Home Tags Insecure

Tag: insecure

Insecure Android smartphone leads to court case for electronics retailer

Smartphone buyers should be better informed about security flaws in the devices they are sold, according to one consumer watchdog.

German e-gov protocol carries ancient vulns

Dies ist eine chaos Germany's e-government system is open to padding oracle attacks and other vulnerabilities because of an insecure communications protocol.…

US is Number One! In sales register hacking attacks, at least

Fraudsters love America's easy-to-hack card slurpers Hacking attacks against sales terminals have risen by nearly a third last year, and the US is still leading the way in being insecure.…

Businesses Spend 1,156 Hours Per Week on Endpoint Security

Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.

Task force tells Congress health IT security is in critical condition

Report warns lack of security talent, glut of legacy hardware pose imminent threat.

Insecure Backend Databases Blamed for Leaking 43TB of App Data

More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.

Internet of snitches: anyone who can sniff ‘Thing’ traffic knows what...

'Smart' home IoT devices reveal dumb amounts of what they're up to every time they go online Princeton boffins reckon the Internet of woefully insecure things yields sensitive information about connected homes with nothing more than a bit of network traffic analysis.…

VMware Patches Multiple Security Issues in Workstation

VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability.

Windows 10 tip: Stop using the horribly insecure SMBv1 protocol

For years, Microsoft has been recommending that you disable the vulnerable SMBv1 protocol. Recent ransomware outbreaks underscore the need to take this important step. Here's how.

Microsoft finally bans SHA-1 certificates in Internet Explorer, Edge

The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure.

The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005.

The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made -- for example, for outdated payment terminals.To read this article in full or to leave a comment, please click here

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed An Android anti-malware application from Panda Mobile Security has been updated after researchers discovered that an insecure update mechanism left users vulnerable to man-in-the-middle attacks.…

Intercede announces Secure Login for WordPress

RapID Secure Login enables WordPress users to easily access their accounts without insecure and cumbersome passwords Lutterworth, England/Reston, VA, 8th May 2017 – Today, digital identity and credentials expert, Intercede announced the launch of RapID Secure Login (RapID-SL), a Plugin for WordPress that enables administrators and subscribers to log into websites and blogs with fingerprints instead of usernames and passwords.

By eliminating the use of insecure passwords, users are provided with superior usability and more... Source: RealWire