In-brief: Researchers at Google are warning about a previously undetected flaw in a widely used open source library could be exploited by attacks using overly long web domain names.
open source
Linux Kernel Flaw Reaches Into Internet of Things
In-brief: Software updates were released to address a serious and exploitable security flaw in the Linux kernel on Tuesday. The issue, in a feature called keyring, could impact embedded systems as well as mobile devices.
Podcast: Craig Smith of OpenGarages on Vehicle Security and GM’s Bug Bounty
In-brief: In this podcast, Paul speaks with Craig Smith of Open Garages on GM’s bounty program, the state of connected vehicle security, and what the auto industry can learn from open source.
Firm Finds Crypto Keys Recycled on Thousands of Devices
In-brief: Encryption keys used to secure data on- and communications between embedded devices are being recycled, creating a huge vulnerability that malicious hackers could exploit to snoop on sensitive communications or impersonate devices.
Android Security Undermined by OEMs
In-brief: Google’s insistence on stricter security policies with its latest release of the Android mobile operating system are being watered down by the company’s partners, who are undermining stricter OS security with weak or insecure policies and device configuration, a new report from Aalto University in Finland finds.