usernames and passwords of 272.3 million stolen accounts, many of which are email accounts? A young Russian hacker wanted 50 rubles, which is less than $1, but ended up handing over the data after researchers posted positive comments about him in social media.

Many of the “hundreds of millions of hacked usernames and passwords for email accounts and other websites,” were for Russia’s Mail.ru, according to Reuters, but some “Google, Yahoo and Microsoft email users” were also affected.

Breakdown of stolen credentials

To read this article in full or to leave a comment, please click here

EMC announces LEAP suite of cloud-native apps and InfoArchive 4.0
At the recent EMC World conference, the Federation announced a new set of enterprise content apps called LEAP, to help businesses solve their digital problems.
Instagram pwned by 10-year-old Finn Jani -- Facebook pays $10,000

Instagram hacked by Jani, so Facebook gave him $10,000 because of his white-hat stylee. Also, it's good PR to be seen to reward a 10-year-old proto-researcher.

Facebook paid the bug bounty to the pseudonymous kid from Finland for a vulnerability that could allow anyone to delete any comment, anywhere on the Instagram service. Zuckerberg's crew figured that was a serious problem, which demands a lot more than their usual derisory $500 token.

In IT Blogwatch, bloggers picture this. Not to mention: Finland, Finland, Finland

Your humble blogwatcher curated these bloggy bits for your entertainment. And his own, natch.

To read this article in full or to leave a comment, please click here

5 secure habits of the paranoid PC user

We know how it goes: You mean to practice safe computing habits, really you do. But when you fire up your computer, you just want to get stuff done -- and that's when even savvy users begin to cut security corners.

We'd all do well to take a lesson from truly paranoid PC users, who don't let impatience or laziness stand in the way of protecting their data. Let's take a look at some of their security habits that you may want to practice regularly.

After all, staying safe online doesn't have to be onerous or time-consuming. Invest an hour or two this weekend to put a few safeguards in place, consciously start to practice a few good habits -- and before you know it, your good intentions will become a daily reality.

To read this article in full or to leave a comment, please click here

How to perform a risk assessment

Without a complete and thorough risk assessment including all its component parts (discussed herein), you might as well open all your data assets to unbridled exfiltration via Port 80 without any security checks at all. In the end, attackers and criminal digital profiteers will get what they came for in either case.

To read this article in full or to leave a comment, please click here

(Insider Story)
16 standout Android apps with fingerprint support

Typing a password into your smartphone is, like, so 2014.

With support for fingerprint sensors becoming a native part of Android as of the Marshmallow release -- and fingerprint sensors rapidly becoming standard fare in flagship phones as a result -- it's easy to get spoiled by the ease of unlocking something with a touch of your finger.

The best part? That convenience doesn't have to be limited to your lock screen. The beauty of fingerprint support now being a native element of Android is that it's simple for developers to bring it into their own apps. And once you get used to skipping over a sign-in screen simply by pressing your fingie to your phone, well, it's hard to go back.

To read this article in full or to leave a comment, please click here

Quantum computers pose a huge threat to security, and the NIST wants your help

It's no secret that quantum computers could render many of today's encryption methods useless, and now the U.S. National Institute of Standards and Technology wants the public to help it head off that threat.

The federal agency recently published a report focusing on cryptography in a quantum world that outlines a long-term approach for avoiding the problem before it happens.

"There has been a lot of research into quantum computers in recent years, and everyone from major computer companies to the government want their cryptographic algorithms to be what we call 'quantum resistant,'" said NIST mathematician Dustin Moody. "So if and when someone does build a large-scale quantum computer, we want to have algorithms in place that it can't crack."

To read this article in full or to leave a comment, please click here

The IoT company behind the curtain

Greenwave Systems is sort of the BASF of Internet of Things: It doesn’t make the IoT products you buy, it makes them better. Greenwave (one of Network World’s recently named IoT Companies to Watch) provides software and services that help consumer-facing companies like Verizon deliver IoT features to their customers. IDG US Media Chief Content Officer John Gallant talked recently to Greenwave’s Chief Scientist, Jim Hunter, about how the company is empowering IoT applications and how new voice and social-media-driven capabilities will change the market. Hunter also explored the evolving IoT market and offered a candid assessment of how data ownership and security issues could hamper the IoT revolution.

To read this article in full or to leave a comment, please click here

(Insider Story)
Post Selected Items to:

Showing 10 items of 131

home  •   advertising  •   terms of service  •   privacy  •   about us  •   contact us  •   press release design by Popshop •   Official PR partner PRNews.io •   © 1999-2016 NewsKnowledge