New Security Flaw Found in LTE Standard
Researchers have recently discovered a new security vulnerability affecting all 4G LTE networks. The so-called "aLTEr" attack could allow someone nearby to send your phone's browser to a web site different than the one requested, impersonating your bank's web site, for example. Similarly, it could trick an app into connecting to a different back-end service. aLTEr requires that the attacker use $4,000 equipment and be within about a mile of the victim, among other challenges. Although a successful attack is difficult, it could be used against high-value targets such as politicians, military personnel, journalists, employees of corporate rivals, etc. The flaw is inherent in the LTE standard and unlikely to be fixed. However, because aLTEr relies on DNS spoofing, it can be avoided by only using web sites and services that employ both HTTPS and DNSSEC. Currently, less than 1% of .com web sites employ DNSSEC, although many high-value sites do use it.
Microsoft's 'Send' App is More Messaging than Email
Jul 22, 2015
Microsoft today released a new email application called Send. The idea behind Send, developed by Microsoft Garage, is to let people send quick messages to one another while still harnessing the power of corporate email.
Researchers Say WiFi Vulnerability Impacts Nearly Everything
Oct 16, 2017
Researchers say they've found a serious gap in the WPA2 security protocol that can allow hackers to use k ey r einstallation a tta cks (KRACKs) to compromise most WiFi devices. The researchers say the method allows hackers to read encrypted information transiting via WiFi, including passwords, emails, photos, credit card numbers, and more.
Chrome 68 Will Mark All HTTP Sites As 'Not Secure'
Feb 9, 2018
In the interest of security, Google plans to call out web sites that don't adopt https. Later this year, version 68 of the Chrome web browser will proactively label web sites that don't make use of https encryption.
Stagefright Bug Returns for Sequel Thanks to MP3 Flaw
Oct 2, 2015
Google may have issued several patches to plug the security hole known as Stagefright, but the bug is back thanks to a newly-discovered vulnerability in MP3 and MP4 files. Zimperium Labs, which discovered the first version of Stagefright in April, says phones tricked into running specially crafted audio/video files can be taken over remotely.
Researchers Suggest Phone Makers Mislead Consumers About Security Patches
Apr 12, 2018
Security Research Labs says Android phone makers often miss security patches but still tell owners the phones are up-to-date. Researchers Karsten Nohl and Jakob Lell examined the code of some 1,200 phones from more than a dozen phone makers for every security patch released during 2017.
No messages yet