Weekly News

InfoSec Week 41, 2018

Memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation can screw you. Just answering a call from an attacker could completely compromise WhatsApp.

Posted

#Weekly-News

InfoSec Week 40, 2018

Estonia sues Gemalto for €152M over ID card flaws. According to an article, some keys were NOT generated on a smartcard due to a scaling issue. Well, looks like they are not affected by ROCA vulnerability, just compromised by Gemalto:)

Posted

#Weekly-News

InfoSec Week 39, 2018

Linux had officially committed to implementing and obeying the Code of Conduct — which is immediately misused to remove top Linux coders. Some of the Linux developers are now threatening to withdraw the license to all of their code.

Posted

#Weekly-News

InfoSec Week 38, 2018

Purism project introduced their own security token called the Librem Key. They have partnered with the Nitrokey manufacturer, but the firmware provides additional functionality, like a challenge response mode where the key informs you if the bios running on a PC has validated itself to the key.

Posted

#Weekly-News

InfoSec Week 37, 2018

Tesla model S is using a 40bit challenge response scheme broken back in 2005. Researchers stole a car in ~6 seconds with precomputed tables.

Posted

#Weekly-News

InfoSec Week 36, 2018

USB media shipped with the Schneider Electric Conext ComBox and Conext Battery Monitor solar products were infected with malware.

Posted

#Weekly-News

InfoSec Week 35, 2018

Google started selling their Titan Security Key bundle that support FIDO standards for secure authentication. They have written the firmware by themselves, but the price should be lower for this kind of hardware.

Posted

#Weekly-News

InfoSec Week 34, 2018

If you are running Linux machines in Microsoft Azure, you should disable built-in wa-linux-agent backdoor that enable root access from Azure console.

Posted

#Weekly-News

InfoSec Week 33, 2018

There is an OpenSSH user enumeration attack against all software versions on all operating systems. It's a timing attack with proof of concept already published.

Posted

#Weekly-News

InfoSec Week 32, 2018

A Comcast security flaws exposed more than 26 millions of customers’ personal information. Basically, an attacker could spoof IP address using 'X-forwarded-for' header on a Comcast login page and reveal the customer’s location.

Posted

#Weekly-News