Android 5.0 Lollipop - Security!

Google has finally released the much awaited (at least by myself) Android L. Lets dive into the new security features, which seem very promising. A true attempt at better managing security with usability.


Arachni - Web Application Security Scanner Framework

A new tool (version-1) is out, for web application scanning. They have a commercial and a free version.


When technology meets laws dated back to '80s

Uber is on the brink of getting kicked out of India. The reason, it cannot adhere to the Regulatory Bank's (RBI) laws:

  1. enforce strong authentication using SMS
  2. Two citizens cannot conduct transactions in foreign currency, unless one holds an RBI-issued forex brokerage license.


Data Breaches Visualized

A visual representation of the data breaches.

POODLE Vulnerability

Update 14-Dec-14:
Poodle vulnerability is back. It has been discovered that this same vulnerability applies to a certain versions of TLS as well.

Update 15-Oct-14:
As if the system admins weren't already sick and tired of patching (Heartbleed and then Shellshock), here comes another vulnerability.

It is now a trend to give your discovered vulnerability a fancy name, and so Google (the discoverer) calls it POODLE, which stands for: Padding Oracle On Downgraded Legacy Encryption.

And no, this isn't even half as bad as Heartbleed or Shellshock:
  1. The vulnerability is present in SSL v3 and earlier.
  2. This vulnerability does not put the servers at a risk, but the clients.
  3. This vulnerability's prerequisite is for the attacker to have network level access to the victim. So, either a MITM, sniffing wifi connections, or being NSA with hooks in the data-centers
Troy Hunt explains it here. Errata explains the risk and myths. Another simple article for dummies.


Hacktivists release a Linux Distribution

Not yet confirmed if it will be a pen-testing compilation or for anonymity. Details here.