2014-10-29

Android 5.0 Lollipop - Security!

Google has finally released the much awaited (at least by myself) Android L. Lets dive into the new security features, which seem very promising. A true attempt at better managing security with usability.

2014-10-28

Arachni - Web Application Security Scanner Framework

A new tool (version-1) is out, for web application scanning. They have a commercial and a free version.

2014-10-16

When technology meets laws dated back to '80s

Uber is on the brink of getting kicked out of India. The reason, it cannot adhere to the Regulatory Bank's (RBI) laws:

  1. enforce strong authentication using SMS
  2. Two citizens cannot conduct transactions in foreign currency, unless one holds an RBI-issued forex brokerage license.

2014-10-15

Data Breaches Visualized

A visual representation of the data breaches.

POODLE Vulnerability

Update 14-Dec-14:
Poodle vulnerability is back. It has been discovered that this same vulnerability applies to a certain versions of TLS as well.


Update 15-Oct-14:
As if the system admins weren't already sick and tired of patching (Heartbleed and then Shellshock), here comes another vulnerability.

It is now a trend to give your discovered vulnerability a fancy name, and so Google (the discoverer) calls it POODLE, which stands for: Padding Oracle On Downgraded Legacy Encryption.

And no, this isn't even half as bad as Heartbleed or Shellshock:
  1. The vulnerability is present in SSL v3 and earlier.
  2. This vulnerability does not put the servers at a risk, but the clients.
  3. This vulnerability's prerequisite is for the attacker to have network level access to the victim. So, either a MITM, sniffing wifi connections, or being NSA with hooks in the data-centers
Troy Hunt explains it here. Errata explains the risk and myths. Another simple article for dummies.

2014-10-13

Hacktivists release a Linux Distribution

Not yet confirmed if it will be a pen-testing compilation or for anonymity. Details here.

2014-10-03