Saturday, November 17, 2018

Spectre, Meltdown researchers unveil 7 more speculative execution attacks

Enlarge (credit: Aurich Lawson / Getty Images) Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed, with the names Meltdown and Spectre. Since then,...

Windows 10 October 2018 Update is back, this time without deleting your data

Enlarge / This message, shown during Windows upgrades, is going to be salt in the wound. Just over a month since its initial release, Microsoft is making the Windows 10 October 2018 Update widely available today. The...

Another Windows 0-day flaw has been published on Twitter

https://t.co/1Of8EsOW8z Here's a low quality bug that is a pain to exploit.. still unpatched. I'm done with all this anyway. Probably going to get into problems because of being broke now.. but whatever. — SandboxEscaper (@SandboxEscaper) October 23, 2018 SandboxEscaper, a...

Election security in the age of bots, operatives, and digital attacks

Video by Chris Schodt, production by Justin Wolfson (video link) In our latest episode of Ars Technica Live, we talk about election security. My guest was Alex Stamos, a researcher at Stanford who just happened to be the CSO...

Meet Helm, the startup taking on Gmail with a server that runs in your home

Enlarge (credit: Helm) There’s no doubt that Gmail has changed the way we consume email. It’s free, it gives most of us all the storage we’ll ever need, and it does a better job than most in weeding...

Browser vendors unite to end support for 20-year-old TLS 1.0

Enlarge (credit: Indigo girl / Flickr) Apple, Google, Microsoft, and Mozilla have announced a unified plan to deprecate the use of TLS 1.0 and 1.1 early in 2020. TLS (Transport Layer Security) is used to secure connections on the...

Already facing an uphill misinformation fight, Facebook loses to scammers, too

Enlarge / A partial screenshot of one of the scam profiles pushing an adult dating scam on Facebook. Responding to critics in the US Congress and elsewhere who say Facebook isn’t doing enough to stop the flow...

Apple to Congress: Chinese spy-chip story is “simply wrong”

Enlarge / Apple CEO Tim Cook. (credit: Drew Angerer/Getty Images) Apple isn't relenting in its attacks on last week's Bloomberg story claiming that tiny Chinese chips had compromised the security of Apple and Amazon data centers. In a...

Bloomberg: Super Micro motherboards used by Apple, Amazon contained Chinese spy chips

(credit: Wikipedia) Tiny Chinese spy chips were embedded onto Super Micro motherboards that were then sold to companies in the US, including Amazon and Apple, reports Bloomberg. The report has attracted strenuous denials from Amazon, Apple, and Super Micro. Bloomberg...

Google taking new steps to prevent malicious Chrome extensions

Google has announced plans to further restrict Chrome extensions in a bid to crack down on the number of malicious extensions found in the Chrome Web Store. We've seen a spate of malicious extensions this year; the extensions do things...

Google backtracks—a bit—on controversial Chrome sign-in feature

Enlarge (credit: Google Chrome) Google will partially revert a controversial change made in Chrome 69 that unified signing in to Google's online properties and Chrome itself and which further preserved Google's cookies even when users chose to clear...

Microsoft offers completely passwordless authentication for online apps

Applications using Azure Active Directory (AD) to authenticate—a category that includes Office 365, among other things—will soon be able to stop using passwords entirely. Azure AD accounts can already use the Microsoft Authenticator app for two factor authentication, combining a...

New modification of the old cold boot attack leaves most systems vulnerable

Enlarge (credit: rabiem22 / Flickr) Cold boot attacks, used to extract sensitive data such as encryption keys and passwords from system memory, have been given new blood by researchers from F-Secure. First documented in 2008, cold boot attacks...

To prevent hacking, Georgia must end all-electronic voting, activists say

Enlarge / A stack of voter access cards sit on a table at a polling location during the Georgia primary runoff elections in Atlanta, Georgia, on Tuesday, July 24, 2018. (credit: Elijah Nouvelage/Bloomberg via Getty Images) ...

Windows 10 support extended again: September releases now get 30 months

Enlarge / Licensing is not really the easiest topic to illustrate. (credit: Peter Bright) In its continued efforts to encourage corporate customers to make the switch to Windows 10, Microsoft is shaking up its support and lifecycle plans...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.