Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels.
While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met.
It seems like the browser’s InPrivate browsing feature may not be as ‘private’ as we’re lead to believe. Researcher Ashish Singh discovered that users' full browsing history was being stored on their hard drives, noting that “even the private browsing isn’t as private as it seems” in his report, published on Forensic Focus. He added that "websites visited in private mode are also stored in the browser’s WebCache file.”
Following Google's monthly fixes for its own Nexus devices in early January, Samsung has now disclosed details of the bugs it will be patching to remedy vulnerabilities in its flagship hardware. The update contains a blend of bugs in Google's update and others that Samsung has addressed independently.
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.
It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.
FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem.
Symantec has found an Android ransomware variant (Android.Lockdroid.E) that uses new tactics, involving a fake package installation, to trick users into giving the malware device administrator rights. As well as encrypting files found on the compromised device, if administrator rights are obtained, the malware can lock the device, change the device PIN, and even delete all user data through a factory reset.