1. IT-Security >
  2. Cyber Security Nachrichten


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Nachrichten


Suchen

News RSS Quellen: 82x
News Kategorien unterhalb von Nachrichten: 0x
News RSS Feeds dieser Nachrichten Kategorie: RSS Feed IT Security Nachrichten
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 20 von 4.419 Seiten (Bei Beitrag 665 - 700)
154.641x Beiträge in dieser Kategorie

Auf Seite 19 zurück | Nächste 21 Seite | Letzte Seite

[ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [20] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ]

US Set To Give Huawei Another 90 Days To Buy From American Suppliers

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: yro.slashdot.org Direktlink direkt öffnen

An anonymous reader quotes a report from Reuters: The U.S. Commerce Department is expected to extend a reprieve given to Huawei Technologies that permits the Chinese firm to buy supplies from U.S. companies so that it can service existing customers, two sources familiar with the situation said. The "temporary general license" will be extended for Huawei for 90 days, the sources said. Commerce initially allowed Huawei to purchase some American-made goods in May shortly after blacklisting the company in a move aimed at minimizing disruption for its customers, many of which operate networks in rural America. An extension will renew an agreement set to lapse on August 19, continuing the Chinese company's ability to maintain existing telecommunications networks and provide software updates to Huawei handsets. The situation surrounding the license, which has become a key bargaining chip for the United States in its trade negotiations with China, remains fluid and the decision to continue the Huawei reprieve could change ahead of the Monday deadline, the sources said.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Fury Unleashed Review (PC)

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: softpedia.com Direktlink direkt öffnen

A surprise for the action platformer market, Fury Unleashed takes the community by storm with the fast-paced combat and the unique story telling mode. Fast-paced adrenaline-filled thrill rides are hard to come by these days, especially in the gaming industry. This is mostly because everyone pretty much tried their luck at anything possible just to see if it will stick, and while some games did indeed garner critical acclaim, some have been cast into the shadow of oblivion, never to be mentioned ever again. Fury Unleashed is a game that does indeed live up to its name. While not and extraordinarily complex game, the level and enemy design does make it a challenge for anyone.  The lore You’re the hero of a comic book, and because of that, your story unfolds over several different arcs. These overarching stories don’t necessarily have anything to do with one another, as you will see for yourself. As I was currently testing out the game, only 3 comic ...
News Bewertung

Weiterlesen Weiterlesen

New Phishing Campaign Exploits Google Drive to Evade Email Gateways

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: latesthackingnews.com Direktlink direkt öffnen

It seems the criminal hackers have a never-ending list of ways to evade security protocols and continue phishing users. Once

New Phishing Campaign Exploits Google Drive to Evade Email Gateways on Latest Hacking News.


News Bewertung

Weiterlesen Weiterlesen

I realized I don't know how to write secure code. Is writing secure code "easy" given background knowledge?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Hi all, I'm a cybersecurity researcher who is Kind Of Good At Programming, but I realize I know nothing about writing secure code.

I have an idea of what it would look like (e.g. pbkdf2(security_library.secure_input()) == user.pass_hash) and I can google for a lot of things. I have a lot of common sense (don't trust inputs, don't roll your own crypto, use well-established security libraries, be minimal to avoid unnecessary privileges or attack surface, hash-salt-pepper passwords, use tls if networking, etc.) and basic enough Google Fu.

To those who write secure code, is this enough? If I'm developing independently, should I be seeking/paying for code reviews? Or is there an even deeper knowledge required?

submitted by /u/gnulynnux
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

Recap of Recent Articles on Just Security (August 5-16)

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: justsecurity.org Direktlink direkt öffnen

Impeachment and Post-Presidential Indictment

International Humanitarian Law: Use of Force, Proportionality, and Civilian Casualties

  • Ambassador Robert Ford and Carolyn O’Connor, U.S.

  continue » “Recap of Recent Articles on Just Security (August 5-16)”

The post Recap of Recent Articles on Just Security (August 5-16) appeared first on Just Security.


News Bewertung

Weiterlesen Weiterlesen

Microsoft reicht Fehlerbehebung für Windows 10 Version 1709 nach

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Microsoft, Windows 10, Fall Creators Update, Windows 10 Fall Creators Update, Windows 10 Redstone 3 Microsoft hat nach dem Patch-Dienstag in dieser Woche für das Windows 10 Fall Creators Update noch eine zweite Aktualisierung nachgereicht. Das Update wird allen Nutzern empfohlen, es behebt ein Problem mit Medien-Dateien, ist aber nicht sicherheitsrelevant. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Microsoft Confirms Update Warning For Windows 10, Windows 8.1 And Windows 7 Users

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Microsoft Confirms Update Warning For Windows 10, Windows 8.1 And Windows 7 Users submitted by /u/Jedistro
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

Be emobil: Berliner Ladesäulen auf Verbrauchsabrechnung umgestellt

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: golem.de Direktlink direkt öffnen

Der Ladenetzbetreiber Allego hat die Abrechnung der öffentlichen Ladestationen in Berlin umgestellt. Statt eines Pauschalpreises für den Ladevorgang zahlen Elektroautomobilisten in Zukunft nach geladener Strommenge. (Elektroauto, RFID)
News Bewertung

Weiterlesen Weiterlesen

How Would You Spend $10K Yearly On Cyber Security?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Done! Over 150 security experts on linkedIn replied to my question "You’re a small business owner (Think Restaurant). You have $10K to spend yearly on cyber security. How would you spend it?” This document is a summary of their recommendations. If you are a security service provider and want to share with your customers, send me a message. This was a great discussion, I enjoyed the collaboration and the opportunity to learn. This is the link to the original post. https://lnkd.in/daNiCQn I also received contact details from many security providers, who can offer these services under $10K (about 10-50 employees). I will be adding them soon, to make it easy for small businesses owners to find a security provider. Send me a message to be add to this list.

submitted by /u/gabyf2000
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

YouTube To Allow Everyone To Watch YouTube Originals For Free

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: news.slashdot.org Direktlink direkt öffnen

Last November, YouTube announced that it would be removing the paywall for its original programming starting in 2019. Now, we have more details on exactly how and when this will work. Android Central reports: Per a statement sent out by the YouTube team: "New YouTube Originals series, movies, and live events released after September 24, 2019 will be made available to non-members to watch for free, with ads. For series, members will get immediate access to every episode of a new season, while non-members will have to wait for each new episode to be released." It appears that YouTube Originals content released prior to that September 24 date will remain exclusive to Premium subscribers, but going forward, it'll be fair game for everyone. While that does slightly water-down the perks of being a YouTube Premium subscriber, it's also noted that paying customers will gain access to additional footage that won't be available for free users: "In most cases, where available, Director's cuts and bonus footage for YouTube Originals movies and live events will be exclusive to members like you, as well."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Remote code execution 0day for webmin

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

submitted by /u/FiroSolutions
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

Windows 10 20H1: Build 18963 bringt einige Verbesserungen mit sich

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Windows Insider, Windows 10 Wallpaper, Windows Insider Wallpaper Microsoft hat gestern eine weitere Preview-Version zu dem für Frühjahr 2020 erwarteten Windows 10 20H1-Update veröffentlicht. Neben einigen Neuerungen im Task Manager sowie den Systemeinstellungen sorgt Build 18963 dafür, dass der Editor leichter Aktualisierungen erhalten kann. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Polizei kontrolliert Autofahrer mit acht Handys zum Pokemon Go spielen

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Nintendo, Pokemon, Pokemon Go, Niantic Labs Nach dem älteren Herren in Südkorea, der gern mit mehr als einem Dutzend Smartphones an seinem Fahrrad-Lenker auf Pokémon-Jagd geht, gibt es jetzt einen Bericht über einen ähnlich ambitionierten Spieler in den USA. Allerdings ist dieser Fan mit dem Auto unterwegs. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

"KNOB": Forscher entdecken kritische Bluetooth-Sicherheitslücke

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

The Bluetooth Sig spricht trotzdem von einer "ernsthaften Bedrohung für die Sicherheit und Privatsphäre aller Bluetooth-Nutzer". Die Entdeckung hat ...
News Bewertung

Weiterlesen Weiterlesen

Preisgabe von Informationen in openssl (CentOS)

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

A New Species of Leech Is Discovered Near Washington, D.C.

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: science.slashdot.org Direktlink direkt öffnen

schwit1 shares a report from Smithsonian: In the summer of 2015, when Smithsonian research zoologist Anna Phillips and other scientists were standing in slow-moving swamp water, letting leeches latch onto their bare legs or gathering them up in nets from muddy pond bottoms, they didn't realize that some of the bloodsuckers they'd collected belonged to an entirely new species. But in a just-published paper in the Journal of Parasitology, Phillips and her colleagues from the Universidad Nacional Autonoma de Mexico and the Royal Ontario Museum report that a previously unknown leech species, Macrobdella mimicus, is the first to be discovered on the continent in more than 40 years. Parasitologists typically rely on the arrangement of pores on the bottom of leeches' bodies to help distinguish species. With a close inspection, the researchers noticed a subtle difference in the spacing of the leeches' accessory pores. (While leeches are hermaphrodites, they mate with other leeches, and accessory pores secrete mucus that allows the mating leeches to stick together.) M. decora had four accessory pores grouped in two rows of two, just like the outlier group, but the new species had a set of pores located several millimeters farther back on their body. The similar pore pattern, however, led Phillips and the other scientists to name the new species Macrobdella mimicus, after the Greek word for "imitator" or "actor." The new species is olive-green with orange spots, about as long as a cigarette and as wide as two. It has three jaws, each containing 56 to 59 teeth (fewer than M. decora), which it can use to bite and siphon blood from humans. Leeches like this species can suck two to five times their body weight in blood thanks to expandable pockets in their intestines, explains Phillips.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Online-Banking und PSD2: Neue Regeln ab September

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: heise.de Direktlink direkt öffnen

Mit der Zweiten Europäischen Zahlungsdiensterichtlinie (PSD2) verändert sich das elektronische Banking. Betroffen sind vor allem TAN-Verfahren und das Login.
News Bewertung

Weiterlesen Weiterlesen

Sonos Move: Bluetooth-fähiger Wireless-Speaker ist flexibel nutzbar

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Lautsprecher, Bluetooth, Sonos, Sonos Move, Wireless Speaker Der Audiospezialist Sonos wird in Kürze mit dem Sonos Move seinen ersten Netzwerk-Lautsprecher mit integrierter Bluetooth-Unterstützung vorstellen. Wir haben jetzt erste offizielle Marketing-Bilder des Geräts aufgetrieben, die bereits vorab zeigen, dass der Sonos Move Speaker flexibel platziert und wohl vor allem für den Einsatz im Haushalt gedacht ist. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Google wants to reduce lifespan for HTTPS certificates to one year

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: zdnet.com Direktlink direkt öffnen

A Google proposal would cut lifespan of SSL certificates from 825 days to 397 days.
News Bewertung

Weiterlesen Weiterlesen

Understanding What Is Malware Analysis

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: hackercombat.com Direktlink direkt öffnen

What is malware analysis? This is the process involved in studying and learning how a particular malware works and what it can do. Their code can differ radically from one...

The post Understanding What Is Malware Analysis appeared first on .


News Bewertung

Weiterlesen Weiterlesen

Blackkhat \ Defcon conference attendees possibly exposed to IRL virus

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Blackkhat \ Defcon conference attendees possibly exposed to IRL virus submitted by /u/Temptunes48
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

Das Gesundheitswesen im Fadenkreuz von Cyberkriminellen

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: it-daily.net Direktlink direkt öffnen

Nach dem Global Application and Network Security Report 2018-2019 von Radware war das Gesundheitswesen nach der Öffentlichen Hand 2018 die am zweithäufigsten von Cyberattacken betroffene Branche.


News Bewertung

Weiterlesen Weiterlesen

Researchers Build a Heat Shield Just 10 Atoms Thick To Protect Electronic Devices

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: science.slashdot.org Direktlink direkt öffnen

An anonymous reader quotes a report from Phys.Org: Excess heat given off by smartphones, laptops and other electronic devices can be annoying, but beyond that it contributes to malfunctions and, in extreme cases, can even cause lithium batteries to explode. To guard against such ills, engineers often insert glass, plastic or even layers of air as insulation to prevent heat-generating components like microprocessors from causing damage or discomforting users. Now, Stanford researchers have shown that a few layers of atomically thin materials, stacked like sheets of paper atop hot spots, can provide the same insulation as a sheet of glass 100 times thicker. In the near term, thinner heat shields will enable engineers to make electronic devices even more compact than those we have today, said Eric Pop, professor of electrical engineering and senior author of a paper published Aug. 16 in Science Advances. "To make nanoscale heat shields practical, the researchers will have to find some mass production technique to spray or otherwise deposit atom-thin layers of materials onto electronic components during manufacturing," adds Phys.Org. "But behind the immediate goal of developing thinner insulators looms a larger ambition: Scientists hope to one day control the vibrational energy inside materials the way they now control electricity and light. As they come to understand the heat in solid objects as a form of sound, a new field of phononics is emerging, a name taken from the Greek root word behind telephone, phonograph and phonetics."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

4 Grundlagentipps für erfolgreiches Cloud-Management

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: it-daily.net Direktlink direkt öffnen

IT-Verantwortliche müssen sich heutzutage mit den verschiedensten Herausforderungen auseinandersetzen, die eine Migration in die Cloud mit sich bringen. Obwohl sich die Cloud-Nutzung in den letzten Jahren stark verbreitet hat, haben einige Unternehmen trotzdem das Gefühl, noch nicht das volle Potenzial der Cloud ausgeschöpft zu haben.


News Bewertung

Weiterlesen Weiterlesen

Huawei Is Working On Its Own Version of Google Maps

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: tech.slashdot.org Direktlink direkt öffnen

According to the state-owned China Daily, Huawei is working on a Google Maps alternative with Yandex and Booking.com. The service is expected to be unveiled in October. CNET reports: It's apparently designed to use a tool for software developers to create apps based around its mapping capabilities, rather than for consumer use. It'll connect to local mapping services, cover 150 countries and regions, and be available in 40 languages, the report said. Huawei didn't immediately respond to a request for comment, but the company's ability to access Google's services has been threatened since President Trump blacklisted it in May. That came as a result of U.S. lawmakers' concerns about Huawei's tight relationship with the Chinese government and fears that its equipment could be used for spying. Trump has since said the ban will be eased.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Bitdefender Finds New Attack Mechanism That Lets Cybercriminals Steal Private Data from Machines Using Intel Processors

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Bitdefender Finds New Attack Mechanism That Lets Cybercriminals Steal Private Data from Machines Using Intel Processors submitted by /u/je-vv
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

Hacktronian – An all in one hacking tool for Linux and Android

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: latesthackingnews.com Direktlink direkt öffnen

  Hacktronian is an open-source penetration testing framework designed for social engineering and multiple server side attacks, it has a

Hacktronian – An all in one hacking tool for Linux and Android on Latest Hacking News.


News Bewertung

Weiterlesen Weiterlesen

Runkeeper Will Stop Supporting Wear OS 'in a Few Weeks'

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: tech.slashdot.org Direktlink direkt öffnen

Runkeeper this week announced that it will discontinue its Wear OS app in the next few weeks. From a report: The update was emailed to users this week, where the company told users that it decided to end support because "the integration didn't work well / work consistently for most users." In a response to users, Runkeeper elaborated that only a small percentage of Runkeeper users were actually using the Wear OS app. "It was a very buggy experience and difficult for us to maintain and fix," a representative said in an email. "Because we're a small team with limited resources, and having done our research, we ultimately concluded that trying to maintain a partnership that wasn't working well would not be good practice for us."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Anime Studio, Khara, Is Planning To Use Open-Source Blender Software

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: entertainment.slashdot.org Direktlink direkt öffnen

The Japanese anime studio, Khara, is moving to Blender, the the open-source 3D creation software. "It'll begin partially using the software for its current development 'EVANGELION:3.0+1.0' but will make the full switch once that project is finished," reports Neowin. "The current project is expected to end in June next year, so after that point, its employees will start using Blender for the majority of their work." From the report: At the moment, Khara uses 3ds Max from Autodesk on a subscription basis; however, the company found that it had to reach out to small and medium-sized businesses for its projects. Due to the limitations of those companies, it's harder for them to afford 3ds Max. By switching to Blender, Khara says it can work better with external firms. While Blender will be used for the bulk of the work, Khara does have a backup plan if there's anything Blender struggles with; Hiroyasu Kobayashi, General Manager of Digital Dpt. and Director of Board of Khara, said: "There are currently some areas where Blender cannot take care of our needs, but we can solve it with the combination with Unity. Unity is usually enough to cover 3ds Max and Maya as well. Unity can be a bridge among environments."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

What free secure file erasure software can be used without installation?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

What downloadable alternatives to Eraser

  1. are wholly free

  2. can be operated (without losing any functions) without installation like TeamViewer?

I know not to access private files or websites on hotel public computers that are dangerous, but they don't allow installations. I still want to securely delete files even if they're not private.

submitted by /u/xanth0s
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

Nvidia CEO Says Google Is the Company's Only Customer Building Its Own Silicon At Scale

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: hardware.slashdot.org Direktlink direkt öffnen

An anonymous reader quotes a report from CNBC: Nvidia's CEO, Jensen Huang, has reason to be concerned about other chipmakers, like AMD. But he's not worried about Nvidia's own big customers turning into competitors. Amazon, Facebook, Google and Tesla are among the companies that buy Nvidia's graphics cards and have kicked off chip-development projects. "There's really one I know of that have silicon that's really in production," Huang told CNBC in an interview on Thursday. That company would be Google, he said. "But our conversation with large customers is intensifying," Huang said. "We're talking to more large customers." Google first announced its entrance into the data center AI chip-making world in 2016. As it came up with new versions, the web company pointed to performance advantages over graphics cards that were available at the time. Google hasn't started selling data center chips for training AI models to other companies, though. (Google has started offering various products that use its Edge tensor processing unit chips, but those chips aren't as powerful as the TPU chips for training AI models in Google's cloud.)

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Bluetana app detects gas pumps card skimmers in 3 seconds

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: hackread.com Direktlink direkt öffnen

By Waqas

Bluetana takes 3 seconds to detect illegal card skimmers, unlike law enforcement agencies who can take up to 30 minutes for inspection.

This is a post from HackRead.com Read the original post: Bluetana app detects gas pumps card skimmers in 3 seconds


News Bewertung

Weiterlesen Weiterlesen

McAfee Firewall Issues!

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Right now, I have a subscription to McAfee Antivirus. The problem is, it doesn’t let me use Windows Firewall because I have McAfee Firewall, which comes with the kit, installed. This means I’m either forced to use McAfee or nothing at all.

I read that without a firewall, I’m in danger of lots of bad things happening such as intruders recording my keystrokes via unprotected ports to get my passwords. On top of that, without it, it constantly gives me notifications to turn it on that I can’t get rid of.

So I tried using McAfee but it keeps blocking every program, even legit ones. I have so many legit programs it’s blocking that it’d take forever to greenlist each one, then on top of that there’s so much to do besides that to get each one properly greenlisted. It’s just a pain!

All I want is a quiet firewall that’ll only go after the bad stuff! I need some help! Thanks :)

submitted by /u/rpawesome
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

Huge Survey of Firmware Finds No Security Gains In 15 Years

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: yro.slashdot.org Direktlink direkt öffnen

A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors. The Security Ledger reports: "Nobody is trying," said Sarah Zatko, the Chief Scientist at the Cyber Independent Testing Lab (CITL), a non-profit organization that conducts independent tests of software security. "We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products," she said. The CITL study surveyed firmware from 18 vendors including ASUS, D-link, Linksys, NETGEAR, Ubiquiti and others. In all, more than 6,000 firmware versions were analyzed, totaling close to 3 million binaries created from 2003 to 2018. It is the first longitudinal study of IoT software safety, according to Zatko. CITL researchers studied publicly available firmware images and evaluated them for the presence of standard security features such as the use of non-executable stacks, Address Space Layout Randomization (ASLR) and stack guards, which prevent buffer overflow attacks. The results were not encouraging. Time and again, firmware from commonly used manufacturers failed to implement basic security features even when researchers studied the most recent versions of the firmware. For example: firmware for the ASUS RT-AC55U wifi router did not employ ASLR or stack guards to protect against buffer overflow attacks. Nor did it employ a non-executable stack to protect against "stack smashing," another variety of overflow attack. CITL found the same was true of firmware for Ubiquiti's UAP AC PRO wireless access points, as well as DLink's DWL-6600 access point. Router firmware by vendors like Linksys and NETGEAR performed only slightly better on CITL's assessment. CITL researchers also "found no clear progress in any protection category over time," reports The Security Ledger. "Researchers documented 299 positive changes in firmware security scores over the 15 years covered by the study... but 370 negative changes over the same period. Looking across its entire data set, in fact, firmware security actually appeared to get worse over time, not better." On the bright side, the survey found that almost all recent router firmware by Linksys and NETGEAR boasted non-executable stacks. "However, those same firmware binaries did not employ other common security features like ASLR or stack guards, or did so only rarely," says the report.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

The Week in Ransomware - August 16th 2019 - Fairly Slow

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: bleepingcomputer.com Direktlink direkt öffnen

Been a pretty slow week with mostly new variants of existing ransomware being released. The most interesting story was researchers at Check Point being able to install ransomware on a Canon DSLR camera. [...]
News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 20 von 4.419 Seiten (Bei Beitrag 665 - 700)
154.641x Beiträge in dieser Kategorie

Auf Seite 19 zurück | Nächste 21 Seite | Letzte Seite

[ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [20] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ]