Tagged: security

android logo

Android P security and privacy changes

Google is slowly pulling back the curtains on its next-gen Android P release. Yesterday, we got our first glimpse at a work-in-progress, developer-focused preview of the software — and today, we’re getting a closer look at what exactly is new when it comes to Android P and the ever-evolving subject of Android security. Here’s the inside scoop on what you can expect: More controlled...

linux logo

Linux USB driver security issue

USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users’ computers. The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem. “All of them can...

facebook logo

Facebook revenge porn protection asks users for nude photos

Facebook is reportedly testing out a pilot program to counter revenge porn that involves users sending the company nude photos of themselves that may be in others’ possession. The program, which is currently only being deployed in Australia, creates a digital thumbprint of the images, known as “hashing,” that users don’t want spread without their consent on Facebook. Once a photo is “hashed,” Facebook acts to...

firefox logo

Firefox 58 warns if websites use canvas image data

Mozilla plans to display permission prompts if websites or services attempt to use HTML5 Canvas Image Data in the Firefox web browser. Canvas fingerprinting is a byproduct of the HTML5 Canvas technology that all browser makers added to their browsers. As is the case with many technologies, it can be used for good or bad, and in the case of canvas fingerprinting it is...

https logo

Proposed Security.txt will work like Robots.txt

Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site’s security policies. The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers....

cloudflare

Cloudflare memory leak caused by parser bug

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information...

securing password

xHamster passwords appear online

Members of the porn site xHamster should be changing their passwords today after a set of nearly 380,000 usernames, emails and poorly hashed passwords appeared online. The subscription-only breach notification site LeakBase has published the set of login credentials, which Motherboard reports were being traded online. It’s not clear exactly where the database originated, but it contains information for only a small subset of...

google logo

Google Pixel hacked in under 60 seconds

The Google Pixel fell to a team of Chinese hackers alongside Apple Safari and Adobe Flash at the PwnFest hacking competition in Seoul on Friday. Mountain View’s latest offering was smashed by white-hat friendlies from Qihoo 360, who used an undisclosed vulnerability to gain remote code execution for $120,000 cash prize. The exploit launched the Google Play store before opening Chrome and displaying a...

microsoft logo

Russian hackers exploit patched, update your Windows

Microsoft released 14 new security bulletins on Tuesday, in which, it addressed many security issues including a vulnerability actively exploited by a Russia-linked group and several other bugs for which exploits are publicly available. One of the security updates is MS16-135, a bulletin rated Important on severity level. MS16-135 resolves two information disclosure and three privilege elevation vulnerabilities, including a Windows kernel bug exploited...

microsoft logo

Microsoft patches Google outed Windows security hole

As promised, Microsoft has issued a fix for the Windows security flaw that Google disclosed before a patch was ready. The update tackles vulnerabilities in numerous versions of Windows (from Vista through Windows 10) that would let an attacker get control of your system through a malicious app. You’re already safe if you use Windows 10 Anniversary Update and an up-to-date browser, we’d add...