Analysis Cryptography researchers have discovered flaws in the key generation that underpins the security of important cryptography protocols, including SSL. Two teams of researchers working on the problem have identified the same weak key-generation problems. However, the two teams differ in their assessment of how widespread the problem is – and crucially which systems are [...]

Do viruses, DDoS attacks, or buffer overflows tickle your fancy? If so, you might consider becoming a legal hacker, aka an ethical hacker, “white hat” hacker, or penetration tester. Businesses and government-related organizations that are serious about their network security hire ethical hackers and penetration testers to help probe and improve their networks, applications, and [...]

Google released a new version of its Chrome browser on Wednesday in order to update the bundled Flash Player plug-in and address serious security vulnerabilities. Google Chrome 17.0.963.56 fixes 12 security flaws, seven of which are considered high severity, four of medium severity and one of low severity. Security researcher JA1/4ri Aedla received a special [...]

Remember the infamous Storm spamming botnet that later re-emerged as Waledac and was later silenced in a high-profile takedown led by Microsoft? It’s baaaack — and this time it’s performing more malicious activity than sending annoying spam messages. Researchers at Palo Alto Networks say earlier this month they discovered a new, more nasty variant of [...]

It has been ten years since Bill Gates famously emailed all Microsoft’s employees declaring that data protection and system security should be the company’s top priorities. Uli Ries describes the subsequent progress Microsoft has achieved in making its software more secure. The first result of Gates’ email was the Trustworthy Computing Initiative, a place where [...]

Cryptography researchers collected millions of X.509 public key certificates that are publicly available over the web and found what they say is a shockingly high frequency of duplicate RSA-moduli keys. “We performed a sanity check of public keys collected on the web,” the researchers state in their paper, published today and titled “Ron was wrong, [...]

Website privacy policies, like end-user agreements, have become a morass of confusion that offer little in the way of clarity about what sites are and aren’t tracking. A new tool and website launched today purports to clear some of the fog around this issue. PrivacyChoice has analyzed more than a thousand of the most trafficked [...]