Posts

Showing posts from May, 2016

Hacker thrown in jail for reporting police system security flaws

Image
Summary:The sentence probably wasn't quite the reward he was looking for. A hacker has been awarded a suspended sentence for disclosing security vulnerabilities in a Slovenian police system. The student, 26-year-old Dejan Ornig, studied the Tetra police communication system and through his study found that the system contained security vulnerabilities due to incorrect configuration settings, among other issues. Between 2012 and 2014, Ornig, alongside colleagues, discovered that Tetra did not always encrypt communication sent through the protocol. As Tetra is used by the military, the Slovenian Intelligence and Security Service and other agencies, a lack of encryption could have serious ramifications for intelligence and the country as a whole. As noted by Security Affairs , the student then disclosed these security issues to law enforcement, but after waiting at least a year, there was no action taken to remedy the flaw...

Google IO: SoftBank, maker of AI Pepper robot, has news for developers

Image
Summary:The Japanese telecom is using its robot to make a big push into the U.S. market When Japanese mobile phone company SoftBank offered 1000 of its emotionally intelligent Pepper robots for the consumer market last summer, the entire run sold out in under a minute. At CES this year, SoftBank announced that IBM would be bringing Watson's artificial intelligence to Pepper, a bid to ready the robot for broad adoption in the home. Now SoftBank is planning to branch into the U.S. At Google IO today, the company announced that it's opening up a new developer portal and adding SDK Android Studio to enable the development of custom applications for Pepper, continuing to evolve it's capabilities ahead of its U.S. launch, which it's planning later this year. "We'll also be announcing the opening of SoftBank's U.S. office, headquartered in San Francisco, which will be driving the efforts surrounding the launch of Pepper in the U.S.,"...

Adobe readies patch for Flash Player zero-day exploit found in attacker toolkits

Image
Summary: We have a wait to become protected against the dangerous exploit, though. Adobe is furiously working on a fix to patch up a vulnerability in Adobe Flash Player which is being actively exploited by cyberattackers to deliver malware. According to a security advisory released by the software giant on Tuesday , the zero-day vulnerability, CVE-2016-4117 , is being used actively to compromise victim PCs. The critical vulnerability affects Windows, Mac, Linux and Chrome operating systems. Adobe says successful exploitation "could cause a crash and potentially allow an attacker to take control of the affected system." However, a patch to fix the problem will not be ready until May 12 as part of Adobe's monthly security update. Discovered by Genwei Jiang from cybersecurity firm FireEye, the exploit is bad news for users who insist on using the ever-vulnerable Adobe Flash Player. The software, which useful for disp...

Microsoft expands bug bounty program

Image
Summary: Researchers have a fresh target to explore for vulnerabilities with rewards reaching up to $15,000.   Microsoft has expanded its bug bounty program to include the Nano Server installation option of Windows Server 2016 Technical Preview 5. The expansion of Microsoft's bug bounty program , now includes the Nano Server -- the remotely administered, headless installation option of the server operating system. As a technical preview, the installation option is focused on acting as a host for computer and/or storage clusters and as a lightweight operating system in a virtual machine (VM) or container for cloud applications. Microsoft says that vulnerabilities found within this release must be original and able to be reproduced to be eligible for the new vulnerability disclosure program. The tech giant is particularly interested in remote code execution vulnerabilities, privilege escalation and remote unauthenticated d...