Security News

I have always liked this one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Samsung said today it will no longer automatically disable Windows updates on PCs and laptops it manufactures and will release a patch "within a few days."

The IETF, in RFC7568, declared SSLv3 "not sufficiently secure" and prohibited its use. SSLv3 fallbacks were to blame for the POODLE and BEAST attacks.

An engineer has come up with a new way to help combat BeEF, or browser exploit framework attacks.

NIST officially has removed the controversial and compromised Dual_EC_DRBG from its list of recommended algorithms for generating random numbers.

There are two other Snowden stories this week about GCHQ: one about its hacking practices, and the other about its propaganda and psychology research. The second is particularly disturbing: While...

Dennis Fisher and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good ones.

While the Tor anonymity network conceals (relatively successfully) a user's location and Internet activity from anyone who might want to know about it, users should be aware of the fact that it does n...

When Cisco released a patch for several of its security appliances Thursday that eliminated the presence of hard-coded SSH host and private keys, the advisory had a distinct air of familiarity...