Tag: patching

China is altering vulnerability reports to cover up delays in disclosing serious security holes in common software.

Podcast Episode 87: Vulnerability Reports Down the Memory Hole in China and the Groups Hacking ICS

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s Security Ledger Podcast (#87) we speak with Priscilla Moriuchi of the firm Recorded Future about China’s efforts to cover up delays in publishing information on serious and exploitable software security holes. Joe Slowick of the firm Dragos Security joins us to talk about the hacking groups targeting industrial control systems and Ken Munro of the firm Pen Test Partners tells us why the UK’s new report on securing the Internet of Things isn’t worth the paper it’s written on. 

The Electronic Frontier Foundation is arguing that voice assistants should be allowed to be jailbroken, permitting security researchers to analyze their workings

EFF Seeks Right to Jailbreak Alexa, Voice Assistants

The Electronic Frontier Foundation (EFF) is asking the Library of Congress to give owners of voice assistant devices like Amazon’s Echo, Google Home and other voice assistants the right to “jailbreak” the devices: freeing them from content control features designed to prevent users from running unauthorized code on those platforms.  Spread the word!19shares0613

The insides of a Revolar device, one of three tested by DUO Security, which found wide discrepancies in the security of the personal safety wearables. (Image courtesy of DUO Security.)

Episode 81: Hacking IoT with Physics, Poor Grades for Safety Wearables and Peak Ransomware

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s podcast: researcher Kevin Fu of University of Michigan discusses his work on attacks that use physics to manipulate connected devices. Also: Mark Loveless of DUO discusses his research into how poor implementation of wireless protocols make personal security trackers a privacy risk. And have we seen peak ransomware? Adam Kujawa of the firm Malwarebytes joins us to talk about the findings of that company’s State of Malware Report. 

Intel told customers this week not to install patches it issued for the Meltdown and Spectre vulnerabilities in its processors.

Intel: Don’t Install Faulty Spectre, Meltdown Patches

In-brief: Intel has warned users not to install patches it released for the Spectre and Meltdown vulnerabilities in its processors, asking them to wait until it issues new software, which it’s working on now. Finding out your device has vulnerabilities is bad enough, but finding out the patched issued to fix them are “complete and utter garbage,” according to Linux creator Linus Torvalds, is even worse. This is what faced users of devices with Intel processors on Monday when Intel warned them not to install the patches the company already had released for the Spectre and Meltdown vulnerabilities. In a blog post, Navin Shenoy, Intel’s executive vice president and general manager of the Data Center Group, said the company had identified the root cause of a frequent-reboot problem that was affecting customers who’d installed its patches for these vulnerabilities. In the meantime, don’t install the patches nor tell customers or […]