Free Republic

Millions of routers and other embedded devices are affected by a serious vulnerability that could allow hackers to compromise them. The vulnerability is located in a service called NetUSB, which lets devices connected over USB to a computer be shared with other machines on a local network or the Internet via IP (Internet Protocol). The shared devices can be printers, webcams, thumb drives, external hard disks and more. NetUSB is implemented in Linux-based embedded systems, such as routers, as a kernel driver. The driver is developed by Taiwan-based KCodes Technology. Once enabled, it opens a server that listens on TCP...

... Adblock Plus already has a Firefox for Android add-on, though it requires installing two apps and setting them up. The company also has an Android app that blocks in-app ads, but it only works on Wi-Fi connections and has to be sideloaded and hooked up to a proxy. In other words, Adblock Plus isn’t easy to use on mobile. Adblock Browser is supposed to change that. “This is the first time we’ve really gone with a solution that is completely ours,” communications manager Ben Williams told VentureBeat. Adblock Browser wasn’t exactly written from the ground up. The team used...

... Researchers have discovered a new security flaw that could affect tens of thousands of HTTPS websites, mail servers and other services by allowing attackers to downgrade the Transport Layer Security (TLS) connections to 512-bit export-grade cryptography to crack that connection and read any data being transmitted. Dubbed LogJam, researchers from Microsoft, John Hopkins University, University of Michigan, University of Pennsylvania and the Inria Nancy-Grand Est research in France, discovered the flaw some months ago, and have subsequently informed browser makers about the issue, who are currently patching. The research team has published a technical paper (pdf) and built a...

WASHINGTON — President Obama called out climate change deniers in Congress for being weak on defense, saying it would be "dereliction of duty" for the United States to ignore the national security implications of rising global temperatures. Obama's convocation speech at the U.S. Coast Guard Academy Wednesday was his most forceful argument yet that climate change ranks alongside terrorism as a grave threat to America's future. "I know there are some folks back in Washington who refuse to admit that climate change is real," he told graduating cadets in New London, Conn. "Denying it or refusing to deal with it...

FBI Director James B. Comey has expressed concern that the growing use of encrypted technologies is hindering the ability of law enforcement agencies to do their jobs. (Andrew Harnik/AP) May 19 at 8:34 AM Tech behemoths including Apple and Google and leading cryptologists are urging President Obama to reject any government proposal that alters the security of smartphones and other communications devices so that law enforcement can view decrypted data. In a letter to be sent Tuesday and obtained by The Washington Post, a coalition of tech firms, security experts and others appeal to the White House to protect privacy...

EXCLUSIVE: Hillary hides from reporters with SECOND secret party of the day as her security forces race across Iowa at 95 MPH to dodge pursuing journalists For reporters trying to cover the opening months of Hillary Rodham Clinton's second presidential campaign, Waterloo, Iowa might be her Waterloo. On Monday night the Clinton camp held a private campaign party at the home of a wealthy pharmacist in the central Iowa town – a longtime Democratic Party figure – and Daily Mail Online was the only media outlet to make it to the address. Other press outlets can't be faulted, however: Clinton's...

Google slow to respond. A Polish security firm has discovered more vulnerabilities in the Java coding platform used on Google's App Engine (GAE) cloud computing service, which could allow users to get access beyond their own virtual machines. The Security Explorations team, which has made a name for itself by unearthing large numbers of security holes in Oracle's Java framework over the past few years, said it had reported seven vulnerabilities to Google, along with proof of concept code. Three of the flaws allow complete bypass of the GAE Java security sandbox. Such a bypass could be used by attackers...

Published: May 12, 2015 Version: 1.0 On this page Executive Summaries Exploitability Index Affected Software Detection and Deployment Tools and Guidance Acknowledgments Other Information This bulletin summary lists security bulletins released for May 2015. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

With Microsoft Edge, we want to fundamentally improve security over existing browsers and enable users to confidently experience the web from Windows. We have designed Microsoft Edge to defend users from increasingly sophisticated and prevalent attacks. This post covers some of the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques developed in close partnership with Windows. Web Security Threats While the web is predominantly a safe environment, some sites are designed to steal money and personal information. Thieves by nature don’t care about rules, and will use any means to take advantage...

Researchers find more serious flaws. Lenovo has been accused of putting users at "massive security risk" through newly-discovered flaws in its online product update service which allow hackers to download malware onto user systems through a man-in-the-middle (MiTM) attack. The holes were revealed by security firm IOActive, just weeks after Lenovo was found to be shipping PCs with pre-installed ‘Superfish' adware that also left its users open to MITM attacks. In an advisory today, IOActive researchers Michael Milvich and Sofiane Talmat said they had discovered “high-severity” privilege escalation vulnerabilities in Lenovo's system update service, which enables users to download the...

'I love Apple products, I just wish they were secure' A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple's Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code to run or, depending on settings, only packages from...

The U.S. military is helping Iraqi forces pushback ISIS at a vital oil refinery. The Baiji refinery is located between Kirkuk and Mosul, and it has been the target of ISIS militants since the extremist group first made major advances last summer. Baiji is Iraq’s largest oil refinery, and as such, is strategically important to the country for revenues and for domestic fuel supplies. “It actually also sits on a corridor that runs from the Tigris River valley to the Euphrates River valley. And so it's geographically significant as well as significant economically,” the chairman of the U.S. Joint Chiefs...

Look, we all know that Master combo locks are not paragons of security. But, damn, this looks easy. In a new video, hacker Samy Kamkar demonstrates a dead simple trick that he claims can break into most Master combo locks in just a few tries. It’s so easy because Kamkar has done all the hard work for you, reverse-engineering the lock to narrow down the possible combinations to just eight. All you have to do is go to input three numbers into Kamkar’s algorithm. Here’s how you get the numbers: 1. While lifting the locked shackle, turn the knob counterclockwise...

Traveling with small children can be a stressful situation on its own, but one airline in Tel Aviv, Israel, made the predicament even worse by treating a family poorly before having them removed from the plane due to their crying child. According to Jewish News, husband and wife Ariella and Mark Aziz were scheduled to fly from Tel Aviv to Luton, England, on Dutch airline Transavia when their 19-month-old daughter began crying. The Transavia crew asked the child’s parents to position their daughter on their lap before takeoff and use the connector belt provided by the airline. The plane had...

Microsoft is making big efforts to increase the security of Windows 10 and turn the new operating system into a fully secure working environment, so several new features will be available in this regard when it comes out. In addition to Microsoft Passport and Windows Hello, both of which were announced a few months ago, Redmond will also introduce a feature called Device Guard that would give organizations full control over the apps that are allowed to be launched on a device running Windows 10. According to Microsoft, the new feature should provide advanced malware protection against new and even...

Chris Roberts, a prominent computer security expert, was aboard a United Airlines flight last week when he tweeted about a potential security flaw he found on the plane’s on-board Wi-Fi. Big mistake. Airline personnel saw the tweet and alerted authorities at Syracuse Hancock International Airport where the flight was scheduled to land. Roberts exited the plane and was quickly detained by the FBI. Roberts, the founder and chief technical officer of the Denver security firm One World Labs, said the agents questioned him, confiscated several of his electronic devices, and then let him go. “Lesson from this evening, don't mention...

snip And so it was when I drove onto the Army Reserve Center at Grand Prairie for a visit yesterday, I was met by a lone unarmed female contract security person who did not even take my ID and match it to my face. She came out of the shack and waved me right onto this military installation. Yes, the Army Reserve Center at Grand Prairie is a military installation. Not only is the Army based there but also a U.S. Marine Reserve artillery unit — and the majority of their equipment is located on this installation. But, as I...

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account. To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.

AVS WinVote machines used in three presidential elections in state ‘would get an F-minus’ in security, said computer scientist who pushed for decertification Touchscreen voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report. The AVS WinVote machines, used in three presidential elections in Virginia, “would get an F-minus” in security, according to a computer scientist at tech research group SRI International who had pushed for a formal inquiry by the state of Virginia for...

Software security group Kaspesky labs in collaboration with the Dutch police has released a tool which helps to decrypt files locked by Ransomware. Kaspersky Labs has released a decryption tool for files encrypted with CoinVault ransomware. The tool was developed by the Kaspersky lab after the The National High Tech Crime Unit (NHTCU) of the Dutch police handed over the information obtained from a database of CoinVault command-and-control server containing the decryption keys.