Security Alerts & News
by Tymoteusz A. Góral

History
#1764 UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.

As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.

This was the proposed wording in the Code of Practice accompanying the legislation:

CSPs subject to a technical capacity notice must notify the Government of new products and services in advance of their launch, in order to allow consideration of whether it is necessary and proportionate to require the CSP to provide a technical capability on the new service.
Read more
#1775 New large-scale DDoS attacks follow schedule
#1774 One bit to rule a system: analyzing CVE-2016-7255 exploit in the wild
#1773 Exploit company exodus sold Firefox zero-day earlier this year
#1772 Bypassing CSP using polyglot JPEG
#1771 A beginner’s guide to beefing up your privacy and security online
#1770 New SmsSecurity variant roots phones, abuses accessibility features and TeamViewer
#1769 Google fixes 12 high-severity flaws In Chrome browser
#1768 Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1
#1767 Amazon offers DDoS protection with Shield
#1766 Fake Apple chargers fail safety tests
#1765 Analysis of multiple vulnerabilities in AirDroid
#1764 UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12