Home » Archive

Articles Archive for Year 2015

Featured, Communications | Posted 8 Nov 2015 | Comments Off on UK Encryption Backdoors Coming? | 1,528 views

If David Cameron has his way way, it will soon be illegal to offer unbreakable encryption in the UK. Under the Investigatory Powers Bill, companies will be required to provide encryption backdoors in their products. The bill is an upgrade …

Headline, Communications | Posted 28 Oct 2015 | Comments Off on Bleep User Privacy Compromised? | 1,284 views

Bleep, the private messaging app billed as no personal info required, has laid the foundation for tracking its users. The latest version in the Play store (version 1.0.753) requires Identity and Profile privileges on Android phones. When a user …

Featured, In Other News | Posted 12 Jan 2015 | Comments Off on Obama Proposes 30 Day Hack Notification | 1,967 views
Secure Data

President Obama is pushing new legislation called the Personal Data Notification and Protection Act. This law, if enacted, will standardize the consumer notification requirements in the event of data breach. Under the law, companies would be required to notify …

Defense In Depth | Posted 11 Jan 2015 | Comments Off on Microsoft Limits Advanced Notifications | 2,019 views
Microsoft Windows Logo

According to a recent blog post, Microsoft will be limiting access to its Advanced Notification Service. ANS provides customers with a heads up of the upcoming patches, which allows them to schedule changes and maintenance windows. Chris Betz wrote …

Featured, In Other News | Posted 6 Jan 2015 | Comments Off on Moonpig API Exposes Customer Info | 8,562 views

Security researcher Paul Price discovered a flaw in the API used by UK greeting card company Moonpig. Their API does not require authentication and exposes customer account details.  He notified them of his findings in August 2013. After 17 months, …

Communications | Posted 5 Jan 2015 | Comments Off on Gogo Caught Forging SSL Certificates | 1,774 views

Inflight internet connectivity provider Gogo has been caught forging SSL certificates and serving them to their customers. Flyer Adrienne Porter Felt tweeted a screenshot of the a forgery for Google. Her tweet: hey @Gogo, why are you issuing *.google.com certificates

In Other News | Posted 4 Jan 2015 | Comments Off on Clock Runs Out on Microsoft Zero Day | 2,126 views

Microsoft failed to patch a zero day exploit before the automatic 90 day clock ran out. A research submitted a privilege escalation vulnerability in Windows 8.1 to Google’s Project Zero. The bug allows a local user to trick a …