Security News
If you're an OpenSSL user, you're probably aware of the most recent high-profile bugfix release, which came out back in March 2022. Given the important "Teachable moments" revealed by this bug, we covered it in detail not only on Naked Security, where we explained how to write a better style of code, but also on Sophos News, where SophosLabs showed the gory details of how a booby-trapped certificate could trigger the flaw, and how to debug the code to understand the bug.
GO SMS Pro, an Android instant messaging app with more than 100 million installs, is still exposing the privately shared messages of millions of users even though the developer has been working on a fix for the flaw behind the data leak for almost two weeks. Private files sent by users to contacts who don't have GO SMS Pro installed can be accessed from the app's servers via a shortened URL which redirects to a content delivery network server used to store all shared messages.
Test IO released a new product to help software teams verify that bugs are fixed in real-world conditions before software is released. Bug Fix Confirmation leverages test IO’s network of software...
Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only...
A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources.
