January 2018 – Security

Group Instant Messaging: Why blaming developers is not fair but enhancing the protocols would be appropriate

January 17, 2018January 25, 2018 by Paul Rösler

Paul Rösler

After presenting our work at Real World Crypto 2018 [1] and seeing the enormous press coverage, we want to get two things straight: 1. Most described weaknesses are only exploitable by the malicious server or by knowing a large secret number and thereby the protocols are still very secure (what…

Website Glitch Let Me Overstock My Coinbase

January 9, 2018 by BrianKrebs

BrianKrebs

Coinbase just fixed a serious glitch that allowed customers of Overstock.com to buy any Overstock item at a tiny fraction of the listed price. Potentially more punishing, the flaw let anyone paying with bitcoin reap many times the authorized bitcoin refund amount on any canceled Overstock orders. In January 2014, Overstock.com…

Bad docs and blue screens make Microsoft suspend Spectre patch for AMD machines

January 9, 2018 by Peter Bright

Peter Bright

An Athlon 64 purchased in 2007. (credit: Fred) Microsoft has suspended delivering the latest Windows update to certain systems with AMD processors after reports that the update was causing the machines to crash with a blue screen of death when booting. The update contains countermeasures against both the Meltdown and…

An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience

January 8, 2018 by John Graham-Cumming

John Graham-Cumming

Last week the news of two significant computer bugs was announced. They've been dubbed Meltdown and Spectre. These bugs take advantage of very technical systems that modern CPUs have implemented to make computers extremely fast. Even highly technical people can find it difficult to wrap their heads around how these…

An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience

January 8, 2018 by John Graham-Cumming

John Graham-Cumming

How to Use the Cowrie SSH Honeypot to Catch Attackers on Your Network

January 6, 2018 by TAKHION

TAKHION

The internet is constantly under siege by bots searching for vulnerabilities to attack and exploit. While conventional wisdom is to prevent these attacks, there are ways to deliberately lure hackers into a trap in order to spy on them, study their behavior, and capture samples of malware. In this tutorial,…

How Hackers Use Hidden Data on Airline Boarding Passes to Hack Flights

January 5, 2018 by Hoid

Hoid

Millions of travelers pass through airports each day without understanding how powerful and insecure a boarding pass can be. Anyone can scan the boarding pass barcode with a mobile app, allowing access to frequent-flyer accounts and even a passenger's temporary airline account. In this guide, we will explore how hackers…

Scary Chip Flaws Raise Spectre of Meltdown

January 5, 2018 by BrianKrebs

BrianKrebs

Apple, Google, Microsoft and other tech giants have released updates for a pair of serious security flaws present in most modern computers, smartphones, tablets and mobile devices. Here’s a brief rundown on the threat and what you can do to protect your devices. At issue are two different vulnerabilities, dubbed…

How to Use the Chrome Browser Secure Shell App to SSH into Remote Devices

January 5, 2018 by Hoid

Hoid

Many guides on Null Byte require using the Secure Shell (SSH) to connect to a remote server. Unfortunately for beginners, learning to use SSH can become a confusing mix of third-party programs and native OS support. For Chrome OS users, using SSH is even more difficult. We'll fix this by…

Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it

January 5, 2018 by Peter Bright

Peter Bright

Enlarge (credit: Jen) The Meltdown and Spectre flaws—two related vulnerabilities that enable a wide range of information disclosure from every mainstream processor, with particularly severe flaws for Intel and some ARM chips—were originally revealed privately to chip companies, operating system developers, and cloud computing providers. That private disclosure was scheduled…

Exploit Development: How to Read & Write to a Program’s Memory Using a Format String Vulnerability

January 4, 2018 by allegiance

allegiance

Format strings are a handy way for programmers to whip up a string from several variables. They are designed to save the programmer time and allow their code to look much cleaner. Unbeknownst to some programmers, format strings can also be used by an attacker to compromise their entire program.…

How to Enable the New Native SSH Client on Windows 10

January 4, 2018 by Hoid

Hoid

For years, PuTTy has reigned supreme as the way to establish a Secure Shell (SSH) connection. However, those days are numbered with the addition of the OpenSSH server and client in the Windows 10 Fall Creators Update, which brings Windows up to par with macOS and Linux's ability to use…

More details about mitigations for the CPU Speculative Execution issue

January 4, 2018January 4, 2018 by Google Security PR

Google Security PR

Posted by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program ManagerYesterday, Google’s Project Zero team posted detailed technical information on three variants of a new security issue involving speculative execution on many modern CPUs. Today, we’d like to share some more information about our mitigations and performance.In response…

1 2 Next »