I.e. Bruce Schneier quote: Can we patch vulnerabilities faster than attackers can exploit them? The University of maryland, College park has a website project: https://www.umiacs.umd.edu/~tdumitra/blog/2015/04/15/impact-of-shared-code-on-vulnerability-patching/ In my opinion the crux of their vulnerability survey is in this graph(also from Univ of Maryland link): The end result of this survey was that how long vulnerabilities … Read more
A new report came out https://weakdh.org/imperfect-forward-secrecy.pdf The group of researchers created a website to explain their findings: The Logjam Attack (https://weakdh.org) It looks like they also did a scan of the Internet (this is typical of security researchers using zmap.io) and found over 8.4% of Top1 million domains were at risk. This means … Read more
You know the movie which makes Phil(Bill Murray) relive the same day until he gets it right. http://www.imdb.com/title/tt0107048/ I asked Google how many days are in the movie “Groundhog Day”? 8 years, 8 months and 16 days, the director said 10 years. IT security is just like that except it should be called … Read more
Before i answer this question let me give you a screenshot of the following FBI Cyber most wanted: from www.fbi.gov/wanted/cyber Alexsey Belan: Belan allegedly stole the user data and the encrypted passwords of millions of accounts and then negotiated the sales of the databases. Two separate federal arrest warrants for Belan have been issued. One … Read more
And this issue even though being a “new news story” as of 6 hours ago from ibtimes.cp.uk http://www.ibtimes.co.uk/starbucks-customer-accounts-hacked-through-smartphone-apps-1501118 Which originally got going with Bob Sullivan’s ‘scoop’ yes there is no need to know the account number, because all that is needed is the username, which is not the account number. I have a … Read more