Wireless network technologies have opened doors to remote attacks that can harm users without them realizing it. The hardware for wireless connection of the devices are extremely complex, so it is not uncommon for failures to be found and quickly corrected by manufacturers. A Belgian security researcher details the security flaws of the Wi-Fi standard he found on routers and other devices on his blog. According to him, the bugs leave smartphones, notebooks and other devices equipped with technology susceptible to...

Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits

The release of a research paper and its aftermath has cause a stir in the linux kennel developer circles with ban being tooled as a redress action. Greg Kroah-Hartman has banned the University of Minnesota from contributing to the Linux Kernel and gone to a great deal of effort to revert and re-evaluate 190 patches that had come from the same University. Is this an overreaction or is it the one and only possible response?...

Pale Moon goes to v28.10.0

Pale Moon Browser has received updated fixes to to its last known version from May v28.9.3 (2020-05-08). Below are details of the the new update. v28.10.0 (2020-06-05) This is a development, bug fix and security update. Changes/fixes: Implemented URLSearchParams‘ sort() function Implemented ES2020 globalThis for web compatibility Improved our WebM media parser to be more tolerant to different encoding styles. Improved our MP3 media parser to be more tolerant to different encoding styles and particularly...

Android breach project

An open source research tool and application that looks into the circumstances in which Android’s permission model can be compromised to harm user privacy. Note that we are not talking of exploits here, but normal usage of Android’s APIs which can be manipulated in ways that can expose the phone user’s privacy. For example. one issue is that apps can monitor the phone’s screen state, which of course has legitimate uses. but can also be...

Firefox up paying Bug Bounty

Mozilla has updated its bug bounty policy to make it more appealing to security researchers. It has also launched a new website for security researchers, and Firefox bug bounty participants. Tom Ritter, in his inaugural post to the new  Attack & Defense blog took the opportunity to review the recent performance of the Firefox bug bounty program, which he notes began in 2004. Between 2017-2019, Mozilla paid out $965,750 to researchers across 348 bugs, making the...

App Passwords by Google

App passwords let you sign in to your Google Account from apps on devices that don’t support 2-Step Verification. Users are only required to enter App Passwords once and do not need to remember it. An App Password is a 16-digit passcode that gives a non-Google app or device permission to access a user’s Google Account. App Passwords can only be used with accounts that have 2-Step Verification turned on. To help keep your account secure, use...