Violent clashes erupt between far-right groups and racial justice protesters in Portland and other cities The Washington Post
“HTTPS hijacking” – read more
Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.
Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw.
“This vulnerability is particularly serious because we know it is being actively exploited,” Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.
To read this article in full or to leave a comment, please click here
The maker of a widely used electronic lock has taken issue with a security company’s criticism of one of its flagship products.
IOActive, a Seattle-based security consultancy, published an advisory alleging several security flaws in electronic locks made by CyberLock, of Corvallis, Oregon.
CyberLock, which received advance notice of the problems from IOActive, contends it wasn’t given enough time or information prior to IOActive’s warning. Mike Davis, the IOActive researcher who found the problems, published two letters said to have been sent by CyberLock’s lawyers to IOActive.
To read this article in full or to leave a comment, please click here
A Chinese Internet administrator blasted Google on Thursday, after the U.S. search giant decided to stop recognizing digital certificates issued by the group following a security lapse.
“The decision that Google has made is unacceptable and unintelligible,” China’s Internet Network Information Center (CNNIC) said in an online posting.
Google’s decision means that its Chrome browser could end up clashing with sites served by the Chinese Internet agency.
On Wednesday, Google explained the move in an update to an earlier blog posting. The company is still concerned by the way CNNIC issued a certificate to an IT company based in Egypt that misused it in a botched security test.
To read this article in full or to leave a comment, please click here