Tech-2 Security

On April 12th, 2016, a crucial security bug in Windows and Samba will be disclosed. It has been named Badlock and like Heartbleed it has its own website. Full details of the vulnerability have not been disclosed but the name and logo for once are a good indication of what to expect. Visit the official website for more information. http://badlock.org/

 Re: The FBI and Apple story involving the FBI trying to force Apple to unencrypt an IPhone in their possession. The FBI have now reportedly withdrawn their court battle with Apple after a third party has given the FBI  the ability to access the phone without Apple assistance. Based on this new information, there is likely a lesser known vulnerability in the IOS which is now known to the FBI.  The question is whether Apple know of its existence and will they release a patch. Also what are the implications of this being known to the FBI.  More questions are raised.

The US acknowledged that Iranian hackers were responsible for hacking into a Dam's online control systems in 2013. It is thought that the only reason that the water contained by the Dam wasn't released was because the sluice gate system was manually taken offline for maintenance. 

The DROWN attack (CVE-2016-0800) was m ade public last week. Drown is a Cross-protocol attack on TLS using SSLv2. it allows attackers to break the encryption and access potentially sensitive communications like passwords or credit card details. At the time of writing this, researchers have estimated that around a third of all HTTPS servers are vulnerable to this attack. For an indepth discussion on the DROWN attack please visit the site. https://drownattack.com/

To be honest I havent posted anything for absolutely ages. It was getting difficult to find something newsworthy which wasn't already in thousands of other places already.  So I decided that this blog should contain the following: My views on security issues Highlighting key security issues and news Product reviews A large dose or sarcasm........