by Bill Sempf
20. May 2018 08:35
Pretty big encryption news this week. A well known flaw in HTML emails that are encrypted with S/MIME or PGP was "discovered" by some researches, and given the full name, website, and logo treatment. Even the EFF chimed in and astonishingly suggested people uninstall their encryption tools. The risk was largely overblown; take a look at the #efail tag on Twitter. Here are a few links that give part of the story.
https://arstechnica.com/information-technology/2018/05/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now/
https://efail.de/
https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
Have you updated your Electron app? Hope so - there was a pretty bad code-injection flaw.
https://www.theregister.co.uk/2018/05/14/electron_xss_vulnerability_cve_2018_1000136/
Pro tip: Don't hardcode passwords into your devices. Full stop.
https://www.bleepingcomputer.com/news/security/hardcoded-password-found-in-cisco-enterprise-software-again/
A bug in cell phone tracking firm's website leaked millions of Americans' real-time locations
https://www.zdnet.com/article/cell-phone-tracking-firm-exposed-millions-of-americans-real-time-locations/
And that's the news.
S
6ed78aa8-30db-4e1a-842d-17d7d1fa183a|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
Subscribe