’s Friday Security Roundup – June 26th, 2015


  Happy birthday Maurice Wilkes! In this weeks’ Friday Security Roundup, we follow our nascent tradition of saluting figures who may be forgotten but who made our world what it is today. Wilkes, for instance, was the postwar computer scientist who developed the first usable stored program computer, invented macros and subroutines, and with his Titan computer […]

Read More’s Friday Security Roundup – June 19, 2015’s Friday Security Roundup – June 19, 2015 Happy birthday to Blaise Pascal and the FCC! This week’s Security Roundup tips its hat to the French mathematics pioneer and inventor who helped define what would later evolve into the scientific method, developed an early mechanical calculator and (as a side project) invented roulette. Today’s Federal Communications […]

Read More’s Friday Security Roundup – June 12, 2015


   Hard to believe that today marks 19 years since the Communications Decency Act of 1996 was successfully challenged in Federal court. The CDA, as the grayer ponytails among us will remember, was a poorly-crafted bundle of legislation intended to save Americans from various unspeakable horrors made available by the shiny new Information Superhighway. The decision we […]

Read More

Instagram Forgot to Renew its SSL Certificate


  From the “Don’t Let This Happen to You Department” Instagram is a large image-sharing social network that reports 70 million photo uploads a day. For around an hour back on April 30, 2015, visitors and users found, instead of sepia-tone selfies and pictures of meals, warnings from their browser that the site was not […]

Read More

Logjam SSL/TLS Vulnerability: Time to FREAK Out Again?


  Similar to FREAK, but Not as Bad? Late last month, a security vulnerability similar to FREAK was announced. Dubbed Logjam, we noted in in our weekly Security Roundup, but it didn’t get as much media attention as it’s cousin FREAK (or as good a branding campaign as Heartbleed). However, it’s still important as a reminder that cryptography does […]

Read More’s Friday Security Roundup – June 5, 2015


  In this weeks’ Friday Security Roundup, we note the second anniversary of the initial news articles based on the Edward Snowden disclosures, published in British paper the Guardian and variously met with statements from “a serious setback for Western intelligence” to “Good news! You’re not paranoid!”) It’s also the 14th anniversary of Tropical Storm Allison, which dropped some […]

Read More

NoCrack: Protect Passwords With Fake Ones?


  Security Via Sheer Annoyance? A recent whitepaper (Cracking-Resistant Password Vaults using Natural Language Encoders) is not light reading, but if you’re interested in information security, you’re going to want to check it out. It explains a new type of password manager dubbed NoCrack. They have a good write-up about it over at IT World, […]

Read More

VENOM Floppy Drive Vulnerability is Serious


  Heartbleed, Eat Your Heart Out! According to an article in El Reg last month, Jason Geffner, a senior security researcher with security firm CrowdStrike, discovered a vulnerability in virtual machines and has dubbed it VENOM, which stands for Virtualized Environment Neglected Operations Manipulation. What Is VENOM, Exactly? As mentioned, VENOM stands for “Virtualized Environment Neglected Operations […]

Read More’s Friday Security Roundup – May 29, 2015


    Happy birthday Peter Higgs and the Rite of Spring! This weeks’ Friday Security Roundup salutes the theoretical physicist who won the Nobel prize for working out a well-regarded mechanism for how the universe works (and lent his name to “the most sought-after particle in modern physics”) and also Igor Stravinsky’s ballet, which famously caused quite the […]

Read More

OSGP: Foolish Crypto on the Smart Grid


  Open Smart Grid Protocol + > 4m smart devices worldwide = Foolish Before you get riled up, understand that we love the idea of a Smart Grid and securing America’s electrical infrastructure. (For example, we love the news that Tesla is building a new household battery system that could eventually help utility companies better manage power loads.) With that […]

Read More