Match, Tinder Swipe Right For Privacy Red Flags, Say Experts

Over 70 percent of subscribers across Match.com express concern about the amount of data they share with the platform, according to a ProPrivacy.com survey. But despite those concerns, users of the service do it anyway and also remain unaware of just how much data the company collects and how the...

RSAC 2019: An Antidote for Tech Gone Wrong

SAN FRANCISCO – Tech innovation can move faster than its own good might dictate, often leaving the public interest as an afterthought. Take, for example, hot-button topics such as artificial intelligence, network neutrality and social network user privacy – and consider the ensuing debates. The...

China's AI Strategy and its Security Implications

Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications...

Apple Disables Group FaceTime Following Major Privacy Glitch

Apple has made Group FaceTime temporarily unavailable following a major flaw discovered on Monday evening. The bug allows anyone with iOS to FaceTime other iOS users and listen in on their private conversations – without the user on other end rejecting or accepting the call. The bug makes use of ...

Hack Allows Escape of Play-with-Docker Containers

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the...

setup: nologin listed in /etc/shells violates security expectations

Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shel...

Bad to the Bot Bone

By Ian Trump This is the second in a series of blog posts “on all things Bot.” From bad to good and looking towards the future, Bots remain an information security issue which has the potential to impact all commercial and recreational online activity. This series will explore the security and...

Node.js: Pull Request #12949 - Security Implications without CVE assignment

Summary: Pull Request 12949 has security implications but it was not assigned a CVE by the Node team. It is being reported by Qualys as a 6.8 severity issue without a CVE. Description: Here is the commit and pull request - https://github.com/nodejs/node/commit/010f864426...

curl: Invalid URL parsing with '#'

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

Identifying Programmers by their Coding Style

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found...

Black Hat 2018: IoT Security Issues Will Lead to Legal ‘Feeding Frenzy’

LAS VEGAS – The troves of insecure internet of things IoT devices have not yet led to widespread legal implications. But that’s set to change, a well-known attorney warned at Black Hat USA last week. Ijay Palansky, partner at the law firm Armstrong Teasdale, said at the conference last week that...

Playback: A TLS 1.3 Story

Introduction Secure communications are one of the most important topics in information security, and the Transport Layer Security TLS protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking...

Server side request forgery (ssrf)

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

CVE-2016-8624

CVE-2016-8624 affects curl up to version 7.51.0, where the authority component parsing can mis-handle hostnames ending with a '#', potentially causing connections to an unintended host. Connected sources (e.g., Apple security content and cloud-founding advisories) confirm the issue as a URL parsi...

New strain of Mac malware Proton found after two years

Last week, Kaspersky reported on a new variant of the Mac malware Proton, which they have dubbed Calisto, that has been around for at least two years. Calisto is thoroughly dead at this point, but there are still potential security implications involved with these older infections. Proton was fir...

Privacy Questions Raised as Tech Giants Join Forces on Data Portability

A veritable who’s who of tech giants from Google, Facebook, Microsoft and Twitter, went public last week with a partnership on a standards initiative called the Data Transfer Project DTP, built to enable data portability between cloud platforms. But security researchers believe the project’s...

What’s the real value—and danger—of smart assistants?

You've heard them called virtual assistants, digital personal assistants, voice assistants, or smart assistants. Operated by artificial intelligence, technologies such as Siri, Alexa, Google Assistant, and Cortana have become ubiquitous in our culture. But what exactly do they do? And how serious...

Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events

ARCHIVED STORY Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events By John Fokker · July 03, 2018 Every four years, everyone’s head around the globe turns toward the television. The Olympics, the World Cup – world events like these have all eyes viewing friendly competition...