Tagged: security

firefox logo

Mozilla matches donations made to Tor project

Firefox parent Mozilla is returning to back the Tor Project, its long-time ally, after it committed to matching all donations made to fund Tor, the open source initiative to improve online privacy which has just started its annual end of year funding drive. Tor announced Mozilla’s support today, extending the pair’s partnership which last year helped Tor raise over $400,000 from a similar campaign last...

apple logo

Apple blocks GrayKey on iOS 12

Earlier this year, Apple updated iOS to block passcode cracking tools like GrayKey (used by police and government law enforcement officers). But the original iOS 11.4.1 patch wasn’t perfect, with researchers still finding ways around it. That seems to have changed with the release of iOS 12 last month, which a recent Forbes report notes appears to have completely blocked the GrayKey tool, preventing...

yahoo logo

Yahoo has to pay 50 million in damages

Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history. The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries...

firefox logo

Project Fusion aims to bring Super Private mode to Firefox

The Tor Project announced that it’s working with Mozilla to integrate Tor into Firefox. Eventually, this should completely eliminate the need for the Tor Browser, as most of its features would be merged into Firefox’s new “super-private mode.” Tor Browser Development Largely Redundant The Tor Browser is based on the Extended Support Release (ESR) version of Firefox, because it’s a more stable development cycle...

android logo

Android P security and privacy changes

Google is slowly pulling back the curtains on its next-gen Android P release. Yesterday, we got our first glimpse at a work-in-progress, developer-focused preview of the software — and today, we’re getting a closer look at what exactly is new when it comes to Android P and the ever-evolving subject of Android security. Here’s the inside scoop on what you can expect: More controlled...

linux logo

Linux USB driver security issue

USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users’ computers. The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem. “All of them can...

facebook logo

Facebook revenge porn protection asks users for nude photos

Facebook is reportedly testing out a pilot program to counter revenge porn that involves users sending the company nude photos of themselves that may be in others’ possession. The program, which is currently only being deployed in Australia, creates a digital thumbprint of the images, known as “hashing,” that users don’t want spread without their consent on Facebook. Once a photo is “hashed,” Facebook acts to...

firefox logo

Firefox 58 warns if websites use canvas image data

Mozilla plans to display permission prompts if websites or services attempt to use HTML5 Canvas Image Data in the Firefox web browser. Canvas fingerprinting is a byproduct of the HTML5 Canvas technology that all browser makers added to their browsers. As is the case with many technologies, it can be used for good or bad, and in the case of canvas fingerprinting it is...

https logo

Proposed Security.txt will work like Robots.txt

Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site’s security policies. The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers....

cloudflare

Cloudflare memory leak caused by parser bug

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information...