I read very often about vulnerabilities and companies that got hacked. Many times, the reason for which they got hacked was because some recommendation issued by some smart people (read: security minded people) are ignored. But why are they ignored? I found some articles where several explanations are given for what is called “information avoidance“. […]
The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another 21 critical bugs in Firefox, Chrome, Safari, IE, Adobe Flash, Adobe reader, and last, but definitely not least, the Windows operating system. For those who don’t know the contest, the name “Pwn2Own” is derived from the fact that contestants must “pwn” […]
No, it doesn’t have a name like Heartbleed or POODLE, it was “just” a denial-of-service. “Just” is by no means something to be ignored, but it is less dangerous with the previous vulnerabilities. All users of OpenSSL 1.0.2 should upgrade immediately to version 1.0.2a. In the advisory published on their website the OpenSSL vulnerability is called […]
UPDATE on the FREAK vulnerability in SSL: it affects not only Android and iOS but all Windows versions too. I wrote about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to […]
After Heartbleed, a new security vulnerability in SSL is making headlines and producing again headaches for security experts. As any good and mind blowing (for most people) vulnerability, it has a nice name – FREAK, a CVE number – CVE-2015-0204 and a dedicated website https://freakattack.com/ . FREAK – Factoring RSA Export Keys – affects around […]
My blog post “What is a security expert?” which I published in the (ISC)2 Blog was mentioned in the (ISC)2 EMEA Newsletter: Germany’s Sorin Mustaca, CSSLP takes an analytic look at what it means to be an information security professional, also on the (ISC)² Blog
Because of the huge success of IT Security News website (www.itsecuritynews.info) which aggregates many portals with security news, I decided to replicate the same in German. The list of contributors is not yet as long as the one in English, but it will grow in time. Check the new website: IT Sicherheitsnews auf Deutsch: […]
The idea of offering your product or a version of it for free has been a source of much debate. What is FREE and is FREE really, really, free as in gratis? Idea on writing this article came from reading this article on “Minimum Viable Free Product (MVFP)” by Nathan Taylor. Nathan is talking about “Minimum Viable […]
You must have heard of the brand new version of iOS which was release yesterday: iOS v8. While the media is still considering and reconsidering their recommendations for each device on whether or not you should upgrade, here are my reasons to update my iPad 3rd generation. I don’t have an iPhone anymore, I am an […]
If you visit www.truecrypt.org you see this text below. If you install the software, you see it quite a couple of times. The domain www.truecrypt.org is only redirecting now to www.truecrypt.sourceforge.net. There are many articles written on this topic, especially on “WHY?”. WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues This page exists […]
You must be logged in to post a comment.