Chinese ARM Processors Have A Backdoor

Allwinner-chipFile this under Not Surprised.

One of the problems with sending all our technology manufacturing jobs to foreign countries in order to produce less expensive goods is that some of these countries are not necessarily our best buddies.  With some of them we might have what you would call “trust issues.”

Recently The Hacker News released an article about how a Chinese manufacturer of ARM processors (Allwinner sun8i for A83T, H3, or H3 ...

Continue Reading →
0

Insecure Windows XP Still Third Most Popular OS

Windows-XPWindows XP was released on August 24, 2001.  It was officially retired by Microsoft two years ago on April 8, 2014.  This makes WinXP almost 15 years old, which in operating system years is about 500 years old.  Sophos reported:

“Windows XP was still running on 10.9% of all desktops as of March 2016, according to stats compiled by Net Applications.

To put that in perspective, according ...

Continue Reading →
0

The Aftermath of Apple vs. The FBI

applelogoAs we all know, Apple refused to assist the FBI in cracking the iPhone 5c of the San Bernardino “terrorist” killers. The FBI took Apple to court.  Then the FBI dropped the case after successfully hacking the phone.  Then they successfully hacked another phone in a different case in New York.  Information appeared linking Israeli mobile security firm Cellebrite to the successful breach of ...

Continue Reading →
0

Millions of Insecure Devices Share The Same Keys

keySo how would it be if you found out that the key to your house also worked at your neighbor’s house.  What if it turned out the builder in your subdivision used the exact same lock on every house they built, and your key could get you into every house in your neighborhood?

This is essentially the situation that security researchers at SEC Consult discovered with a host of Internet connected ...

Continue Reading →
0

No Fooling – How to Secure WordPress

WordPresslogoI know it’s April Fool’s Day, but this is a straight up serious post.  If you own, operate, host, support, or develop WordPress sites, this article is for you.

We have written a few articles covering the subject of WordPress security.  I recently received an email from John Stevens over at HostingFacts.com, inviting me to review their excellent tutorial, 28 Ways ...

Continue Reading →
0

Perils on the Edge Revisited – More Bad Router News

router diagramWe recently reviewed the bad state of affairs in the world of edge devices, routers, cable and DSL modems, and wireless access points.  I just read an article on CSO the talked about the dangers that exist with the routers that router traffic and basically run the Internet.  The problem is that these routers are running a Linux kernel in their core that is ...

Continue Reading →
0

Watch Out For HawkEye

hawkeyeWe haven’t seen macro viruses for a while, but they are back. HawkEye a new variant of the resurgent use of unpatched vulnerabilities in Microsoft Word and other office documents.   Using macros, written in Visual Basic, attackers are using Word document attachments to run code on victim computers.

Last week we wrote about the Locky ransomware exploit that encrypts your data ...

Continue Reading →
0

Why The Government Can’t Be Trusted with Back Doors

backdoorHow would you feel if, in order to gain access to a known terrorist’s house, the government passed a law that required every lock manufacturer to create a master key that would unlock every locked door anywhere?  What if the police promised that they would only use the key on the one house?  What if they promised to keep the key safe and secure so it could never get into the hands ...

Continue Reading →
0

Perils From The Edge – Insecure Routers

juniper-networksAt the end of December last year Juniper Networks discovered that some malicious actors had added code to the firmware and software that run their routers, creating a back door that would allow attackers to access the router remotely, assume administrator privileges, and view and decrypt VPN traffic running through the routers.  As the story unfolded, it turns out that Juniper was using a random number generator from NIST, and that the Continue Reading →

0
Page 2 of 3 123